Office Action Predictor
Last updated: April 16, 2026
Application No. 18/441,492

USER AUTHENTICATION SYSTEMS AND METHODS OF USE THEREOF

Non-Final OA §102
Filed
Feb 14, 2024
Examiner
GETACHEW, ABIY
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Validvoice, LLC
OA Round
1 (Non-Final)
86%
Grant Probability
Favorable
1-2
OA Rounds
2y 4m
To Grant
99%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allow Rate
731 granted / 851 resolved
+27.9% vs TC avg
Strong +23% interview lift
Without
With
+22.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
21 currently pending
Career history
872
Total Applications
across all art units

Statute-Specific Performance

§101
10.8%
-29.2% vs TC avg
§103
51.1%
+11.1% vs TC avg
§102
14.8%
-25.2% vs TC avg
§112
4.9%
-35.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 851 resolved cases

Office Action

§102
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-23 have been examined. Drawings The drawings filed on 02/14/2024 are acceptable for examination proceedings. Specification The specification filed on 02/14/2024 is acceptable for examination proceedings. Priority Application 18441492 filed 02/14/2024 is a Continuation in Part of 17262634 , filed 01/22/2021 ,now U.S. Patent # 11935348 17262634 is a National Stage entry of PCT/US2019/042939 , International Filing Date: 07/23/2019 PCT/US2019/042939 Claims Priority from Provisional Application 62702452 , filed 07/24/2018. Therefore, the effective filling date for the subject matter defined in the pending claims of this application is 07/24/2018. Information Disclosure Statement The information disclosure statement (IDS) submitted on 05/06/2024 and 06/27/2025. Accordingly, the information disclosure statement is being considered by the examiner. Internet Communications Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-23 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zheng et al. (US Pub. No.: US 2017/0365259 A1, hereinafter refer as to Zheng). As per claim 1, Zheng discloses process for granting or denying a user access to a system using authentication data (fig 3 illustrate a processing flow performed by the identity authentication system, for example), the process comprising the steps of: a. receiving from a device in the possession of the user a unique identifier for the system (fig. 3 furthermore para. 0057 discloses Step S101 : the requester A' completes the login by inputting the correct user ID and login password, and the request receiving module 11 receives the identity authentication request that the requester A' sends to the identity authentication system 1 through the client 2, for example), wherein the unique identifier for the system is displayed at or near an access point and the unique identifier for the system changes from time to time (figure 3 step (S101); it is implicit that the identity of the server or application to be accessed is included in the access request, for example); b. receiving from the device in the possession of the user a unique identifier associated with the user (para. 0057 discloses the requester A' completes the login by inputting the correct user ID and login password, and the request receiving module 11 receives the identity authentication request that the requester A' sends to the identity authentication system 1 through the client 2, for example); c. verifying that the user is authorized to access the system; d. transmitting a request for authentication data to the device in the possession of the user (para.0057: Step S101 : the requester A' completes the login by inputting the correct user ID and login password, and the request receiving module 11 receives the identity authentication request that the requester A' sends to the identity authentication system 1 through the client 2, and establishes the interaction between the requester A' and the identity authentication system, for example); e. receiving from the device in the possession of the user a sample of authentication data of the kind requested in the transmitted request (para.0058: Step S102: the dynamic security code generating module 13 randomly selects several characters from the preset global character codebook to constitute a dynamic security code, and transmits the dynamic security code to the client 2 of the requester A, for example); f. comparing one or more attributes of the received sample with one or more attributes of a custom authentication print for a user, wherein the custom authentication print is stored and used as a reference to authenticate the user (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example); and g. granting or denying the user access to the system based upon a correlation between the one or more attributes of the received sample and the one or more expected predicted attributes of the custom authentication print (para. 0065: Step S109: since the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester A' is the user A of the server; the requester A' is allowed to access the server as the user A to operate figure 3(S109), for example). As per claims 2-4, 6 and 10, Zheng discloses wherein the unique identifier for the system is received from a list of pre-defined access points (paras.0060-0064, Step S104 discloses the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example), and wherein the user selects a desired pre-defined access point corresponding to the unique identifier for the system from the list of pre-defined access points (fig. 3, furthermore para. 0057 discloses Step S101 : the requester A' completes the login by inputting the correct user ID and login password, and the request receiving module 11 receives the identity authentication request that the requester A' sends to the identity authentication system 1 through the client 2, for example), As per claim 5, Zheng discloses wherein the authentication data is voice data, and wherein the user is transmitted a randomly generated passcode that the user records in a speech sample, wherein the speech sample is then compared to a custom authentication print comprising data retrieved from an earlier speech sample provided by the user (para.0058, discloses Step S102: the dynamic security code generating module 13 randomly selects several characters from the preset global character codebook to constitute a dynamic security code, and transmits the dynamic security code to the client 2 of the requester A, for example), and wherein the speech sample generated on the device by the user speaking the passcode is an audio file, waveform, or mathematical representation generated based on the user's voice articulating the passcode (fig. 3 , and furthermore 0056-0065, for example). As per claims 7-9, Zheng discloses wherein the randomly generated passcode is uniquely generated as part of a verification session (para. 0047 discloses the comprehensive confidence CL of the identity in the present invention incorporates the security code content confidence average CL.sub.1 as well as the requester identity speech confidence average CL.sub.2. Thus, a system and method for double identity authentication that can not only verify the dynamic security code content, but also verify the speaker's voiceprint are provided, for example). As per claim 11, Zheng discloses the step of the mobile application running the user through a verification process after the unique biometric print for the user is built to ensure the on-boarding process was successful (para. 0006 discloses the existing biometric recognition technologies achieve recognition and authentication usually by using the template matching method in the field of pattern recognition, that is, a model reserved by a user is compared with the actual model to be authenticated, and if the similarity of the two models reaches a preset threshold, the authentication passes, otherwise the authentication fails, for example). As per claim 12, Zheng discloses wherein the system comprises a terminal, website, VPN login, or physical access control point (para. 0132 , discloses the “client” and the “server” are the user's mobile phone and the server of the mobile service provider, respectively; for the latter case, for example, the “client” is the user's mobile phone, and the “server” is the hardware and/or software installed in the user's mobile phone for implementing the identity authentication function. For example, in the case where the present invention is applied to a mobile phone to realize screen-unlock function of the mobile phone, the “client” and the “server” are different logical processing units in the same physical device (mobile phone), for example). As per claim 13, Zheng discloses wherein the unique identifier for the system is provided in a barcode, in a URL, RFID or any digital identifier or by accessing a link on a webpage (fig. 10 depicted 10 is a schematic diagram of the spatial distribution of the digital model, for example). As per claim 14, Zheng discloses wherein the custom authentication print for the user is created during an on-boarding process, wherein the user provides an initial sample of the kind of authentication data requested, and wherein the data is then processed to extract the one or more attributes from the data to create the custom authentication print (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). As per claim 15, Zheng discloses comprising a step of continuously monitoring one or more aspects of the user's use of the system and revoking access to the system if the one or more aspects provide a trigger to do so (para. 0054 discloses the identity authentication module 14 judges whether or not the calculated comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold. If the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester is the user of the server, the identity authentication result is sent back to the client 2, and the requester is allowed to access the server to operate. Conversely, the identity authentication result is that the requester is not the user of the server, the identity authentication result is sent back to the client 2, and the requester is refused to access the server to operate, for example). As per claim 16, Zheng discloses a process for preventing fraudulent access to a secure system (fig 3 illustrate a processing flow performed by the identity authentication system, for example), the process comprising the steps of: a. continuously monitoring one or more behaviors of a user while the user is utilizing a mobile application or a device (para. 0054 discloses the identity authentication module 14 judges whether or not the calculated comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold. If the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester is the user of the server, the identity authentication result is sent back to the client 2, and the requester is allowed to access the server to operate. Conversely, the identity authentication result is that the requester is not the user of the server, the identity authentication result is sent back to the client 2, and the requester is refused to access the server to operate, for example); b. periodically sampling the one or more behaviors of the user (para. 0054 discloses the identity authentication module 14 judges whether or not the calculated comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold. If the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester is the user of the server, the identity authentication result is sent back to the client 2, and the requester is allowed to access the server to operate. Conversely, the identity authentication result is that the requester is not the user of the server, the identity authentication result is sent back to the client 2, and the requester is refused to access the server to operate, for example); c. comparing one or more attributes of the samples of the one or more behaviors of the user to one or more attributes of a stored custom authentication print for the user (para. 0006 discloses the existing biometric recognition technologies achieve recognition and authentication usually by using the template matching method in the field of pattern recognition, that is, a model reserved by a user is compared with the actual model to be authenticated, and if the similarity of the two models reaches a preset threshold, the authentication passes, otherwise the authentication fails, for example); d. determining a percentage match between the one or more attributes of the samples of the one or more behaviors of the user and the one or more attributes of a stored custom authentication print for the user (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example); and e. implementing a feedback response based on whether the percentage match corresponds to a pre-selected confidence level (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). As per claim 17, Zheng discloses wherein the feedback response comprises: a. terminating the user's access to the secured system if the percentage match is below the pre-selected confidence level (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example); b. prompting the user to re-authenticate themselves if the percentage match is below the pre-selected confidence level; or c. no further action if the percentage match is above the pre-selected confidence level (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). As per claim 18, Zheng discloses wherein the pre-selected confidence level is selected from a value of 75% and above, 80% and above, 85% and above, 90% and above, 95% and above, and 100% (para. 0054 discloses the identity authentication module 14 judges whether or not the calculated comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold. If the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester is the user of the server, the identity authentication result is sent back to the client 2, and the requester is allowed to access the server to operate. Conversely, the identity authentication result is that the requester is not the user of the server, the identity authentication result is sent back to the client 2, and the requester is refused to access the server to operate, for example). As per claim 19, Zheng discloses a process for averting crises while a user is accessing a secure system (fig 3 illustrate a processing flow performed by the identity authentication system, for example), the process comprising the steps of: a. continuously monitoring one or more behaviors of a user while the user is utilizing a mobile application or a device (para. 0054 discloses the identity authentication module 14 judges whether or not the calculated comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold. If the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester is the user of the server, the identity authentication result is sent back to the client 2, and the requester is allowed to access the server to operate. Conversely, the identity authentication result is that the requester is not the user of the server, the identity authentication result is sent back to the client 2, and the requester is refused to access the server to operate, for example); b. periodically sampling the one or more behaviors of the user (para. 0054 discloses the identity authentication module 14 judges whether or not the calculated comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold. If the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester is the user of the server, the identity authentication result is sent back to the client 2, and the requester is allowed to access the server to operate. Conversely, the identity authentication result is that the requester is not the user of the server, the identity authentication result is sent back to the client 2, and the requester is refused to access the server to operate, for example); c. comparing one or more attributes of the samples of the one or more behaviors of the user to one or more attributes of a stored custom authentication print for the user (para. 0006 discloses the existing biometric recognition technologies achieve recognition and authentication usually by using the template matching method in the field of pattern recognition, that is, a model reserved by a user is compared with the actual model to be authenticated, and if the similarity of the two models reaches a preset threshold, the authentication passes, otherwise the authentication fails, for example); d. predicting if the comparison between the one or more attributes of the samples of the one or more behaviors of the user and the one or more attributes of a stored custom authentication print for the user indicate an ongoing crisis (para. 0065: Step S109: since the comprehensive confidence CL of the identity is greater than or equal to the preset confidence threshold, the identity authentication result is that the requester A' is the user A of the server; the requester A' is allowed to access the server as the user A to operate figure 3(S109), for example); and e. implementing a feedback response based on whether an ongoing crisis is predicted (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). As per claim 20, Zheng discloses wherein a crisis is predicted if the sampled behavior of the user displays erratic behaviors when compared to the stored custom authentication print, wherein erratic behaviors comprise exerting more pressure on a screen or a touch pad compared to stored attributes, scrolling on a touch pad more frantically compared to stored attributes, committing more errors when using a keypad compared to stored attributes, and using less keystrokes when using the keypad compared to stored attributes (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). As per claim 21, Zheng discloses wherein the feedback response comprises: (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example); a. terminating the user's access to the secured system if a crisis is predicted (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example); b. prompting the user to re-authenticate themselves if a crisis is predicted (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example); or c. taking no further action if a crisis is not predicted (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). As per claim 22, Zheng discloses wherein the user that is prompted to re-authenticate themselves may be requested to re-authenticate themselves by providing a facial recognition scan, providing a scan of the whole room in which the user is located, providing a voice recognition scan, or a combination thereof (para. 0006 discloses the existing biometric recognition technologies achieve recognition and authentication usually by using the template matching method in the field of pattern recognition, that is, a model reserved by a user is compared with the actual model to be authenticated, and if the similarity of the two models reaches a preset threshold, the authentication passes, otherwise the authentication fails, for example). As per claim 23, Zheng discloses wherein the feedback response further comprises terminating the user's access to the secured system and contacting the authorities if the re- authentication indicates the user is in danger (paras.0060-0064 discloses Step S104: the identity authentication module 14 extracts the voiceprint model of the user A from the voiceprint model storage unit 15 Step S107: the identity authentication module 14 calculates the comprehensive confidence CL of the identity of the requester A', for example). Pertinent Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Rao et al. (US Patent 11,736,447) provides systems, apparatuses, methods, and computer program products are disclosed for providing passive continuous session authentication. An example method includes authenticating a session for a user of a client device. The example method further includes generating a video data structure comprising a video stream, deriving a set of biometric attributes of the user from the video stream, synchronizing temporal information with the set of biometric attributes derived from the video stream, generating an aggregated behavioral attribute data structure comprised of the video data structure and the set of biometric attributes derived from the video stream synchronized to the temporal information, and re-authenticating, by the session authentication circuitry at a second time after the first time, the session for the user of the client device based on the aggregated behavioral attribute data structure. Skerpac (US Pub. No.: US 2013/0132091 A1) provide an n-dimensional biometric security system as well as a method of identifying and validating a user through the use of a automated random one-time passphrase generation. The use of tailored templates to generate one-time phase phrase text as well as the use of update subscriptions of templates ensures a high level of security. A verification session preferably uses short, text-independent one-time pass phrases and secure audio tokens with master audio generated from an internal text-to-speech security processor. An automated enrollment process may be implemented in an ongoing and seamless fashion with a user's interactions with the system. Gelardi et al. (US Pub. No.: US 2022/0261466 A1) provides computer implemented methods for enrolling a user as an authenticated user of a computing device and for authenticating a user of a computing device are provided. The methods make use of behavioral biometrics to determine a set of shares that represent a secret credential according to a secret sharing scheme. The set of shares is initially determined when the user is enrolled based on typical measurements of the user's behavioral biometrics and authentication data indicating how to generate the set of shares from a user's behavioral biometrics is generated. When authenticating the user, the computing device can generate the set of shares based on the authentication data and measurements of the current user's behavioral biometrics. The computing device can use the generated set of shares to recreate a copy of the secret credential with which to authenticate the user. Obaidi (US Pub. No.: US 2019/0377853 A1) provides the use of user-behavior-based adaptive authentication may provide more secure user authentication without sacrificing user convenience. A baseline behavior pattern of a user may be identified using a machine learning algorithm based on user behavior data collected by one or more applications on at least one user device of the particular user for a predetermined time period. One or more events that deviate from the baseline behavior pattern of the user during a specific time period are then detected using the machine learning algorithm based on new user behavior data of the user obtained during the specific time period. In response to receiving a request from an application to authenticate a particular user for access or continued access to a resource, an authentication question and a correct answer for the authentication question are generated based on a detail of an event that deviates from the baseline behavior pattern. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. A.G. July 9, 2025 /ABIY GETACHEW/ Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Feb 14, 2024
Application Filed
Jul 09, 2025
Non-Final Rejection — §102
Apr 06, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12603759
SECURE DISTRIBUTION AND UPDATE OF ENCRYPTION KEYS IN CLUSTER STORAGE
2y 5m to grant Granted Apr 14, 2026
Patent 12598073
DISPLAY TERMINAL, SERVER AND INFORMATION SECURITY ISSUING SYSTEM
2y 5m to grant Granted Apr 07, 2026
Patent 12598071
SYSTEMS AND METHODS FOR DISTRIBUTED TRUST MODEL AND FRAMEWORK
2y 5m to grant Granted Apr 07, 2026
Patent 12598471
COMMUNICATION NETWORK DEVICES, COMMUNICATION NETWORK SYSTEM AND METHOD FOR MONITORING UNMANNED AERIAL SYSTEMS IN A COMMUNICATION NETWORK
2y 5m to grant Granted Apr 07, 2026
Patent 12592956
SEGMENTATION OF WEB DOCUMENTS BASED ON DETECTED SECURITY VULNERABILITIES
2y 5m to grant Granted Mar 31, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
86%
Grant Probability
99%
With Interview (+22.9%)
2y 4m
Median Time to Grant
Low
PTA Risk
Based on 851 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month