Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 3-8,10-15 and 17-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 3-5, 7-12, 14-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Edwards (US 2023/0342505) in view of Chan (US 2011/0129120)
Regarding Claim 1,
Edwards (US 2023/0342505) teaches a method for analyzing risk of access based on device context, the method comprising:
authenticating, by a computer system including at least one processor, a user for access to the computer system while the computer system is located at a particular location (Paragraph [0032-0033] teaches a user “logs into” account while computer system is located at a “privacy zone” location) ;
in response to authenticating the user, capturing, by the computer system, an image of an environment of the computer system at the particular location; generating, by the computer system, a device context based on the captured image (Paragraph [0034] teaches objects can be detected by camera in a similar space, e.g. a train, bus, subway, plane);
determining, by the computer system, a risk score based on the device context, wherein the risk score is associated with the computer system and the particular location and represents a determined risk of allowing the device to access a network while located at the particular location (Paragraph [0032, 0035] teaches detecting an intrusion or suspicious activity)
wherein the particular location is a first location, the image is a first image, the device context is a first device context, and the risk score is a first risk score, the method further comprising:
authenticating, by the computer system, the user for access to the computer system while the computer system is located at a second location different than the first location (Paragraph [0019-0020] teaches different locations) (Paragraph [0032-0033] teaches a user “logs into” account and also “privacy zone” location); in response to authenticating the user, capturing, by the computer system, a second image of an environment of the computer system at the second location (Paragraph [0034] teaches objects can be detected by camera in a similar space, e.g. a train, bus, subway, plane); generating, by the computer system, a second device context based on the captured second image; determining, by the computer system, a second risk score based on the second device context, wherein the second risk score is associated with the computer system and the second location (Paragraph [0032, 0035] teaches detecting an intrusion or suspicious activity)
Edwards does not explicitly teach wherein the first and second locations are physical locations
Chan (US 2011/0129120) teaches wherein the first and second locations are physical locations (Paragraph [0083] and Fig. 1, teaches images captured at physical locations)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Edwards to include the physical locations of Chan
The motivation is to mitigate privacy risks (Paragraph [0033])
Regarding Claim 3,
Edwards and Chan teaches the method of claim 1. Edwards teaches wherein generating the device context includes identifying potential security risks depicted in the captured image (Paragraph [0032] teaches identifying the object as an additional person, a reflection, or a camera…identifying such an object may indicate there is an intrusion to location).
Regarding Claim 4,
Edwards and Chan teaches the method of claim 1. Edwards teaches wherein the potential security risks include one or more of unauthenticated persons able to view a display of the computer system, video recording devices positioned to capture video information output by the computer system, or audio recording devices positioned to capture video information output by the computer system (Paragraph [0025] teaches unauthorized person or unauthorized device)
Regarding Claim 7,
Edwards and Chan teaches the method of claim 1. Edwards teaches further comprising: after determining the risk score, determining that the risk score exceeds a risk threshold; and in response, denying the computer system access to the network from the particular location (Paragraph [0038] teaches determining a fraudulent user is trying to authenticate as the user and placing the account into a fraud process to enable further investigations and security protections)
Regarding Claims 8-11, 14,
Claims 8, 10-11, 14 are similar in scope to Claims 1, 3-4, 7 and are rejected for a similar rationale.
Regarding Claims 15, 17-18,
Claims 15, 17-18 are similar in scope to Claims 1, 3-4 and are rejected for a similar rationale.
Regarding Claim 5,
Edwards and Chan teaches the method of claim 1. Edwards teaches the method of claim 1, further comprising: after determining the risk score,
authenticating, by the computer system, the user for access to the computer system while the computer system is located at the particular location (Paragraph [0038] teaches authenticating after determining a risk score);
Edwards further teaches capturing, by the computer system, an updated image of an environment of the computer system at the particular location; updating, by the computer system, the device context based on the updated image; and updating, by the computer system, the risk score associated with the computer system and the particular location based on the updated device context (Paragraph [0025] teaches capturing images during a second time period and updating based on the second set of images a risk score)
Edwards does not explicitly teach in response to authenticating the user, capturing an updated image
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify capturing updated images in response to authenticating after determining a risk score and the results would be predictable (i.e. Edwards would capture updated images after authenticating after a risk score)
Regarding Claims 12, 19
Claims 12, 19 are similar in scope to Claim 5 and are rejected for a similar rationale.
Claim(s) 6, 13, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Edwards and Chan in view of Ghose (US 2021/0200998)
Regarding Claim 6,
Edwards and Chan teaches the method of claim 1. Edwards teaches further comprising: after determining the risk score,
authenticating, by the computer system, the user for access to the computer system while the computer system is located at the particular location (Paragraph [0038] teaches authenticating after determining a risk score);
Edwards further teaches capturing, by the computer system, an updated image of an environment of the computer system at the particular location; updating, by the computer system, the device context based on the updated image; and updating, by the computer system, the risk score associated with the computer system and the particular location based on the updated device context (Paragraph [0025] teaches capturing images during a second time period and updating based on the second set of images a risk score)
Edwards does not explicitly teach in response to authenticating the user, capturing an updated image
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify capturing updated images in response to authenticating after determining a risk score and the results would be predictable (i.e. Edwards would capture updated images after authenticating after a risk score)
Edwards does not teach
wherein the identifying is performed by a machine learning model trained to identify the device context based on images of the environment of the computer system.
Ghose (US 2021/0200998) teaches wherein the identifying is performed by a machine learning model trained to identify the device context based on images of the environment of the computer system (Paragraph [0004, 0042, 0056] teaches implementing “machine learning” to detect unauthorized individuals in a location)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Edwards with the machine learning model trained to identify device context based on images of the environment
The motivation is to prevent unauthorized shoulder surfers (Paragraph [0004] of Ghose)
Regarding Claims 13, 20
Claims 13, 20 are similar in scope to Claim 6 and are rejected for a similar rationale.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARRIS C WANG/Primary Examiner, Art Unit 2439