Detailed Action
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-5, 7, 9-15 , 17 and 19-20 is/are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Siddiqui (US 9,894,052 B2).
Regarding Claim 1, Siddiqui teaches What is claimed is: A method, the method comprising:
receiving, utilizing a location authentication system, a request from a user to access information required to be accessed from a secure location; (Siddiqui Col. 2 Ln. 24-26 “…location-based authentication may be performed by a location authentication service…”); (Col. 2, Ln.52-55 “Upon receiving the user's credentials for accessing the service, the service may identify the location of the device used to request access to the service (or the service access device).”)
determining, utilizing the location authentication system, the request has been received from the secure location utilizing at least one of a plurality of location authentication techniques available at the secure location, wherein each of the plurality of location authentication techniques comprises capturing information using sensors located at the secure location; and (Siddiqui Col. 8, Ln. 43-45 “…location authentication may include confirming that the user attempts access to a service from a trusted geographic location.”); (Siddiqui Col. 3, Ln. 42 -45 “At least one criterion may be that the location of the authentication device is within a geographic boundary surrounding the location of the service access device or vice-versa. Further, another criterion may be that the location of the authentication device is within a pre-specified distance or a radius (for example, 10 feet) of the location of the service access device or vice-versa. (Siddiqui Col. 4, Ln. 38-40, 47-51 “The location authentication service 106 may be configured with one or more location criteria for determining whether the user may be authenticated… prior to performing location-based authentication, a random string (for example, as encoded in a Quick Response (QR) code) may share between the first device 102 and the second device 104, whereby a camera-enabled second device 104 may capture a snapshot of the QR shown on a screen of the first device 102. Information encoded in the QR code may be relayed to the location authentication service 106 by the second device 104 (and/or other entities) to complete registration.”)
granting, utilizing the location authentication system and responsive to determining the request has been received from the secure location, access to the information to the user. (Siddiqui Col. 3 Ln. 38-55 “Having received the location of the service access device and identified the location of the location authentication device… the user may be authenticated based at least in part on the location of the devices and the service may grant access to the user given that the location of the service access device is within a geographic proximity to the location of the location authentication device.”)
Regarding Claim 2, Siddiqui teaches The method of claim 1, wherein the determining comprises capturing information from each of the plurality of location authentication techniques, comparing the captured information to information from at least one second information source, and identifying, based upon the comparing, the information captured from a predetermined number of the plurality of location authentication techniques matches the information from a second information source.(Siddiqui Col. 3, Ln. 40 -55 “the location authentication service may compare the locations of the two devices and determine whether one or more criteria for authenticating the user are met. At least one criterion may be that the location of the authentication device is within a geographic boundary surrounding the location of the service access device or vice-versa. Further, another criterion may be that the location of the authentication device is within a pre-specified distance or a radius (for example, 10 feet) of the location of the service access device or vice-versa. If at least one of the one or more criteria is met or if a correspondence between the locations of the devices is determines, the user may be authenticated based at least in part on the location of the devices and the service may grant access to the user given that the location of the service access device is within a geographic proximity to the location of the location authentication device.”) (Examiner: The captured information is compared to the location-related criteria information source. The pre-specified distance or radius of the location of the service access device relates to the predetermined number of the location authentication techniques and corresponds(matches) the second information source(device).
Regarding Claim 12, claim 12 is the system of claim 11 that further recites similar limitation as claim 2 and is being rejected based on the same rational as claim 2 above.
Regarding Claim 3, Siddiqui teaches The method of claim 1, wherein one of the plurality of location authentication techniques comprises capturing access information of the secure location and corresponding to the user and comparing a timestamp of the access information to a receipt time of the request. (Siddiqui Col. 5 Ln. 63-66 “A user having two devices (a first device 302 and a second device 304) attempts to log on or access a third-party service 306 using the first device.”); (Examiner: the confirmation package relates to corresponding to the user.) (Siddiqui Col. 12 Ln. 46 -52 “In addition, the confirmation package may also include the location of the first device 502 as determined by the third-party service 506 as well as an expiration time or date for adding the third-party service 506 as a service that uses the location authentication service 508 or for adding the second device 504 as an authentication device.”);(Siddiqui Col. 14, Ln. 1-6 “The location authentication service 508 then compares 528 the security received from the second device 502 with the security code it retains (for example, the security code it generated or received from the third-party service 506) and determines whether the security code are matching or meet a specified criterion.”)
Regarding Claim 13, claim 13 is the system of claim 11 that further recites similar limitation as claim 3 and is being rejected based on the same rational as claim 3 above.
Regarding Claim 4, Siddiqui teaches The method of claim 1, wherein one of the plurality of location authentication techniques comprises presenting a code on a device transmitting the request and capturing, using at least one of the sensors located at the secure location, the code. (Siddiqui Col. 4, Ln. 38-40, 47-51 “The location authentication service 106 may be configured with one or more location criteria for determining whether the user may be authenticated… prior to performing location-based authentication, a random string (for example, as encoded in a Quick Response (QR) code) may shared between the first device 102 and the second device 104, whereby a camera-enabled second device 104 may capture a snapshot of the QR shown on a screen of the first device 102. Information encoded in the QR code may be relayed to the location authentication service 106 by the second device 104 (and/or other entities) to complete registration.”)
Regarding Claim 14, claim 14 is the system of claim 11 that further recites similar limitation as claim 4 and is being rejected based on the same rational as claim 4 above.
Regarding Claim 5, Siddiqui teaches The method of claim 1, wherein one of the plurality of location authentication techniques comprises presenting a code on a device transmitting the request and requesting the user capture the code utilizing a device associated with the user. (Siddiqui Col. 13 Ln. 46-54 “Transferring the confirmation package may be facilitated by an application of the location authentication service 508 installed on the second device 504, whereby, for example, the application may enable the second device 504 to capture an image of the QR code representing the confirmation package or the application may enable the second device 504 to communicate with the first device 502 for the purpose for transferring the confirmation package via a wired or wireless connection.”);( Siddiqui Col.11, Ln. 37-38 “The user also has a second device 504”)
Regarding Claim 15, claim 15 is the system of claim 11 that further recites similar limitation as claim 5 and is being rejected based on the same rational as claim 5 above.
Regarding Claim 7, Siddiqui teaches The method of claim 1, wherein one of the plurality of location authentication techniques comprises capturing a first set of attribute information of the user utilizing a device associated with the user, capturing a second set of attribute information of the secure location utilizing at least one of the sensors located within the secure location, and comparing the first set of attribute information and the second set of attribute information. (Siddiqui Col. 15, Ln. 13-31 “the location authentication service may employ facial recognition for authenticating a user. The location authentication service may retain an image file associated with the user as part of the user's profile, such as a portrait of the user. To authenticate the user, the location authentication service may require that a device of the user send an image of the user to the location authentication service. The location authentication service may compare the image of the user retained by the location authentication service to the image provided by the user's device. The retained image may be different from the received image and when the images are compared a variance between the two images may be determined. One or more criteria may be set to determine whether the user may be authenticated based at least in part on the received image. Facial and image recognition may be used in addition to or in place of location authentication for authenticating the user.”)
Regarding Claim 17, claim 17 is the system of claim 11 that further recites similar limitation as claim 7 and is being rejected based on the same rational as claim 7 above.
Regarding Claim 9, Siddiqui teaches The method of claim 1, wherein the granting is responsive to determining the user has been authenticated utilizing a strong authentication technique. (Siddiqui Col. 15 Ln. 13-25, 30-32 “…the location authentication service may employ facial recognition for authenticating a user. The location authentication service may retain an image file associated with the user as part of the user's profile, such as a portrait of the user. To authenticate the user, the location authentication service may require that a device of the user send an image of the user to the location authentication service. The location authentication service may compare the image of the user retained by the location authentication service to the image provided by the user's device… Facial and image recognition may be used in addition to or in place of location authentication for authenticating the user.”)
Regarding Claim 10, Siddiqui teaches The method of claim 1, wherein the determining does not utilize geofencing location identification techniques. (Siddiqui Col 2, Ln. 55-57 “The location of the device may be determined using a geo-location functionality of a web-browser, such as a hypertext markup language 5 (HTML5) enabled browser.”)
Regarding Claim 19, claim 19 is the system of claim 11 that further recites similar limitation as claim 10 and is being rejected based on the same rational as claim 10 above.
Regarding Claim 11, claim 11 is a system claim that recites similar limitations as claim 1, therefore, is rejected based on the same rational as claim 1 outlined above. Siddiqui teaches A system, the system comprising: (Siddiqui Col. 19, Ln 58-59 “…may be performed under the control of one or more computer systems configured with executable instructions.”)
sensors located at a secure location; (Siddiqui Col. 4 Ln. 49-50 “a camera-enabled second device 104 may capture a snapshot of the QR shown on a screen of the first device 102.”);
a processor operatively coupled the sensors; (Siddiqui Col.6 Ln. 38-39 “The first device 302 may be equipped with a processor...”)
a memory device that stores instructions that, when executed by the processor, causes the system to: (“Siddiqui Col. 17 Ln. 1-4 “include a computer-readable storage medium (e.g., a hard disk, random access memory, read only memory, etc.) storing instructions that, when executed by a processor.”)
Regarding Claim 20, claim 20 is a product claim that recites similar limitations as claim 1, therefore, is rejected based on the same rational as claim 1 outlined above. Siddiqui further teaches, A product, the product comprising:
a computer-readable storage device that stores executable code that, when(“Siddiqui Col. 17 Ln. 1-3 “include a computer-readable storage medium… storing instructions that”); (Siddiqui Col. 19, Ln. 59 “with executable instructions.”)
executed by a processor, causes the product to: (Siddiqui Col. 17, Ln. 3 “when executed by a processor.”)
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 6, 8, 16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Siddiqui (US 9,894,052 B2) in view of Lynch (US 2023/0169840 A1).
Regarding Claim 6, Siddiqui teaches The method of claim 1, as outlined above.
Siddiqui fails to teach wherein one of the plurality of location authentication techniques comprises capturing at least one health metric of the user utilizing a device associated with the user and comparing the at least one health metric with a profile of the user.
However, Lynch teaches wherein one of the plurality of location authentication techniques comprises capturing at least one health metric of the user utilizing a device associated with the user and comparing the at least one health metric with a profile of the user. (Lynch [0032] “. The location access control system 106 has data access to a maintained registry 108 of one or more individuals 104 allowed access to the location 102. One or more physiological measurement sensing devices 110 collect physiological measurement information from the one or more individuals 104. As utilized herein, physiological measurement(s) refers to an individual's temperature, blood oxygen level, heart rate including resting heart rate, respiratory rate, and/or the like…. A monitoring system 116 receives the physiological measurement information for one or more individuals 104 detected by the location access control system 106 as being physically present at the location 102 and compares the physiological measurement information to a threshold level.”)
Siddiqui and Lynch are analogues in that they are both in the same field of location authentication. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Siddiqui to incorporate the teachings of Lynch wherein one of the plurality of location authentication techniques comprises capturing at least one health metric of the user utilizing a device associated with the user and comparing the at least one health metric with a profile of the user. Doing so would aid in managing access and occupation of a location that can track the physiological measurements of individuals having access to the location over time. par. [0004] Lynch
Regarding Claim 16, claim 16 is the system of claim 11 that further recites similar limitation as claim 6 and is being rejected based on the same rational as claim 6 above.
Regarding Claim 8, Siddiqui teaches The method of claim 1, as outlined above.
Siddiqui fails to teach comprising authenticating the user utilizing at least a subset of the plurality of location authentication techniques at a predetermined frequency during an authenticated session established responsive to the granting.
However, Lynch teaches comprising authenticating the user utilizing at least a subset of the plurality of location authentication techniques at a predetermined frequency during an authenticated session established responsive to the granting. (Lynch [0043] “The physiological measurement information is repeated in that it is received on a periodic basis at a predetermined frequency through the time period individual is physically present at the location. The frequency can vary based on the needs and/or requirements of the system 100. The repeated physiological measurement information may be received as frequently as it is obtained by the physiological measurement sensing device or service 114, or other at some other predetermined frequency.”); ([0032] “The system 100 includes a location access control system 106. The location access control system 106 has data access to a maintained registry 108 of one or more individuals 104 allowed access to the location 102.”)
Siddiqui and Lynch are analogues in that they are both in the same field of location authentication. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Siddiqui to incorporate the teachings of Lynch authenticating the user utilizing at least a subset of the plurality of location authentication techniques at a predetermined frequency during an authenticated session established responsive to the granting. Doing so would aid in systems and methods for managing access to, and occupation of, a location by one or more individuals, based on repeated physiological measurement readings from the one or more individuals. [0029] Lynch
Regarding Claim 18, claim 18 is the system of claim 11 that further recites similar limitation as claim 8 and is being rejected based on the same rational as claim 8 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
McCormack (US 8,095,656 B2) teaches geo-positionally based data access security.
Maresh et al. (US 9,811,653 B1) teaches location specific image based authentication.
Gum (US 8,961,619 B2) teaches location-based system permissions and adjustments at an electronic device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALA BOYD whose telephone number is (571)272-6450. The examiner can normally be reached M-F 7:30-4:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Mala Boyd/Patent Examiner, Art Unit 2497
/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497