Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the amendment filed on 02/20/2026.
Claims 1, 7, 9 and 17 have been amended. Claims 13 and 21-29 are canceled. Claims 1-12 and 14-20 are pending.
Response to Arguments
Applicant's arguments filed 02/20/2026 have been fully considered but they are not persuasive. The applicant argued (see Remarks page 4) that “Aument is cited to teach generation of meta data or code from a captured image on the user device … Aument does not teach generating metadata based on structural features within an image; it is about preventing replay attacks via contextual metadata” is acknowledged but respectfully disagreed. Aument discloses generating metadata based on structural feature within an image. While Aument indeed addresses anti-spoofing through contextual metadata, its disclosure nevertheless teaches generating metadata derived from image data and associated properties. Aument discloses techniques such as capturing images, extracting metadata, and using that metadata for verification are not limited to contextual features. The metadata fields disclosed (e.g., resolution, orientation) are themselves derived from structural characteristics of the captured images. (see Aument col. 3, lines 2-30, col 4, lines 21-56, col 8, line 57- col. 9, line 3, col. 13, lines 10-43). Furthermore, the generation of metadata from image properties is a general technique applicable to a variety of verification tasks, including those described in Hastings and Campbell. The fact that Aument applies the technique to anti-spoofing does not limit its applicability to identity verification; the relevant teaching is the method of metadata generation and use, which is adaptable for other purposes. Thus, contrary to Applicant’s assertion, Aument teaches generating and using metadata that arise from structural/content features of the images (depth-of-field, facial-feature parameters, object presence/position, resolution), not solely file-level contextual properties.
With respect to applicant’s argument that Aument’s purpose is “unrelated” overlooks that both Aument and the claimed invention operate within the same technical domain of digital image capture and verification. While Aument’s primary goal is liveness detection, it teaches methods of metadata generation and comparison that are directly applicable to identity verification systems such as those in Hastings and Campbell (see Aument col. 5, lines 22-33, col. 8, lines 17-40, col. 12, line 26-col. 13, line 43). A person ordinary skill in the art, familiar with the need for robust verification, would recognize that anti-spoofing techniques improve the reliability of identity verification by ensuring the captured image is genuine. Under KSR v. Teleflex, it is not necessary that references address the identical problem; it is sufficient that their teachings are reasonably pertinent to the problem faced. A POSITA could be motivated to combine Aument’s metadata generation and verification techniques with Hastings and Campbell’s identity representation methods to enhance accuracy and prevent fraudulent submissions. This motivation arises from the general goal in the art of improving verification systems, not from hindsight based on the Applicant’s disclosure. Aument expressly discloses generation and use of metadata derived from image content and structural features (depth-of-field analysis, facial-feature extraction and comparison, object presence/motion, image resolution), not merely file-level timestamps or GPS alone. Aument also contemplates storing reference characteristics and using those characteristics to authorize transactions, thus teaching the very type of image-based feature extraction and compact representation that a person ordinary skill in the art would apply in identity verification systems. Therefore, combining Aument’s metadata extraction and liveness-check teachings with Hastings and Campbell’s identity-representation techniques yields predictable improvements in reliability, and the proposed combination is not based on impermissible hindsight.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-12 and 14-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 9 and 17 recite “wherein the person is authenticated as the authorized person if both the first authentication process and the second authentication process successfully authenticate the person, wherein both the first and second authentication techniques utilize contactless authentication techniques,” and later “wherein the person is deemed authenticated if the received meta data from the user device corresponds substantially to the stored meta data or if the received code substantially corresponds to the stored code” which make the scope of the claim unclear. It is unclear if a person is authenticated as authorized person based on both first and second authentication or if received metadata or code corresponds to stored metadata or code. This creates ambiguity: must both the first and second authentication processes succeed, or is authentication satisfied by either metadata or code correspondence?
Second, the limitation “capturing, by the camera, an image of at least a portion of the person to be authenticated… the captured image to identify one or more structural features located with the captured image” lacks clarity regarding the analysis objective. Specifically, it is unclear whether the captured image is analyzed to identify structural features unique to a specific person or merely to detect generic structural features.
Third, the limitation “determining, by the authentication server, that the person is the authorized person when both the first authentication process is successful” the term “both the first authentication process” is inconsistent. The phrasing “both the first authentication process” is grammatically problematic, as only one “first” process exists alongside a “second” process. More significantly, the claim contains conflicting authentication thresholds: line 8 requires that “both the first and the second authentication process successfully authenticate the person,” while later language states “determining, by the authentication server, the person is the authorized person when both the first authentication process is successful and at least one of the following.” This inconsistency creates ambiguity regarding the precise point at which a person achieves authorized status. The claim scope requires clarification to eliminate this ambiguity.
Dependent claims 2-8, 10-12, 14-16 and 18-20 are also rejected for failing to cure the deficiencies set forth above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hastings (US 20190188368) A1 in view of in view of Campbell et al. (US 20200051349 A1) in view of Aument et al. (US 10579783).
Regarding claim 1, Hastings discloses A multi step authentication method for authenticating a person as an authorized person, the multi step authentication method being executed by a multi step authentication system (Hastings, Fig. 3A #300) including an authentication server (Hastings, Fig. 3A #306), a user device (Hastings, Fig. 3A #302), the method comprising the steps of:
executing a first authentication process, wherein the first authentication process comprises performing a first authentication technique; (Hastings, Fig. 6 #602-606)
executing a second authentication process, wherein the second authentication process comprises performing a second authentication technique, (Hastings, Fig. 6 #608-616)
wherein the first authentication technique and second authentication technique are disparate; (Hastings, [0030] “In some embodiments, the user authentication request may be initiated as result of an affirmative response by the first computing device to a first factor authentication, for example, the end user successfully providing proper login credentials to the first computing device.”; [0072] “In the context of the present example, a multi-factor authentication process can include the step of initiating the multi-factor authentication process as shown at step 602, processing and determining whether a first factor authentication process is successful at the first computing device, as shown at step 604, and triggering a second factor authentication process by initiating a proximity based user authentication process as shown at step 608.”)
wherein both the first and second authentication techniques utilize contactless authentication techniques; (Hastings, [0019] “Systems and methods are described for a passive wireless multi-factor authentication approach.” Note: Hastings discloses authentication based on location and proximity of user devices in relation to a first device without the user interacting with each device, i.e. passively. This falls under the BRI of “contactless”)
wherein both the first and second authentication process is performed by the authentication server (Hastings, Fig. 6 #616, [0072]; Note: As shown in fig. 6, block 616 both factors are successful.)
Hastings does not explicitly disclose, however, Campbell in analogous art discloses
transmitting, by an authentication server, an activation signal to a camera to a user device to activate [[the camera integral to the user device]] if the first authentication process results in a successful authentication of the person; (Campbell, [0080] “If additional security restrictions are determined as being necessary, then the image capture device 128 can be dual-purposed to capture biometric information of the user 102 (e.g., capture images of the user's face for facial recognition) or the like. Accordingly, a single piece of hardware deployed in the facility can provide multiple purposes or uses in connection with maintaining the security of the facility.”)
capturing, by the camera, an image of at least a portion of the person to be authenticated; (Campbell, [0055] “For instance, embodiments of the present disclosure propose the ability to monitor a user 102 passively with one or more beacon(s) 120, other sensor(s) 124, and/or image capture device(s) 128.”, (Campbell, [0055] “For instance, embodiments of the present disclosure propose the ability to monitor a user 102 passively with one or more beacon(s) 120, other sensor(s) 124, and/or image capture device(s) 128.”)
at the authentication server, comparing the captured image to identify a person within the captured image, wherein the person are identified by applying an object recognition technique, (Campbell, [0055] “In some embodiments, these passive monitoring devices 120, 124, 128 may communicate with a pace/path authentication system 132 that performs the identification and/or authentication of the user 102 based on the inputs received from devices 120, 124, 128.”)
determining, by the authentication server, if the identified person within the image substantially matches an approved person, and; (Campbell, [0088] “Based on the comparison of the sensor data to the models, the entity performing the comparison (e.g., the pace/path authentication system 132) determines whether the current user activity falls within a definition of one or more models (step 512). In some embodiments, the sensor data associated with the user or group of users may be compared to normal and/or abnormal models to determine whether the current activity corresponds to a normal or expected activity (step 516).”) the person is determined as an authorized person if the identified person within the image substantially matches the approved person. (Campbell, [0088] “For instance, if the comparison of the sensor data is being made against models of normal or expected user behavior and the sensor data is determined to satisfy or fall within that model, then the user may be considered to be exhibiting normal or expected pace/path activity.”)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hastings to incorporate the teachings of Campbell to include the above limitations. One ordinary skill in the art would be would be motivated to provide additional layers of security, and to create a more user-friendly system. (Campbell, [0004])
While Hastings in view of Campbell discloses generating a code (OTP-like) from image or device data and transmitting that code to a server, and comparing it to stored reference data for authentication. Both references do not explicitly disclose, however, Aument discloses activate the camera integral to the user device in response to the first authentication process resulting in a successful authentication of the person; (Figs 2, device 102, element 114 device include one or more cameras, col 7, line 59-col 8, line 16, capture one or images for verification; col. 10, lines 53-57, user inputting password); the user device processing the captured image to identify one or more structural features located within the captured image and generate meta data or a code, wherein the meta data or the code are generated based on the identified one or more structural features within the captured image; (col 14, lines 13-53, camera application 120 … may, when enabled, display … capturing an image… and/or generate metadata associated with the captured images, col 15, line 15-col 16, line 37, discloses the device capturing and sending image + metadata to remote system) transmitting the meta data or the code to the authentication server (col. 5, lines 22-33, col. 8, lines 17-40, col. 12, line 26-col. 13, line 43, col . 17 lines 32-col 18, line 56, camera application o the user device capturing image and generating metadata for captured images, focuses on device side image capture, metadata generation, and server-side comparison of images/metadata for authentication, col 20, lines 21-66, receiving from the device metadata utilizing the networks and network interfaces …utilized to very identity authentication)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hastings and Campbell to incorporate the teachings of Aument to include the above limitations. One ordinary skill in the art would be motivated to prevent or minimize fraud by providing a system to verify the integrity and source of an image used for authentication (Aument, col 1, lines 6-14)
Regarding claim 2, Hastings in view of Campbell in view of Aument A multi step authentication method in accordance with claim 1, wherein the first authentication technique comprises a proximity based identification technique, (Hastings, [0041] “As shown in FIG. 1A, a first computing device 102, which may also be referred to interchangeably as a primary device, may have a multi-factor authentication agent 104 (e.g., a standalone agent or an agent that is part of an endpoint protection suite) running therein to enable authentication of a user attempting to access (e.g., login to) first computing device 102 based on the proximity of a second computing device 112 to first computing device 102. Multi-factor authentication agent 104 may use any or a combination of a knowledge factor, a possession factor and an inherence factor to authenticate a user on first computing device.”)
Regarding claim 3, Hastings in view of Campbell in view of Aument disclose A multi step authentication method in accordance with claim 1, wherein the method comprises an additional step of executing a third authentication process, the third authentication process comprises a third authentication technique, wherein the third authentication technique comprises a location identification technique, and; (Campbell, [0066] “A location sensors may be configured to determine a geographical location and/or position of the portable device 108. In one embodiment, this location may be based on Global Positioning System (GPS) data provided by a GPS module of the portable device 108.”; [0074] “In some embodiments, the pace/path analysis instructions 320 may be capable of determining a current location of a user 102 within a facility, a number of steps taken by a user 102 within a particular zone of a facility, a number of steps taken between adjacent or non-adjacent zones of a facility, an amount of time a user 102 has been within a zone of a facility, an amount of time taken to travel between zones of a facility, a path travelled within a facility, etc.”; [0082])
Regarding claim 4, Hastings in view of Campbell in view of Aument disclose A multi step authentication method in accordance with claim 1, wherein the first authentication process comprises the additional steps of:
wirelessly interacting with at least one transceiver device (Hastings, [0025] “wireless access points”) via a user device associated with the person.(Hastings, [0025] “second computing device”),
receiving a verification signal from the at least one transceiver device at the user device, wherein the verification signal confirming the user device has successfully interacted with the at least one transceiver device, (Hastings, [0025] “The authentication device can send a distance measuring signal to the second computing device, directed through one or more access points associated with the network device providing network connectivity to the first computing device. The distance-measuring signal can be a ping command or a specific message containing some details of the user authentication request. The second computer can acknowledge the distance measuring signal and route the acknowledgement message through one or more access points to the authentication device.”)
calculating proximity of the user device to the at least one transceiver device at the user device, (Hastings, [0025] “The time taken by the distance measuring signal to reach the second computing device from via the one or more access points and/or the time taken to receive the acknowledgement message in response to the distance measuring signal can be used to determine the distance of the second computing device from one or more wireless access points.”)
determining the user device as successfully authenticated if the user device is within a predetermined proximity of the at least one transceiver device, (Hastings, [0025] “In some embodiments, the proximity of second computing device to one or more wireless access points is determined based on time-in-flight of a distance-measuring signal sent from the authentication device to the second computing device via the wireless access points.”)
transmitting, to the authentication server, metadata related to the user if the user device is determined as authenticated. (Hastings, [0073] “…processing, at the authentication device, the user authentication request based on the proximity of the second computing device to the one or more wireless access points, as shown step 708.”)
Regarding claim 5, Hastings in view of Campbell in view of Aument disclose A multi step authentication method in accordance with claim 4, wherein the first authentication process comprises the additional steps of:
processing the received meta data that corresponds to an authenticated user, providing a confirmation signal confirming the person associated is an authorized user device. (Hastings, [0073] “the authentication device sends an affirmative response to the endpoint protection suite of the first computing device if the proximity of the second computing device to the one or more wireless access points is within a preconfigured radius.”)
Regarding claim 6, Hastings in view of Campbell in view of Aument disclose A multi step authentication method in accordance with claim 5, wherein the transceiver device comprises at least one of:
a WiFi module, a Bluetooth transceiver or an NFC receiver, (Hastings, [0043] “As those skilled in the art will appreciate, in existing systems, the proximity of two devices may be determined using wireless technology for exchanging data over short distances, like Bluetooth, ZigBee, Near Field Communication (NFC) and the like. To enable a proximity based authentication mechanism through such techniques, however, hardware modifications may be required. Embodiments of the present invention enable proximity-based authentication without requiring such expensive changes to hardware.”)
wherein the transceiver is positioned at a predetermined location. (Hastings, [0024] “If the authentication server determines that the mobile device is within a preconfigured radius of the one or more wireless access points, the authentication server can send an affirmative response to the endpoint protection suite which in turn can approve the user authentication request.”)
Regarding claim 7, Hastings in view of Campbell in view of Aument disclose A multi step authentication method in accordance with claim 1, wherein the second authentication process comprises the additional steps of: issuing, a predetermined token by an authentication party, the predetermined token including information similar to the stored meta data or code, and storing on the user device when the user device is set up for use, wherein when the user is authenticated by the user device, [[ the meta data or code corresponding to the captured image is compared]] and checked for correspondence with the token on the user device before authentication is confirmed (Campbell [0085]-[0091, token generation (OTP), para [0095-[0116], token provided to user up on request.. for authentication). Aument discloses the meta data or code corresponding to the captured image. (col . 17 lines 32-col 18, line 56, col 20, lines 21-66, receiving from the device metadata utilizing the networks and network interfaces …utilized to very identity authentication). The same motivation as claim 1 above applies.
Regarding claim 8, Hastings in view of Campbell disclose A multi step authentication method in accordance with claim 3, wherein the third authentication process comprises the additional steps of:
determining the location of the user device, wherein the user device is associated with the person or a vehicle, wherein the location of the user device is determined using a positioning system, (Campbell, [0066] “A location sensors may be configured to determine a geographical location and/or position of the portable device 108. In one embodiment, this location may be based on Global Positioning System (GPS) data provided by a GPS module of the portable device 108.”; [0074] “In some embodiments, the pace/path analysis instructions 320 may be capable of determining a current location of a user 102 within a facility, a number of steps taken by a user 102 within a particular zone of a facility, a number of steps taken between adjacent or non-adjacent zones of a facility, an amount of time a user 102 has been within a zone of a facility, an amount of time taken to travel between zones of a facility, a path travelled within a facility, etc.”)
authenticating the person as an authorized person is at a predetermined location. (Campbell, [0082] “Contrasted with the scenario of FIG. 4B, FIG. 4C shows a different scenario where the same user 102 travels an unexpected or varied path. In the depicted example, the user 102 also stops for an amount of time at rest locations 424a and 424b within zones 404e and 404i, respectively. Initially, the user 102 may traverse a first portion of path 416a when heading toward a controlled access point 412 restricting access to zone 404f Either because the user 102 travelled an abnormal path that didn't include zone 404d or because of the user 102 stopping at location 424a, the pace/path authentication system 132 may determine that the user 102 is not inherently trusted. Based on this determination, the user 102 may be subjected to heightened authentication requirements at the first controlled access point 412. If the user 102 succeeds in moving past the first controlled access point 412, the passive analysis of the user 102 may continue along the second portion of the path 416b. Perhaps because the user 102 stopped again at location 424b, the system 132 may decide that further authentication is required at another access control point that protects zone 404j. Before the user 102 is allowed to continue to the third portion of path 416c and reach the destination 420, the user 102 may again have to perform some level of identity verification with the controlled access point 412. Had the user 102 not stopped at location 424b (or otherwise acted abnormally in zone 404i), the user 102 may have been allowed to freely pass to zone 404j, for example.”). The same motivation as claim 1 above applies.
Claim(s) 9-12, 14, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over of Campbell et al. (US 20200051349 A1) in view of Hastings (US 20190188368) A1 in view of in view in view of Aument et al. (US 10579783).
Regarding claim 9, Campbell discloses A multi step authentication method to authenticate a person, the multi step authentication method comprising the steps of:
determining, at a user device, a location of the user device associated with the person, wherein the location of the user device is determined at the user device using a positioning system; (Campbell, [0066] “A location sensors may be configured to determine a geographical location and/or position of the portable device 108. In one embodiment, this location may be based on Global Positioning System (GPS) data provided by a GPS module of the portable device 108.”)
transmitting, by the user device, the location of the user device to an authentication server; (Campbell, [0060] “As can be appreciated, the portable device 108 may also provide one or more mechanisms for passively detecting pace and/or path travelled by a user, a number of steps taken by a user within a predetermined time, a number of steps taken by a user within a particular area, an amount of time that a user 102 carrying the device 108 has been at a particular location, and so on. Said another way, one or more sensors or input devices 220 of the device 108 can be used to help gather pace/path information about a user. Alternatively or additionally, the portable device 108 may receive information about a user 102 from a wearable device worn by the user 102. For instance, the user 102 may have a wearable device that counts a number of steps taken by the user 102 and that wearable device may communication the step count information to the portable device 108 where it is stored and/or communicated to the pace/path authentication system 132 via the communication network 104.”; [0065] “The portable device 108 may include a communications module 216 that is configured to communicate with one or more different systems or devices either remotely or locally to the portable device 108. Thus, the communications module 216 can send or receive messages to or from reading devices 112, wearable devices, the behavior (path and/or pace) authentication system 132, access control systems, or other systems and/or devices. In some embodiments, the communicated information may be provided to, or exchanged with, other components within the portable device 108.”)
processing, at the authentication server, the received location and determining the if the user device is at a predetermined location or within vicinity of a predetermined location; (Campbell, Fig. 3 #132/320, [0074] “In some embodiments, the pace/path analysis instructions 320 may be capable of determining a current location of a user 102 within a facility, a number of steps taken by a user 102 within a particular zone of a facility, a number of steps taken between adjacent or non-adjacent zones of a facility, an amount of time a user 102 has been within a zone of a facility, an amount of time taken to travel between zones of a facility, a path travelled within a facility, etc.”)
transmitting, by the authentication server, a verification signal to the user device confirming the user device is at a predetermined location or within vicinity of a predetermined location; (Campbell, [0054] “Once the portable device 108 is authenticated, credential information associated with the portable device 108 may be validated. During this process, the reading device 112 may generate signals facilitating execution of the results of interrogating the portable device 108”; [0056] “In such an embodiment, the user 102 may be required to present their portable device 108 to the reading device 112 as well as pace/path analysis based on information passively gathered by one of the devices 120, 124, 128. In some embodiments, these access control decisions may be made at the reading device 112 or at a pace/path authentication system 132 (or at a combination of the two devices).”; [0074] “The pace/path analysis instructions 320 may be used to help determine a current pace or path of travel of a user 102 within a PACS environment or a facility having reading devices 112 deployed therein. In some embodiments, the pace/path analysis instructions 320 may be capable of determining a current location of a user 102 within a facility, a number of steps taken by a user 102 within a particular zone of a facility, a number of steps taken between adjacent or non-adjacent zones of a facility, an amount of time a user 102 has been within a zone of a facility, an amount of time taken to travel between zones of a facility, a path travelled within a facility, etc.”)
executing a first authentication process using a first authentication technique in response to receiving a verification signal, (Campbell, [0080] “In some embodiments, a user 102 exhibiting normal zone-to-zone movement between certain zones may be allowed free or minimally invasive passage between other controlled zones whereas other users 102 exhibiting abnormal zone-to-zone movement or unrecognized movement pace or path may have to endure additional or elevated access control protocols (e.g., multi-factor authentication).”)
executing a second authentication process using a second authentication technique in response to receiving a verification signal, (Campbell, [0080] “In some embodiments, a user 102 exhibiting normal zone-to-zone movement between certain zones may be allowed free or minimally invasive passage between other controlled zones whereas other users 102 exhibiting abnormal zone-to-zone movement or unrecognized movement pace or path may have to endure additional or elevated access control protocols (e.g., multi-factor authentication).”) wherein the second authentication technique comprises an image processing based identification technique; (Campbell, [0055] “In addition to validating a user 102 by analyzing the pace/path of a user based upon information from a device 108 carried by the user 102, embodiments of the present disclosure also contemplate combining this with mechanisms for identifying, authenticating, and/or verifying a user 102 by other characteristics of the user 102. For instance, embodiments of the present disclosure propose the ability to monitor a user 102 passively with one or more beacon(s) 120, other sensor(s) 124, and/or image capture device(s) 128.”; [0080] “If additional security restrictions are determined as being necessary, then the image capture device 128 can be dual-purposed to capture biometric information of the user 102 (e.g., capture images of the user's face for facial recognition) or the like.”)
Campbell fails to explicitly disclose wherein the first authentication technique comprises a proximity based identification technique; authenticating, by the authentication server, a person as an authorized person if the user device is identified at a predetermined location or in the vicinity of a predetermined location and the first authentication process and the second authentication process determines a successful authentication.
However, Hastings teaches wherein the first authentication technique comprises a proximity based identification technique; (Hastings, [0041] “As shown in FIG. 1A, a first computing device 102, which may also be referred to interchangeably as a primary device, may have a multi-factor authentication agent 104 (e.g., a standalone agent or an agent that is part of an endpoint protection suite) running therein to enable authentication of a user attempting to access (e.g., login to) first computing device 102 based on the proximity of a second computing device 112 to first computing device 102. Multi-factor authentication agent 104 may use any or a combination of a knowledge factor, a possession factor and an inherence factor to authenticate a user on first computing device.”)
authenticating, at the authentication server, the person as the authorized person when: the user device is identified at the predetermined location or in the vicinity of the predetermined location; (Hastings, Fig. 6 #616, [0072]; Note: As shown in fig. 6, there is no path to block 616 unless both factors are successful.)
Hastings is directed to systems and methods for passive wireless multi-factor authentication, particularly regarding a proximity-based authentication process. Hastings discloses using transceiver devices similar to that of the presently claimed invention to calculate a distance (or proximity) between a wireless access point and a user device.
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Campbell to incorporate the teachings of Hastings to include the above limitations. Such modification(s) would be motivated to automate multi-factor authentication such that the process does not require participation or engagement of the user. (Hastings, [0005])
While Campbell in view of Hastings discloses generating a code (OTP-like) from image or device data and transmitting that code to a server, and comparing it to stored reference data for authentication both references do not explicitly disclose, however, Aument discloses activate the camera integral to the user device (Figs 2, device 102, element 114 device include one or more cameras, col 7, line 59-col 8, line 16, capture one or images for verification); the user device processing the captured image to identify one or more structural features located within the captured image and generate meta data or a code, wherein the meta data or the code are generated based on the identified one or more structural features within the captured image; (col. 5, lines 22-33, col. 8, lines 17-40, col. 12, line 26-col. 13, line 43, col 14, lines 13-53, camera application 120 … may, when enabled, display … capturing an image… and/or generate metadata associated with the captured images, col 15, line 15-col 16, line 37, discloses the device capturing and sending image + metadata to remote system) transmitting the meta data or the code to the authentication server (col . 17 lines 32-col 18, line 56, camera application o the user device capturing image and generating metadata for captured images, focuses on device side image capture, metadata generation, and server-side comparison of images/metadata for authentication, col 20, lines 21-66, receiving from the device metadata utilizing the networks and network interfaces …utilized to very identity authentication)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hastings and Campbell to incorporate the teachings of Aument to include the above limitations. One ordinary skill in the art would be motivated to prevent or minimize fraud by providing a system to verify the integrity and source of an image used for authentication (Aument, col 1, lines 6-14)
Regarding claim 10, Campbell in view of Hastings in view of Aument disclose A multi step authentication method to authenticate a person in accordance with claim 9, wherein the positioning system is a global positioning system (GPS), and the user device continually interacts with the global positioning system to determine a location of the user device. (Campbell, [0066] “A location sensors may be configured to determine a geographical location and/or position of the portable device 108. In one embodiment, this location may be based on Global Positioning System (GPS) data provided by a GPS module of the portable device 108.”; [0074] “In some embodiments, the pace/path analysis instructions 320 may be capable of determining a current location of a user 102 within a facility, a number of steps taken by a user 102 within a particular zone of a facility, a number of steps taken between adjacent or non-adjacent zones of a facility, an amount of time a user 102 has been within a zone of a facility, an amount of time taken to travel between zones of a facility, a path travelled within a facility, etc.”; [0082])
Regarding claim 11, Campbell in view of Hastings in view of Aument disclose A multi step authentication method to authenticate a person in accordance with claim 10, wherein the first authentication process comprises the steps of:
interrogating, by the user device(Hastings, [0025] “second computing device”), a transceiver device; (Hastings, [0025] “wireless access points”)
calculating, by the user device, a proximity of the transceiver device from the user device; (Hastings, [0025] “The time taken by the distance measuring signal to reach the second computing device from via the one or more access points and/or the time taken to receive the acknowledgement message in response to the distance measuring signal can be used to determine the distance of the second computing device from one or more wireless access points.”)
the user device is deemed authenticated if the user device is calculated to be within a predefined proximity to the transceiver device; (Hastings, [0025] “In some embodiments, the proximity of second computing device to one or more wireless access points is determined based on time-in-flight of a distance-measuring signal sent from the authentication device to the second computing device via the wireless access points.”)
wherein the transceiver device comprises at least one of: a WiFi module, a Bluetooth transceiver or an NFC receiver, wherein the transceiver is positioned at a predetermined location; (Hastings, [0043] “As those skilled in the art will appreciate, in existing systems, the proximity of two devices may be determined using wireless technology for exchanging data over short distances, like Bluetooth, ZigBee, Near Field Communication (NFC) and the like. To enable a proximity based authentication mechanism through such techniques, however, hardware modifications may be required. Embodiments of the present invention enable proximity-based authentication without requiring such expensive changes to hardware.”; [0024] “If the authentication server determines that the mobile device is within a preconfigured radius of the one or more wireless access points, the authentication server can send an affirmative response to the endpoint protection suite which in turn can approve the user authentication request.”)
transmitting, by the user device, to the authentication server a code or an identity number, wherein the code or identity number is a unique code or unique identity number, and wherein the code or identity number corresponds to the person. (Hastings, [0073] “…processing, at the authentication device, the user authentication request based on the proximity of the second computing device to the one or more wireless access points, as shown step 708.”)
Regarding claim 12, Campbell in view of Hastings in view of Aument disclose A multi step authentication method to authenticate a person in accordance with any one of claim11, wherein the second authentication process comprises the steps of:
receiving, at the authentication server, the captured image; (Campbell, [0055] “…these passive monitoring devices 120, 124, 128 may communicate with a pace/path authentication system 132…”)
processing the captured image at the authentication server, wherein an object recognition technique is applied to the received captured image to identify the person; (Campbell, [0055] “In some embodiments, these passive monitoring devices 120, 124, 128 may communicate with a pace/path authentication system 132 that performs the identification and/or authentication of the user 102 based on the inputs received from devices 120, 124, 128.”)
checking, at the authentication server, if the identified person within the captured image corresponds to an authorized person stored within the authentication server or within an image database; and (Campbell, [0088] “Based on the comparison of the sensor data to the models, the entity performing the comparison (e.g., the pace/path authentication system 132) determines whether the current user activity falls within a definition of one or more models (step 512). In some embodiments, the sensor data associated with the user or group of users may be compared to normal and/or abnormal models to determine whether the current activity corresponds to a normal or expected activity (step 516).”)
the person is deemed authenticated if the identified person within the captured image corresponds to an authorized person stored within an image database. (Campbell, [0055] “As can be appreciated, a user 102 may prove their identity to the access control system 100 by a combination of information provided by their portable device 108 and information obtained by the passive monitoring devices 120, 124, 128.”). Aument discloses activate the camera integral to the user device (Figs 2, device 102, element 114 device include one or more cameras, col 7, line 59-col 8, line 16, capture one or images for verification). The same rationale as claim 9 above applies.
Regarding claim 14, Campbell in view of Hastings in view of Aument disclose A multi step authentication method to authenticate a person in accordance with claim 13, wherein the multi step authentication method comprises the additional steps of:
transmitting, by the authentication server, an activation signal to activate a fixed camera if the first authentication process is successful;
capturing, by the fixed camera, an image of an object associated with the person, (Campbell, [0080] “The zone-to-zone movement of a user 102 can be passively determined by one or more monitoring devices 120, 124, 128 deployed throughout the facility. Advantageously, one or more of these devices 120, 124, 128 may initially be used to passively detect zone-based activities or behaviors of users and, if necessary, these devices 120, 124, 128 may also be used for receiving authentication information from a user 102. As an example, an image capture device 128 can help detect a user's zone-to-zone movement to determine if additional security restrictions should be imposed on the user.”)
transmitting, by the fixed camera, the captured image to the authentication server, (Campbell, [0055] “…these passive monitoring devices 120, 124, 128 may communicate with a pace/path authentication system 132…”)
processing, by the authentication server, the captured image by applying an object recognition technique to the captured image to identify one or more structural features or alphanumeric characters located within the captured image, (Campbell, [0055] “In some embodiments, these passive monitoring devices 120, 124, 128 may communicate with a pace/path authentication system 132 that performs the identification and/or authentication of the user 102 based on the inputs received from devices 120, 124, 128.”)
comparing the identified one or more structural features or alphanumeric characters with one or more approved structural features or approved alphanumeric characters, (Campbell, [0088] “Based on the comparison of the sensor data to the models, the entity performing the comparison (e.g., the pace/path authentication system 132) determines whether the current user activity falls within a definition of one or more models (step 512). In some embodiments, the sensor data associated with the user or group of users may be compared to normal and/or abnormal models to determine whether the current activity corresponds to a normal or expected activity (step 516).”)
the person is authenticated, by the authentication server, if the identified one or more structural features or alphanumeric characters correspond to the approved structural features or approved alphanumeric characters. (Campbell, [0088] “For instance, if the comparison of the sensor data is being made against models of normal or expected user behavior and the sensor data is determined to satisfy or fall within that model, then the user may be considered to be exhibiting normal or expected pace/path activity.”)
The function of the system of claims 17-20 are drawn to the corresponding method of claims 9-11. Claims 17-20 recite limitations substantially similar in scope as claims 9-11, therefore, claims 17-20 correspond(s) to claims 9-11 and are rejected for the same reasons of obviousness as used above for claims 9-11 over Campbell in view of Hastings in view of Aumnet above. In addition, Campbell further discloses a user device, an authentication server (see Fig. 1, 108 and 132)
Claim(s) 15 is rejected under 35 U.S.C. 103 as being unpatentable over Campbell in view of Hastings as applied to claim Campbell in view of Hastings in view of Aumnet above, and further in view of Leblang et al. (US 20210092128 A1).
Regarding claim 15, Campbell in view of Hastings in view of Aumnet disclose A multi step authentication method to authenticate a person in accordance with claim 14, but fail to explicitly disclose wherein the method comprises the step of executing a enrollment process, wherein the enrollment process comprises:
capturing an image of the person, identity of the user device and authorization information; identifying image meta data related to the captured image of the person generating a code, at the authentication server, wherein the code is associated with the person and the image meta data.
However, Leblang teaches capturing an image of the person, identity of the user device and authorization information; identifying image meta data related to the captured image of the person generating a code, at the authentication server, wherein the code is associated with the person and the image meta data. (Leblang, [0053] “For example, the authenticated identity (ID) or information may be created by hashing a device ID, biometric data, voice endpoint ID, and/or a combination thereof to create a token, certificate, and/or authentication credentials.”; [0091] “The biometric data may further include voice data, fingerprint data, facial recognition, or retina data.”)
Examiner construes the creation of authentication credentials to be the enrollment process under the BRI, which is limited by the steps recited in the claim.
Leblang is directed to a multi-factor authentication process to access services in a computing service environment. The system taught by Leblang includes a user device and authentication server. Leblang teaches using various authentication techniques, including matching biometric voice data and determining that a device is within a geographical proximity to a voice capture device. This is similar to Hastings, however, while Hastings does not exclude multiple factors beyond two, Hastings also is silent regarding whether the order or sequence in which authentication processs are performed matters and seems to suggest otherwise, at least for the first two factors. Leblang explicitly states that the order of execution may differ, and that each authentication level (drawn to processs) may authenticate differing data from the first and/or second authentication level. This suggests, no particular sequence in which the data is authenticated in matters, so long as each authentication level is validated.
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cambell, Hastings and Aumnet to incorporate the teachings of Leblang to include the above limitations. Such modification(s) would be motivated to manage access to computing resources on a more granular basis to increase overall security. (Leblang, [0014])
Claim(s) 16 is rejected under 35 U.S.C. 103 as being unpatentable over Campbell in view of Hastings in view of Aumnet as applied to claim 15 above, and further in view of Soule et al. (WO 2020033354 A2).
Regarding claim 16, Campbell in view of Hastings and Aumnet disclose A multi step authentication method to authenticate a person in accordance with claim 15, but fail to explicitly disclose wherein the object associated with the person is a vehicle and the method comprises the steps of
capturing an image of the vehicle or a vehicle number plate, comparing the captured image with a stored image and if the vehicle number plate in the image corresponds to a stored vehicle or number plate
However, Soule teaches wherein the object associated with the person is a vehicle and the method comprises the steps of capturing an image of the vehicle or a vehicle number plate, comparing the captured image with a stored image and if the vehicle number plate in the image correspond to a stored vehicle or number plate, (Soule, [0096] “It is also possible for die system 100 to use a camera at the parking lot to recognize the visitor’s vehicle based on a license plate and data from a previous visit.”)
authenticating the person associated with the vehicle as an authorized person. (Soule, [0096] “Such information may be used by the system to facilitate a quick and easy entry into the venue 104.”)
Soule is directed to facilitating visitor entry into a venue using various authentication techniques including identifying visitors based on images captured of a vehicle associated with the visitor. Specifically, Soule discloses passively capturing data associated with a visitor such as images captured by a camera for object or facial recognition. Soule also discloses capturing an image of the vehicle and identifying a license plate number within the image to identify the visitor. Soule discloses such information may be used to facilitate entry to a venue.
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Campbell in view of Hastings and Aumnet to incorporate the teachings of Soule to include the above limitations. Such modification(s) would be motivated to facilitate a quick and easy entry (authorization) into a venue. (Soule, [0096])
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 10,839,066 discloses generating and storing metadata/labels from images/animations and using those labels as the basis for authentication challenges - generating an answer key from image-derived labels and comparing user responses to that key.
US 2020/0184052 discloses generating metadata from images and using that metadata to create authentication credentials e.g., passwords, keys which are then used to authenticate a user.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Shewaye Gelagay whose telephone number is (571)272-4219. The examiner can normally be reached Monday to Friday 8 A.M. - 4 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amy C. Johnson can be reached at 571-272-2238. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436