DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 06 January 2026 has been entered.
Response to Amendment
Applicant’s amendment filed 06 January 2026 amends claims 1 and 7. Claim 21 is added. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues on page 8 of the response, “As amended, claim 1 recites that the device initiates an application having functions that access a remotely hosted platform service provided by a data platform…By contrast, Freeman does not teach or suggest whether the device may invoke or access such a service.” This argument has been fully considered and is persuasive. Therefore, the previous rejection of claim 1 has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of Vagare, U.S. Publication No. 2020/0320489.
Applicant argues on page 9 of the response, “Specifically, claim 7 has also been amended to recite…For at least the reasons state above with respect to claim 1, as applied to claim 7 and the rejection thereto, claim 7 and its dependent claims are allowable over the references relied upon in the Office Action.” In response, it is generally unclear from Applicant’s remarks why Applicant believes that the amendments to claim 7 overcome the previous rejections. Applicant’s amendment simply removed “the” from 8, which did not alter the claim scope. Additionally, the Final rejection mailed 07 July 2025 (“Final”) utilized different prior art rejections from claim 1 and claim 7. Therefore, it is generally unclear how the arguments specific to claim 1 and the corresponding rejection pertain in any way to the rejection of claim 7, which was rejected utilizing completely different prior art references.
Applicant argues on page 9 of the response, “For instance, Cockerill’s enterprise policy merely describes actions to take in response to various events, not requirements that must be satisfied to access a platform service, let alone used to test the device.” This argument is not persuasive because Cockerill discloses a device risk evaluation system wherein the mobile device access an enterprise policy ([0292]: enterprise policy reads on the claimed DCP) that defines the risk levels for specific device configuration settings that include password enabled lock screens and access to usage data ([0123]). Lock screens are one example described in Cockerill that can be considered a claimed capability requirement and usage data is one example described in Cockerill that can be considered performance criteria.
Applicant argues on page 9 of the response, “The password enabled lock screens and usage data are configuration settings and behavioral indicators, respectively. Neither reflects an inherent hardware or software capability of a device, nor any performance metric that a DCP would define or certify against.” This argument is not persuasive because the lock screen setting of Cockerill would certainly be considered a “configuration setting” as claimed, and would also be reasonably considered to be a “software capability”. Additionally, data usage can reasonably be considered to be a ‘performance metric”. The claims do not define the claimed “configuration settings” and “performance criteria” in any manner that would negate such a mapping.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 21 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 21 requires a determination step that specifies whether or not a re-certification process should be initiated. The determination step utilizes updated information to the claimed device, the DCP, or to one or more device parameters in order to make this decision. However, the claims do not specify the updates required for each claimed device (i.e., “the device”, “the DCP”, or “device parameters”) to affirm that re-certification is required in the determination.
Applicant’s specification ([0039]) states that “the platform application 164 may check whether any updates (updates to the device 160, updates to the DCP 101, and/or other updates) necessitate re-certification and, if so, will download an updated DCP101 if necessary, and initiate a recertification via the certification application 162”, however, the specification does not specify what updates would be considered to actually necessitate re-certification.
Therefore, the claims fail to define the meets and bounds of the invention because the claims do not properly define when re-certification is initiated.
Examiner wishes to note that the lack of a prior art rejection for claim 21 below is not an indication of allowable subject matter within claim 21. Instead, the indefiniteness issues raised above with respect to claim 21 are such that the determination of proper claim scope and subsequent prior art search based upon that claim scope, cannot be reasonably performed.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3, 4 are rejected under 35 U.S.C. 103 as being unpatentable over Freeman, U.S. Patent No. 6,308,266, in view of Choi, U.S. Publication No. 2016/0105714, and further in view of Vagare, U.S. Publication No. 2020/0320489. Referring to claim 1, Freeman discloses a cryptographic service that allows for varied levels of cipher strength such that a user application, executing on a client, requests to use a strong cipher (Col. 5, lines 19-20) where the user application is initiated with a weak cipher (Col. 4, lines 30-48: cryptographic service 30 reads on the claimed platform service; weak cipher reads on the claimed one or more functions; user application 32 reads on the claimed application), which meets the limitation of initiate an application having one or more functions that access a [remotely hosted] platform service provided by a data platforom. The cryptographic service provider provides a token to a certificate authority that identifies the capabilities required to enable the higher cipher strength (Col. 4, lines 56-67), which meets the limitation of wherein the platform service is associated with a device certification profile (DCP) that specifies one or more requirements that a device is required to possess to access the platform service, the one or more requirements comprising one or more capability requirements [comprising a requirement that the device has, onboard, specified hardware]. The user application, executing on the client, passes a digitally signed certificate (Col. 5, lines 13-14) to the cryptographic services (Col. 5, lines 19-22), which meets the limitation of access a digitally signed device certificate associated with the DCP. The certificate was created by a certificate authority after verifying the authenticity of the client and verifying that the client is legitimately able to use the higher strength cipher (Col. 5, lines 7-9), which meets the limitation of the digitally signed device certificate having been issued during a certification process that certifies device capabilities by [determining whether or not the device has specified hardware indicated by the one or more capability requirements], the digitally signed device certificate comprising an indication that the device possess, based on the certificate process, the one or more capability requirements. The cryptographic services examine the certificate and verify that it originated from the certifying authority and has not been altered (Col. 5, lines 22-25), which meets the limitation of verify an authenticity of the digitally signed device certificate. The cryptographic service additionally examines a token included in the certificate to ensure that the token originated from the cryptographic service provider, has not been altered, and includes an identity of the certificate authority (Col. 5, lines 25-29: token was placed in the certificate by the certificate authority in response to the certificate authority determine that the device has the appropriate capabilities. Col. 5, lines 7-9), which meets the limitation of determine whether the device is certified to use the application to invoke access the [remotely hosted] platform service based on the digitally signed device certificate. The cryptographic service enables the strong cipher in response to successful validations (Col. 5, lines 30-33), which meets the limitation of enable at least one function, from among the one or more functions, that the device is permitted to access based on the determination of whether the device is certified to use the application to access the platform service, the at least one function requiring the one or more capability requirements.
Freeman does not disclose that the client is evaluated for hardware capability requirements. Choi discloses changing device encryption levels such that the encryption capabilities of the device encryption engine are evaluated prior to permitting encryption level changes ([0033]-[0034] & [0038]: encryption engine is hardware), which meets the limitation of the one or more requirements comprising one or more capability requirements comprising a requirement that the device has, onboard, specified hardware, determining whether or not the device has specified hardware indicated by the one or more capability requirements.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the cryptographic service of Freeman to evaluate the cryptographic capabilities of the client prior to updating the cipher strength in order to determine that the client supports the requested cryptographic level as suggested by Choi ([0033]).
Freeman does not disclose that the cryptographic services are remotely hosted. Vagare discloses cryptographic services that are remotely hosted by a cloud service provider ([0057]), which meets the limitation of a remotely hosted platform service provided by a data platform, invoke access to the remotely hosted platform service. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the cryptographic services of Freeman to have been remotely hosted using a cloud service provider in order to provide secure cryptographic services in a manner that is less time-consuming and more cost-effective as suggested by Vagare ([0053]).
Referring to claim 3, Freeman discloses that the client stores the certificate in local memory (Col. 5, lines 15-16), which meets the limitation of a memory that locally stores the digitally signed certificate for offline validation. Examiner notes that the “for offline validation” represents intended use. A recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim.
Referring to claim 4, Freeman discloses that the cryptographic service enables the strong cipher in response to successful validations (Col. 5, lines 30-33), which meets the limitation of permit access to the at least one function. The cryptographic service can then be utilized to perform encryption, decryption, digital signing, and verification functions using (Col. 4, lines 1-13) using the updated strength cipher (Col. 5, lines 30-33), which meets the limitation of execute the at least one function to access a corresponding feature of the platform service.
Claims 2, 6 are rejected under 35 U.S.C. 103 as being unpatentable over Freeman, U.S. Patent No. 6,308,266, in view of Choi, U.S. Publication No. 2016/0105714, in view of Vagare, U.S. Publication No. 2020/0320489, and further in view of Patel, U.S. Publication No. 2019/0392152. Referring to claim 2, Freeman discloses that the user application, executing on the client, passes a digitally signed certificate (Col. 5, lines 13-14) to the cryptographic services (Col. 5, lines 19-22) wherein the certificate includes a token that was placed in the certificate by the certificate authority in response to the certificate authority determine that the device has the appropriate capabilities (Col. 5, lines 7-9). The user application, executing on the client, passes a digitally signed certificate (Col. 5, lines 13-14) to the cryptographic services (Col. 5, lines 19-22), such that the cryptographic services examine the certificate, and included token, to verify that it originated from the certifying authority and has not been altered (Col. 5, lines 22-29), which meets the limitation of identify the digitally signed certificate based on [the identified DCP].
Freeman does not specify that client device capability determination utilized a device model. Patel discloses a device level security measure process that includes devices having security profiles that include device model numbers and encryption capabilities ([0059] & [0061]), which meets the limitation of determine a device model, identify the DCP based on the device model.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the certification and validation of the client device of client device in Freeman to have utilized the client device model information in order to provide protection from human error by providing security at the device level as suggested by Patel ([0044] & [0047]).
Referring to claim 6, Freeman discloses that the user application, executing on the client, passes a digitally signed certificate (Col. 5, lines 13-14) to the cryptographic services (Col. 5, lines 19-22) wherein the certificate includes a token that was placed in the certificate by the certificate authority in response to the certificate authority determine that the device has the appropriate capabilities (Col. 5, lines 7-9). The certificate was created by a certificate authority after verifying the authenticity of the client and verifying that the client is legitimately able to use the higher strength cipher such that the digitally signed certificate is provided to the client device for storage (Col. 5, lines 7-16), which meets the limitation of wherein the digitally signed device certificate is based on a certification of a device [model] and wherein the device receives the digitally signed device certificate based on a determination [that a model of the device matches the device model].
Freeman does not specify that client device capability determination utilized a device model. Patel discloses a device level security measure process that includes devices having security profiles that include device model numbers and encryption capabilities ([0059] & [0061]), which meets the limitation of certification of a device model, based on a determination that a model of the device matches the device model.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the certification and validation of the client device of client device in Freeman to have utilized the client device model information in order to provide protection from human error by providing security at the device level as suggested by Patel ([0044] & [0047])
Claims 5 are rejected under 35 U.S.C. 103 as being unpatentable over Freeman, U.S. Patent No. 6,308,266, in view of Choi, U.S. Publication No. 2016/0105714, in view of Vagare, U.S. Publication No. 2020/0320489, and further in view of Verma, EP 3328016. Referring to claim 5, Freeman discloses that the higher strength ciphers can include one or more higher strength ciphers (Col. 4, lines 42-43). Freeman does not disclose that the ciphers can be separately enabled based on the provided certificate.
Verma discloses enabling individual cryptographic algorithms (Page 8, third full paragraph) based upon a specific profile for a device (Page 6, last full paragraph & Page 8, first three full paragraphs: by enabling only the algorithm specific to the profile, other algorithms remain disabled), which meets the limitation of identify at least a second function, from among one or more functions, that the device is not permitted to access because the device does not have a capability required by the second function as defined in the DCP and recorded in the device certificate, and disable access to the second function.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed for the individual ciphers of Freeman to have been individually enabled in order to provide a cryptographic system that is appropriate for each individual device based upon specific capabilities as suggested by Verma (Page 6, last full paragraph & Page 8, first three full paragraphs).
Claims 7-17 are rejected under 35 U.S.C. 103 as being unpatentable over Cockerill, WO 2018/227024, in view of Broussard, WO 2007/082804, and further in view of KR 102466676 (translation does not include translated inventor name). Referring to claim 7, Cockerill discloses a device risk evaluation system wherein the mobile device access an enterprise policy ([0292]: enterprise policy reads on the claimed DCP) that defines the risk levels for specific device configuration settings that include password enabled lock screens and access to usage data ([0123]: lock screens are one example described in Cockerill that can be considered a claimed capability requirement; usage data is one example described in Cockerill that can be considered performance criteria), which meets the limitation of accessing, by the device, a device certification profile (DCP) specifying one or more requirements that a device is required to possess to access a platform service, the one or more requirements comprising one or more device capability requirements and/or one or more performance criteria. A client application on the mobile device ([0129]) accesses the configuration settings for the mobile device and determines the associated risk levels for the configuration settings such that the combined risk levels are compared to a threshold ([0126]-[0129] & [0137]: client application on mobile device performs the analysis), which meets the limitation of executing, by the device, a certificate test to determine whether the one or more requirements in the DCP are satisfied by the device. The client application on the mobile device ([0137]) determines that the mobile device is correctly configured or that the mobile device is configured above the threshold, but not fully configured, and provides this information to a service provider ([0129]), which meets the limitation of generating, by the device, an evaluation report based on a result of the certification test, the evaluation report comprising [a DCP identifier that identifies the DCP and the one or more device parameters that describe the device that was evaluated using the DCP], and transmitting, by the evaluation report to a device certification system.
Cockerill does not disclose that the information provided to the service provider includes an identifier of the policy used for the evaluation and an identification of the configuration settings used in the evaluation. Broussard discloses a security policy evaluation system wherein evaluation reports include an identifier of the security policies that were used in the evaluation (Page 18, lines 12-20) and an identification of the items in violation of the policy (Page 18, lines 1-10 & Page 20, lines 33-41), which meets the limitation of the evaluation report comprising a DCP identifier that identifies the DCP and the one or more device parameters that describe the device that was evaluated using the DCP.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the information provided by the mobile device to the service provider to have included an identifier of the policy along with an identification of the evaluated configuration settings in order to allow for the identification of solutions to bring the mobile device into compliance as suggested by Broussard (Page 18, lines 12-20).
Cockerill discloses that a client application on the mobile device ([0129]) accesses the configuration settings for the mobile device and determines the associated risk levels for the configuration settings ([0126]-[0129]) such as whether the camera was on during an untrusted state ([0296]), which meets the limitation of one or more requirements that device is required to possess, the one or more requirements comprising [one or more performance criteria], one or more requirements in the DCP are satisfied by the device by [sufficiently performs in accordance with the one or more performance criteria].
Cockerill does not disclose that the image quality of the camera is considered as part of the evaluation. KR 102466676 discloses the evaluation of an image quality collected by a biometric sensor (Page 6, last paragraph), which meets the limitation of one or more requirements that device is required to possess, the one or more requirements comprising one or more performance criteria, determining whether the one or more requirements in the DCP are satisfied by the device by determining whether or not the device sufficiently performs in accordance with the one or more performance criteria. The image quality score can be utilized in an authentication method applied to the electronic device (Page 7, first full paragraph: authentication method of the electronic device as applied to Cockerill requires the service provider of Cockerill to receive this image quality score), which meets the limitation of transmitting, by the device, the evaluation report to a device certification system, the evaluation report indicating whether or not the device possesses the one or more performance criteria.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the mobile device evaluation of Cockerill to have included camera image quality in order to ensure that the authentication rate for the captured images is sufficient as suggested by KR 102466676 (Page 12, third paragraph).
Referring to claim 8, Cockerill discloses that the service provider utilizes the received risk level information in order to generate a token that is provided to the mobile device ([0046]: third device is the service provider since paragraph [0046] explains that the third device provides the service; first device is the mobile device since paragraph [0043] explains that the first device is accessing services), which meets the limitation of receiving, by the device, a [digitally signed] device certificate from the device certification system that is to access the evaluation report and generate the [digitally signed] device certificate based on the assessment.
Cockerill does not disclose that the token is digitally signed. Cockerill does disclose the use of digitally signed certificates ([0166] & [0178]), which meets the limitation of a digitally signed device certificate. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the tokens of Cockerill to have been digitally signed in order to provide a means of verifying the source of the tokens as suggested by Cockerill ([0166] & [0178]).
Referring to claim 9, Cockerill discloses that the mobile device receives the token ([0079]) such that the token stored, in memory (Figure 11, element 208/227 & [0248]), on the mobile device can be retrieved ([0143]: token on the device is destroyed/removed), which meets the limitation of storing the [digitally signed] device certificate in a memory of the device for later retrieval.
Cockerill does not disclose that the token is digitally signed. Cockerill does disclose the use of digitally signed certificates ([0166] & [0178]), which meets the limitation of a digitally signed device certificate. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the tokens of Cockerill to have been digitally signed in order to provide a means of verifying the source of the tokens as suggested by Cockerill ([0166] & [0178]).
Referring to claim 10, Cockerill discloses that a client application on the mobile device ([0129]) accesses the configuration settings for the mobile device and determines the associated risk levels for the configuration settings ([0126]-[0129]) such as whether the camera was on during an untrusted state ([0296]), which meets the limitation of wherein the one or more requirements comprise an image capture device requirement [and a performance requirement comprises an image quality requirement], and wherein executing the test comprises testing an onboard image capture device against a benchmark metric.
Cockerill does not disclose that the image quality of the camera is considered as part of the evaluation. KR 102466676 discloses the evaluation of an image quality collected by a biometric sensor (Page 6, last paragraph), which meets the limitation of a performance requirement comprises an image quality requirement.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the mobile device evaluation of Cockerill to have included camera image quality in order to ensure that the authentication rate for the captured images is sufficient as suggested by KR 102466676 (Page 12, third paragraph).
Referring to claim 11, Cockerill does not disclose that the image quality of the camera is considered as part of the evaluation. KR 102466676 discloses the evaluation of an image quality collected by a biometric sensor such that the evaluation determines how accurately the biometric sensors senses the biometric image (Page 6, last paragraph), which meets the limitation of wherein the benchmark metric comprises a biometric matching metric to determine whether the onboard image capture device is able to generate an image quality capable of performing biometric authentication.
Referring to claim 12, Cockerill does not disclose that the image quality of the camera is considered as part of the evaluation. KR 102466676 discloses the evaluation of an image quality collected by a biometric sensor such that the evaluation determines how accurately the biometric sensors senses the biometric image (Page 6, last paragraph). Authentication rate is checked against a threshold value such that if the rate fails to reach the threshold value, image processing is performed to improve image quality and authentication rate (Page 9, last paragraph – Page 10, first paragraph & Page 12, second paragraph – third paragraph: authentication rate has a direct correspondence with quality score such that improved quality scores results in improved authenticate rates; threshold/reference value as applied to the authentication rate corresponds with the claimed maximum error rate), which meets the limitation of wherein the benchmark metric comprises a biometric matching metric to determine whether the onboard image capture device is able to perform biometric authentication with a maximum error rate.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the mobile device evaluation of Cockerill to have included camera image quality in order to ensure that the authentication rate for the captured images is sufficient as suggested by KR 102466676 (Page 12, third paragraph).
Referring to claims 13, 14, Cockerill discloses that a client application on the mobile device ([0129]) accesses the configuration settings for the mobile device and determines the associated risk levels for the configuration settings ([0126]-[0129]) such as whether Bluetooth is on/off and whether NFC is on/off ([0126] & [0296]), which meets the limitation of wherein the one or more requirements comprises a communication device requirement that requires that the device is able to particular via a specified communication protocol, and wherein the executing the test comprises testing an onboard communication device to determine whether the device is able to participate via the specified communication protocol, wherein testing the onboard communication device comprises determining whether the onboard communication device is able to communicate with a Near-Field Communication (NFC) tag.
Referring to claims 15-16, Cockerill discloses that a client application on the mobile device ([0129]) accesses the configuration settings for the mobile device and determines the associated risk levels for the configuration settings ([0126]-[0129]) such as usage parameters that include accesses or attempted access of enterprise resources ([0296]), which meets the limitation of monitoring, during the certification test, one or more performance metrics during the test, [wherein the one or more performance metrics is included in the generated evaluation report], wherein the monitoring the one or more performance metrics comprising determining a consumption of one or more computational resources during the evaluation test.
Cockerill does not disclose that the information provided to the service provider includes an identifier of the policy used for the evaluation and an identification of the configuration settings used in the evaluation. Broussard discloses a security policy evaluation system wherein evaluation reports include an identifier of the security policies that were used in the evaluation (Page 18, lines 12-20) and an identification of the items in violation of the policy (Page 18, lines 1-10 & Page 20, lines 33-41), which meets the limitation of wherein the one or more performance metrics is included in the generated evaluation report.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the information provided by the mobile device to the service provider to have included an identifier of the policy along with an identification of the evaluated configuration settings in order to allow for the identification of solutions to bring the mobile device into compliance as suggested by Broussard (Page 18, lines 12-20).
Referring to claim 17, Cockerill does not disclose that the image quality of the camera is considered as part of the evaluation. KR 102466676 discloses the evaluation of an image quality collected by a biometric sensor such that the evaluation determines how accurately the biometric sensors senses the biometric image (Page 6, last paragraph), which meets the limitation of wherein monitoring the one or more performance metrics comprising obtaining a biometric capture quality during the evaluation test.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the mobile device evaluation of Cockerill to have included camera image quality in order to ensure that the authentication rate for the captured images is sufficient as suggested by KR 102466676 (Page 12, third paragraph).
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Cockerill, WO 2018/227024, in view of Broussard, WO 2007/082804, in view of KR 102466676 (translation does not include translated inventor name), and further in view of Song, U.S. Patent No. 11,800,336. Referring to claim 18, Cockerill discloses that a client application on the mobile device ([0129]) accesses the configuration settings for the mobile device and determines the associated risk levels for the configuration settings ([0126]-[0129]). Cockerill does not specify that the configuration settings include liveness determination.
Song discloses the ability to determine whether a device supports a liveness check (Col. 15, lines 17-25), which meets the limitation of wherein monitoring the one or more performance metrics comprising determining whether there is support for liveness detection during an image capture.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the tested configuration settings of Cockerill to have included a test of whether the mobile device is capable of liveness determination in order to ensure that the device is capable of determining human involvement in communications that do not require human intervention as suggested by Song (Col. 1, lines 25-62).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437