DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/14/2026, has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copy of Applicant’s IDS form 1449 filed as stated above is attached to the instant Office Action.
Status of Claims
The amendment filed 12/9/2025 has been entered. Claims 1, 17, 22 are currently amended. Claims 1-22 are pending in the application.
Response to Amendments
The objection to claims 1, 17, 22 has been withdrawn in light of applicant’s amendment to the claims. However, the amendment raises new concern. See Claim Objections below.
The rejection of claims 1-16 under 35 USC 112(b) has been withdrawn in light of applicant’s amendment to claim 1.
See Claim Rejections under 35 USC 112(a) below.
Response to Arguments
Applicant’s argument, see pages 9-17 of the Remarks filed 12/9/2025 with respect to claims rejected under 35 USC 103 over prior arts of record has been fully considered but asserted not persuasive due to following reason.
Examiner acknowledges applicant has amended independent claims 1, 17, 22 respectively, to clarify/specify, “wherein the resource is not the registered biometric device nor a resource in which the initial biometric data of the registered user is stored, and wherein the registered user does not currently have any access to the resource”, inter alia.
Applicant’s overall argument can be understood to base on applicant’s argument of Traywick’s User computing device 140 being the “resource”, instead of examiner’s interpretation that in Traywick, the user computing device may be interpreted as the registered biometric device.
The Office actions (9/23/2025) clearly interprets the User computing device 140 as the registered biometric device (page 8 of the Office action) of the claim. See Traywick, e.g., [0030] “User computing device 140 and/or user computing device 150 may be registered and associated with one or more users such that, upon login to computing device 140 and/or computing device 145, passive authentication functions (i.e., passive biometric authentication processes) may be initiated, hardware-based biometric data capture devices may be activated or enabled”. The Office action also clearly indicates the User computing device 140 is not interpreted as the “resource”, as the resource is taught by Hunt. Applicant appears to acknowledge that, see the last paragraph of page 14 of applicant’s Remarks. However, applicant make all the following argument based on assumption that Traywick’s User computing device is the “resource”. Examiner acknowledges applicant’s perspective, however respectively disagrees.
First, regarding to the “resource”. It is well known in the arts of computer/network security, especially in area of user authentication for purpose of accessing to resource, the resource is computing resource that allows user to use/operate as application or service (i.e., resource), upon user being authenticated or authorized to use the resource. This is how the resource as recited in the claim is interpreted. The resource is only accessible to user after being granted upon authentication using user’s biometric data. In Traywick, the user computing device 140 is a device that allows user to login to communicate with Passive authentication computing platform 110 to authenticate the user using the registration data which includes user’s biometric data. Again, the authentication of the user to the user computing device 140 is not to access to the “resource” yet, at least not necessarily to be interpreted as to access to the “resource”, since the login steps at 203-204 of Fig. 2A is to login to the user computing device 140, i.e., the registered biometric device as recited in the claim. An analogy to above is using a portable device like cell phone or laptop as a biometric device to communicate with an authentication server to authenticate a user upon which to allow the user to access a resource. It can be understood in this case that the portable device is not the “resource” per se. If the user computing device 140 has to be a resource, this resource is a resource that allows the user to communicate to the authentication device, i.e., passive authentication computing platform 110 before the authentication process using user biometric data. In Traywick, there is no indication or suggestion that the user computing device 140 serves as the “resource” as interpreted for one of ordinary skilled in the arts for user authentication to access the “resource”. As stated above, the user computing device 140 of Traywick is interpreted as the “registered biometric device”, and is not interpreted as the “resource”. It becomes clearer with addition of Hunt, after successful user authentication that the user is able to access the “resource”, i.e., Relying Party 14 of Hunt.
With amendment, applicant argued, “the resource is not the biometric device or any resource storing the registered user’s biometric data”, and “the registered user has absolutely no access to the resource”, see page 12 of the Remarks. Since the examiner clearly indicates that the user computing device 140 of Traywick is interpreted as the registered biometric device (i.e., not the “resource”), applicant’s amendment and argument above serves no help in distinguishing from Traywick.
Applicant’s further statement regarding the first determination and the second determination (see page 12 of the Remarks) is acknowledged, however applicant’s argument regarding Traywick’s teachings of those elements, in particular, regarding to matching of biometric data with registered biometric data relative to granting for accessing to the resource (“… then, and only then, does the computer system grant the registered user access to the resource”) is not persuasive, since the argument is still based on the assumption that in Traywick, login to the user computing device 140 is accessing to the “resource”, which the examiner disagrees.
Applicant’s further arguments, see pages 12-17 of the Remarks, are mainly based on the applicant’s argument that Traywick’s login to the user computing device 140 is access to the “resource”. Examiner asserts applicant’s argument is not persuasive in light of examiner’s explanation above.
Applicant’s further argument regarding dependent claims 2-16, 18-21 is moot since the respective independent claims are found not patentable.
For the above reasons, the claim rejections under 35 USC 103 are maintained. See the updated Claim Rejections under 35 USC 103 below for details in response to applicant’s amendment.
Applicant is encouraged to include innovative features into claims to advance the case.
Claim Objections
Claims 1, 17, 22 are objected to because of the following informalities:
Claim 1 line 22, “in response to the determination that …” may read “in response to a determination that …”. Examiner notes, examiner previously suggests applicant to add “the” before “determining”, since “the determining” is referring to “determining, by the computer system that …”, satisfying antecedent basis. In claim language, “determination” has different meaning from “determining”. “determining” is referring to the action of “determine”, whereas “determination” could mean result of “determine” or “determining”. Above concern also apply to “the determination” recited in lines 28-29.
Similarly claim 17 and claim 22.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-22 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent claims 1, 17, 22 each includes amendment, “wherein the resource is not the registered biometric device nor a resource in which the initial biometric data of the registered user is stored, and wherein the registered user does not currently have any access to the resource”. Upon review of applicant’s disclosures, examiner cannot find languages that support the claimed language above to meet the written description requirement. Regarding “resource” or “video conference” as example given in examples in applicant’s Specification, e.g., para. [29], [31], [36-[37], [56]-[57], and applicant’s original claims, there are no similar language that can be understood as “wherein the resource is not the registered biometric device nor a resource in which the initial biometric data of the registered user is stored, and wherein the registered user does not currently have any access to the resource”. Applicant is suggested to response with explanation with support to meet the written description requirement.
Claims 2-16, 18-21 depend on claim 1, 17 respectively, therefore are also rejected for the same reason set forth above.
Examiner notes, it is examiner’s understanding that applicant’s amendment above, i.e., “wherein the resource is not the registered biometric device nor a resource in which the initial biometric data of the registered user is stored, and wherein the registered user does not currently have any access to the resource” is to clarify that the registered biometric device as recited in the claim is not the resource taught by Traywick as applicant assumed what Traywick is teaching. However, as discussed in the Response to Arguments above, examiner clearly states Traywick’s user computing device 140 is interpreted as the registered biometric device of the claim, not the resource. Traywick’s user computing device 140 (i.e., the registered biometric device) is a device to allow the user to communicate with the passive authentication computing platform 110 for authentication of the user with registration data (i.e., user biometric data and identification information of the registered biometric device).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claims 1-4, 17-19, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Traywick et al (US20240244048A1, hereinafter, “Traywick”), in view of Hunt (US20200112560A1, hereinafter, “Hunt”).
Regarding claim 1, Traywick teaches:
A biometric authentication system (Traywick, discloses computing platform and method for dynamic passive authentication based on biometric data, see [Abstract]) comprising: a registered biometric device (Fig. 2A-2E User Computing Device 140); and a computer system remotely located to and in communication with the registered biometric device (Fig. 2A-2E Passive Authentication Computing Platform 110), the computer system comprising a processor and memory storing program instructions, the program instructions configured to cause the processor (Fig. 1A, Passive Authentication Computing Platform 110, User Computing Device 140, and Fig. 1B, Processor(s) and Memory(s)) to perform steps comprising:
in a registration phase: assigning, by the computer system, identification information of the registered biometric device to a registered user (e.g., [0007] registration data may be received for a plurality of users. The registration data may include biometric data of each user of the plurality of users, as well as identification of one or more user computing devices that each user is authorize to operate or access. Examiner notes, registration of user associated with (authorize to operate or access) user computing device with the Passive Authentication Computing Platform suggests assigning); and storing, on the computer system, initial biometric data of the registered user captured by the registered biometric device (Reference to Fig. 2A, and [0040] The registration data may include biometric data of each user (e.g., facial image, fingerprint, retinal scan, or the like), and [0041] At step 202, the registration data may be stored and a registration record may be generated. For instance, a database may be modified to include entries for each user for which registration data was received. Examiner notes, in this case Passive Authentication Computing Platform 110 is interpreted as the computer system);
and in an access granting phase: receiving, by the computer system, biometric device identification information from the registered biometric device in response to the registered biometric device [receiving a request] from the registered user [to access a resource] associated with the computer system, wherein the resource is not the registered biometric device nor a resource in which the initial biometric data of the registered user is stored, and wherein the registered user does not currently have any access to the resource (Reference to Fig. 2C, and [0050] At step 212, the user computing device 140 may transmit or send the first biometric data to the passive authentication computing platform 110 (i.e., the remote computer system). It is obvious to one ordinary skilled in the arts that user computing device transmit indication of login of the user is in response to user’s request to further access to resource, as further taught by Hunt below, i.e., the purpose of user authentication is to access to the resource. Also refer to Fig. 3 at 300, and [0065] The registration data may include biometric data of each user of the plurality of users... The registration data may further include identification (i.e., biometric device identification information) of one or more computing devices that each user is authorized to access. Examiner further notes, Traywick’s user computing device 140 is the registered biometric device and not the resource, therefore satisfying “the resource is not the registered biometric device nor a resource in which the initial biometric data of the registered user is stored, and wherein the registered user does not currently have any access to the resource”); (See Hunt below for teachings of receiving request and access to the resource shown in brackets above)
determining, by the computer system, that the received biometric device identification information matches the identification information of the registered biometric device assigned to the registered user; in response to the determination that the received biometric device identification information matches the identification information of the registered biometric device assigned to the registered user, instructing the registered biometric device to capture current biometric data of the registered user (Reference to Fig. 3 from step 300 to 306, e.g., [0065] At step 300, registration data for a plurality of users may be received... The registration data may further include identification of one or more computing devices that each user is authorized to access (i.e., the received identification of one or more computing devices has to match the registered identification of one or more computing devices). And [0068] At step 306, biometric data captured at a first time (i.e., current biometric data) by the activated one or more hardware-based biometric data collection devices may be received by the passive authentication computing platform 110. For instance, an image of a user captured by a web camera, a fingerprint from a keyboard, or the like, may be received by the passive authentication computing platform 110. Examiner notes, transmitting command or instruction to the user computing device suggests the passive authorization computing platform is able to detect the identification information of the user computing device, i.e., the received biometric device identification information matches the registered biometric device's identification information assigned to the registered user. Examiner further notes Traywick’s first user biometric data can be interpreted as the captured current biometric data);
determining that the captured current biometric data of the registered user matches the initial biometric data of the registered user (Reference to Fig. 2C, and [0052] At step 214, the first biometric data may be compared to the biometric data received at registration for an identified user. For instance, the first biometric data may be compared to a corresponding type of biometric data received during the registration process (e.g., fingerprint compared to fingerprint, and the like));
While Traywick teaches authentication of user using user computing device with passive authentication computing platform, but does not specifically teach granting registered user to a resource, however in the same field of endeavor Hunt teaches:
… the registered biometric device receiving a request from the registered user to access a resource associated with the computer system (Hunt, discloses methods and systems for improved user authentication and verification by way of credential-less user input, see [Abstract]. And [0016] Upon a user attempting to access and initiate a session with the relying party (i.e., a request from the registered user to access a resource) via a personal computing device, such as a PC, tablet, or even a smartphone, the relying party may communicate with the access management system indicating that an attempt has been made to access the relying party resources), and granting the registered user access to the resource only after the determination that the captured current biometric data of the registered user matches matching the initial biometric data of the registered user (Hunt, [0023, 0065] The voice recognition system is configured to not only correlate the spoken words with the displayed words to ensure a correct match (i.e., provide speech recognition functions), but further perform voice recognition by correlating the spoken words with a stored voiceprint profile of the user to ensure that an authorized user is truly the one attempting to gain access. And reference to Fig. 5, (4) Access Granted. And [0064] Upon a successful authentication, a user is able to progress on to relying party's interface and access protected resource that relying party is offering (i.e., only after the determination that the captured current biometric data of the registered user matches matching the initial biometric data of the registered user)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hunt in the dynamic passive authentication of Traywick by implementing user authentication with credential-less user input with bonded and trusted user computing device with user secrets from biometric factor. This would have been obvious because the person having ordinary skill in the art would have been motivated to provide a secure and easy-to-use authentication system that relies on a single trusted device associated with a user without requiring the typical exchange of a user-entered credential so as to grant user access to a protected resource without requiring that the user enter a username or other identifying information (Hunt, [Abstract], [0013-14]).
Regarding claim 17, claim 17 is a method claim that encompasses limitations similar to those limitations of the system claim 1. Therefore, claim 17 is rejected with the same rationale and motivation as applied against claim 1. In addition, Traywick teaches a biometric authentication method (Traywick, discloses computing platform and method for dynamic passive authentication based on biometric data, see [Abstract]).
Regarding claim 22, claim 22 is a computer-readable medium claim that encompasses limitations similar to those limitations of the system claim 1. Therefore, claim 22 is rejected with the same rationale and motivation as applied against claim 1. In addition, Traywick teaches non-transitory computer-readable medium comprising computer code which, once executed by at least one processor (Traywick, discloses computing platform and method for dynamic passive authentication based on biometric data, see [Abstract]. And [Claim 19] non-transitory computer-readable media, and Fig. 6 Processor).
Regarding claim 2, similarly claim 18, Traywick-Hunt combination teaches the system of claim 1, the method of claim 17,
Hunt further teaches: wherein the steps further comprise, in the registration phase: assigning login credentials to the registered user (Hunt, [0014] For example, upon performing certain registration steps with the authentication system, a user's device will be established and recognized by the authentication system as a bonded or trusted device that is specific to the user. The system may rely upon an existing trusted credential for a one-time secure registration process of the device in order to establish the device as a bonded or trusted device); and in the access granting phase: receiving biometric device identification information from an unregistered biometric device; requesting the registered user to supply the login credentials (Hunt, [0017] In the event that the user is not yet registered (i.e., the user and/or computing device is not recognized), the user will need to register with the access management system services (a requirement in order to access the relying party resources). In one embodiment, the user may be invited to complete registration, in which the user may be prompted to provide certain information and credentials as part of the initial registration); Same motivation as presented in claim 1, 17 would apply.
The combination of Traywick-Hunt further teaches: in response to receiving the login credentials, retrieving the initial biometric data stored on the computer system; instructing the unregistered biometric device to capture current biometric data of the registered user; granting the registered user access to the resource based on the initial biometric data stored during the registration phase matching the current biometric data of the registered user captured by the unregistered biometric device (e.g., Traywick, the teachings of limitations of claim 1 of authentication phrase as passive authentication of Traywick can be similarly applied to this situation after user logins and authentication with captured current biometric data as shown in claim 1).
Regarding claim 3, similarly claim 19, Traywick-Hunt combination teaches the system of claim 1, the method of claim 17,
Traywick further teaches: wherein the registered biometric device's identification information is one of a MAC address, a cryptographic hash, a universally unique identifier, an organizationally unique identifier, or a mobile equipment identifier (e.g., [0026] The registration data may include biometric data of each registered user …, as well as identification of one or more computing devices the user is authorized to use (e.g., based on unique identifier associated with each device)).
Regarding claim 4, Traywick-Hunt combination teaches the system of claim 1,
Traywick further teaches: wherein the computer system comprises a server (e.g., [0092] Passive authentication computing device 601 may operate in a networked environment supporting connections to one or more remote computing devices, such as computing device 641 and 651. Computing devices 641 and 651 may be personal computing devices or servers that include any or all of the elements described above relative to passive authentication computing device 601).
Claims 5-8, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt as applied above to claim 1, further in view of Burton (US20110228989A1, hereinafter, “Burton”).
Regarding claim 5, Traywick-Hunt combination teaches the system of claim 1,
The combination of Traywick-Hunt does not specifically teach, in the same field of endeavor Burton teaches:
wherein the registration phase comprises generating an authentication sequence and registering the authentication sequence with the registered user, and wherein the registered biometric device captures the registered user's current biometric data in the access granting phase according to the authentication sequence (Burton, discloses method of authentication of a user using multi-parameter biometric data, see [Abstract]. And [0016] each biometric data has an associated qualification factor and the inventive method further includes the step of using the qualification factor associated with each of the received biometric data to determine if the qualification criteria have been satisfied. In one embodiment where the biometric data must be obtained sequentially, the sequence may be pre-defined based on the qualification factor associated with each biometric data to be received).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Burton in the dynamic passive authentication of Traywick-Hunt by implementing sequence of authentication with multi-parameter biometrics. This would have been obvious because the person having ordinary skill in the art would have been motivated to obtain the biometric data sequentially as pre-defined based on qualification factor associated with each biometric data to improve the security and accuracy of the authentication process (Burton, [Abstract], [0016], [0042]).
Regarding claim 6, Traywick-Hunt combination teaches the system of claim 1,
The combination of Traywick-Hunt does not specifically teach, in the same field of endeavor Burton teaches:
wherein the registration phase comprises generating multiple authentication sequences (Burton, discloses method of authentication of a user using multi-parameter biometric data, see [Abstract]. And [0042] Alternatively, it may be necessary for the user to provide the biometric data in a pre-defined sequence. A combination of simultaneous and consecutive inputs may also be required, to improve the security of the authentication process and effectiveness of the system. To further improve the accuracy of the system, the processor may be configured to prompt the user for required biometric parameters which are randomly selected from a larger set of biometric parameters for which there is corresponding authentic biometric data. This may further reduce the likelihood of a fraudulent user being falsely authenticated as the genuine user). Examiner further notes, it is obvious to one ordinary skilled in the art that the use of sequence authentication in Burton suggests the sequence of authentication is setup in the registration phase as taught by Traywick and Hunt.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Burton in the dynamic passive authentication of Traywick-Hunt by implementing sequence of authentication with multi-parameter biometrics. This would have been obvious because the person having ordinary skill in the art would have been motivated to obtain the biometric data sequentially as pre-defined based on qualification factor associated with each biometric data to improve the security and accuracy of the authentication process (Burton, [Abstract], [0016], [0042]).
Regarding claim 7, Traywick-Hunt-Burton combination teaches the system of claim 6,
Burton further teaches: wherein the registered biometric device captures the registered user's current biometric data in the access granting phase according to an authentication sequence that is randomly selected from among the multiple authentication sequences (Burton, [0042] Alternatively, it may be necessary for the user to provide the biometric data in a pre-defined sequence. A combination of simultaneous and consecutive inputs may also be required, to improve the security of the authentication process and effectiveness of the system. To further improve the accuracy of the system, the processor may be configured to prompt the user for required biometric parameters which are randomly selected from a larger set of biometric parameters for which there is corresponding authentic biometric data. This may further reduce the likelihood of a fraudulent user being falsely authenticated as the genuine user). Same motivation as presented in claim 6 would apply.
Regarding claim 8, Traywick-Hunt-Burton combination teaches the system of claim 6,
Burton further teaches: wherein the registered biometric device captures the registered user's current biometric data in the access granting phase according to an authentication sequence that is selected from among the multiple authentication sequences according to one or more authentication sequence selection criteria (Burton, [0042] Alternatively, it may be necessary for the user to provide the biometric data in a pre-defined sequence. A combination of simultaneous and consecutive inputs may also be required, to improve the security of the authentication process and effectiveness of the system. To further improve the accuracy of the system, the processor may be configured to prompt the user for required biometric parameters which are randomly selected from a larger set of biometric parameters for which there is corresponding authentic biometric data. This may further reduce the likelihood of a fraudulent user being falsely authenticated as the genuine user). Same motivation as presented in claim 6 would apply.
Regarding claim 14, Traywick-Hunt combination teaches the system of claim 1,
The combination of Traywick-Hunt does not specifically teach, in the same field of endeavor Burton teaches:
wherein the registration phase comprises generating an authentication sequence, and wherein the authentication sequence requires capture of biometric iris data and a word or phrase that is captured with a microphone (Burton, discloses method of authentication of a user using multi-parameter biometric data, see [Abstract]. And [0013] Any combination or available biometric data may be used such as eye biometric data relating to the iris and relating to a blink rate response, for example, plus hand geometry, voice pattern or other biometric data. And [0016] In one embodiment, each biometric data has an associated qualification factor and the inventive method further includes the step of using the qualification factor associated with each of the received biometric data to determine if the qualification criteria have been satisfied. In one embodiment where the biometric data must be obtained sequentially, the sequence may be pre-defined based on the qualification factor associated with each biometric data to be received).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Burton in the dynamic passive authentication of Traywick-Hunt by implementing sequence of authentication with multi-parameter biometrics. This would have been obvious because the person having ordinary skill in the art would have been motivated to obtain the biometric data sequentially as pre-defined based on qualification factor associated with each biometric data to improve the security and accuracy of the authentication process (Burton, [Abstract], [0016], [0042]).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt-Burton as applied above to claim 8, further in view of McCarty et al (US20210110015A1-IDS, hereinafter, “McCarty”).
Regarding claim 9, Traywick-Hunt-Burton combination teaches the system of claim 8,
The combination of Traywick-Hunt-Burton does not teach the following, in the same field of endeavor McCarty teaches:
wherein the one or more authentication sequence selection criteria comprise time elapsed between a previous and current access request, available biometric devices, the resource to be accessed, or a combination thereof (McCarty, discloses methods and systems for authenticating users based on a sequence of biometric authentication challenges, see [Abstract]. And [0086] A sequence of biometric authentication challenges is identified (402). The sequence can be selected from a set of biometric authentication challenges that includes one or more facial expression challenges, one or more fingerprint challenges, and/or one or more voice challenges. For example, a specified number of biometric authentication challenges can be selected, e.g., randomly or pseudo-randomly. In another example, the same sequence can be used for a particular user each time the user is authenticated. That is, the sequences can be user-specific and remain the same over time. The user, or the authentication application, can change the sequence for the user periodically. The sequence can include all of the same type of biometric authentication challenges (e.g., all facial expression challenges) or multiple types (e.g., a facial expression challenge, a voice challenge, and a fingerprint challenge)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of McCarty in the dynamic passive authentication of Traywick-Hunt-Burton by selecting authentication sequence from set of biometric challenges. This would have been obvious because the person having ordinary skill in the art would have been motivated to authenticate users based on a sequence of biometric challenges with correct order to prevent false authentication (McCarty, [Abstract], [0002]).
Claims 10, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt as applied above to claim 1, 17 respectively, further in view of Nakamura et al (US20220121734A1, hereinafter, “Nakamura”).
Regarding claim 10, similarly claim 20, Traywick-Hunt combination teaches the system of claim 1, the method of claim 17,
While Traywick teaches wherein the registered biometric device is an image capturing device (Traywick, [0020] As discussed more fully herein, users may provide biometric data during a registration process. The biometric data may include facial images, …), but does not specifically teach the following, in the same field of endeavor Nakamura teaches:
and wherein the instructions are further configured to cause the computer system to perform a facial image updating sequence comprising: in response to detecting a registered image capturing device linked to the registered user, instructing the biometric device to capture an image of a face of the registered user; comparing the captured image of the face of the registered user with one or more previously stored images of the face of the registered user; and in response to a difference being found, replacing the one or more previously stored images with the captured image (Nakamura, discloses system and method for face authentication, see [Abstract]. And [0407] For example, when a user is newly registered or updated, the face information manager 66 copies the face feature amount data in each individual. To give another example, in order to improve the accuracy of face matching for a certain user, additional face feature amount data may be generated from data of a different face image so that a plurality of face feature amount data sets are register for the same user. In this case, the face information manager 66 copies the individual face feature amount data only for a specific user).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Nakamura in the dynamic passive authentication of Traywick-Hunt by using face image as biometric data for authentication. This would have been obvious because the person having ordinary skill in the art would have been motivated to update user face image to improve accuracy of face matching for a user (Nakamura, [Abstract], [0407]).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt- Nakamura as applied above to claim 10, further in view of Azar et al (US20130167212A1, hereinafter, “Azar”).
Regarding claim 11, Traywick-Hunt-Nakamura combination teaches the system of claim 10,
The combination of Traywick-Hunt-Nakamura does not specifically teach the following, in the same field of endeavor Azar teaches:
wherein the facial image updating sequence is triggered in response to a time period between a current login and a previous login being greater than a threshold (Azar, discloses system and method for providing secure authorization using both screen gesture and facial biometrics, see [Abstract]. And [0033] FIG. 4 is a flow chart diagram illustrating the process for populating the database together with a back timer process 400 that can be used to improve the quality of the vectors in the database. The automatic database is a process by which the system database will be created or updated while a user uses the system and enters a password, or a database match occurred after the user alert timer expired. Although a password may initially be required, an objective of the automatic database is to permit the data to be populated through actual use rather than a specific enrollment procedure, whereby a user can eventually stop using password authentication and the method of the invention can be employed to authenticate using facial biometric data. By updating the database whenever it has taken too long a period of time for the database matching, the quality of the database is improved and the amount of time for subsequent database matches decreases).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Azar in the dynamic passive authentication of Traywick-Hunt-Nakamura by updating database in user authentication with facial biometric data. This would have been obvious because the person having ordinary skill in the art would have been motivated to improve the quality of database and decrease the amount of time of subsequent database matches (Azar, [Abstract], [0033]).
Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt-Nakamura as applied above to claim 10, further in view of S et al (US20240104180A1, hereinafter, “S”).
Regarding claim 12, Traywick-Hunt-Nakamura combination teaches the system of claim 10,
The combination of Traywick-Hunt-Nakamura does not specifically teach, in the same field of endeavor S teaches:
wherein the image capturing device is a depth camera capturing 3D face scans (S, discloses user authentication based on 3D face modeling, see [Abstract] An encoder neural network can be used to generate one or more predicted three-dimensional (3D) facial modeling parameters, wherein the encoder neural network generates the one or more predicted 3D facial modeling parameters based on the plurality of images. A reference 3D facial model associated with the face and the facial expression can be obtained).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of S in the dynamic passive authentication of Traywick-Hunt-Nakamura by authenticating user with 3D modelling. This would have been obvious because the person having ordinary skill in the art would have been motivated to authenticate user with 3D facial modeling parameter with less than anticipated error (S, [Abstract]).
Regarding claim 13, Traywick-Hunt-Nakamura-S combination teaches the system of claim 12,
S further teaches: wherein the 3D face scans are captured by obtaining depth information that is converted into 3D meshes that are sent for reconstruction at the computer system (S, [0036] Performing 3D object reconstruction (e.g., to generate a 3D model of an object, such as a face model) from one or more images can be challenging. Using a face as an illustrative example of a 3D object, 3D face reconstruction can be difficult based on the need to reconstruct the face geometry (e.g., shape) and the facial expression. And [0081] In some aspects, the 3D facial model 552 generated or reconstructed based on the shape and expression coefficients 524 may also be referred to as a predicted 3D mesh, a predicted 3D face model, and/or a predicted 3D facial model. See Fig. 4, 3D Modeling System, i.e., the remote computer system). Same motivation as presented in claim 12 would apply.
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt as applied above to claim 1, further in view of Kisters (US20110247058A1, hereinafter, “Kisters”).
Regarding claim 15, Traywick-Hunt combination teaches the system of claim 1,
The combination of Traywick-Hunt does not specifically teach, in the same field of endeavor Kisters teaches:
wherein the registration phase comprises generating an authentication sequence, and wherein the authentication sequence includes a consciousness detection step (Kisters, discloses system and method for query-based personal identification for authentication checking, see [Abstract]. And [0039] In order to expand the possibilities for authentication of persons and/or in order to increase the security of such authentication, it is advantageous for a conscious behavior pattern to be recorded as a personal reference characteristic, in that a specific sequence of operational actions is captured on the detecting device. And [0060] The detecting device 2 can also have an audiovisual input/output device 13, in order to be able to detect an unconscious and/or a conscious user behavior as a personal identifier).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Kisters in the dynamic passive authentication of Traywick-Hunt by detecting conscious behavior pattern recorded as personal reference characteristics for authentication. This would have been obvious because the person having ordinary skill in the art would have been motivated to increase the security of authentication (Kisters, [Abstract], [0039]).
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt- Kisters as applied above to claim 15, further in view of Visconti (US20210369161A1, hereinafter, “Visconti”).
Regarding claim 16, Traywick-Hunt-Kisters combination teaches the system of claim 15,
The combination of Traywick-Hunt-Kisters does not specifically teach, in the similar field of endeavor Visconti teaches:
wherein the consciousness detection step comprises using an iris scanner to determine whether a light source causes a pupil to constrict (Visconti, discloses system and method for detecting and continuously monitoring Pupillary Light Reflex responses and neurological conditions to determine probability and degree of impairment to a user, see [Abstract]. And [0035] Referring to FIG. 2A, it is shown that a constriction in pupil size reaches a maximum amplitude following a brief latency period a maximum constriction time, that is the time required for a particular individual's pupil to constrict following exposure to a high intensity light stimuli when unimpaired… It is noted that latency, maximum constriction time, and dilation time for an unimpaired individual can vary from individual to individual due to age, health status, state of consciousness…).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Visconti in the dynamic passive authentication of Traywick-Hunt-Kisters by detecting consciousness of user by measuring constriction of user eye against light intensity. This would have been obvious because the person having ordinary skill in the art would have been motivated to predict a degree of impairment of the user as detection of neurological condition of a user (Visconti, [Abstract], [0009]).
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Traywick-Hunt as applied above to claim 17, further in view of Kisters (US20110247058A1, hereinafter, “Kisters”) and Visconti (US20210369161A1, hereinafter, “Visconti”).
Regarding claim 21, Traywick-Hunt combination teaches the method of claim 17,
The combination of Traywick-Hunt does not specifically teach, in the same field of endeavor Kisters teaches:
wherein the registration phase comprises generating an authentication sequence, and wherein the authentication sequence includes a consciousness detection step (Kisters, discloses system and method for query-based personal identification for authentication checking, see [Abstract]. And [0039] In order to expand the possibilities for authentication of persons and/or in order to increase the security of such authentication, it is advantageous for a conscious behavior pattern to be recorded as a personal reference characteristic, in that a specific sequence of operational actions is captured on the detecting device. And [0060] The detecting device 2 can also have an audiovisual input/output device 13, in order to be able to detect an unconscious and/or a conscious user behavior as a personal identifier).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Kisters in the dynamic passive authentication of Traywick-Hunt by detecting conscious behavior pattern recorded as personal reference characteristics for authentication. This would have been obvious because the person having ordinary skill in the art would have been motivated to increase the security of authentication (Kisters, [Abstract], [0039]).
The combination of Traywick-Hunt-Kisters does not specifically teach, in the similar field of endeavor Visconti teaches:
[consciousness detection step] comprising using an iris scanner to determine whether a light source causes a pupil to constrict (Visconti, discloses system and method for detecting and continuously monitoring Pupillary Light Reflex responses and neurological conditions to determine probability and degree of impairment to a user, see [Abstract]. And [0035] Referring to FIG. 2A, it is shown that a constriction in pupil size reaches a maximum amplitude following a brief latency period a maximum constriction time, that is the time required for a particular individual's pupil to constrict following exposure to a high intensity light stimuli when unimpaired… It is noted that latency, maximum constriction time, and dilation time for an unimpaired individual can vary from individual to individual due to age, health status, state of consciousness…).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Visconti in the dynamic passive authentication of Traywick-Hunt-Kisters by detecting consciousness of user by measuring constriction of user eye against light intensity. This would have been obvious because the person having ordinary skill in the art would have been motivated to predict a degree of impairment of the user as detection of neurological condition of a user (Visconti, [Abstract], [0009]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Szafranski et al (US20200228524A1) discloses secure authorization for access to private data in virtual reality.
Obaidi (US20180309792A1) discloses techniques that facilitate granting an access privilege to a client device based on selectively authenticating biometric data.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436