Method And Apparatus For Authentication Of A User To A Server Using Relative Movement

§102 §103 §DP

Notice of Pre-AIA or AIA Status The present application is being examined under the pre-AIA first to invent provisions. DETAILED ACTION Currently pending claims are 1 – 20. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application. See 37 CFR 1.130(b). Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). Claim(s) 1 – 20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1 – 18 of U.S. Patent No. 12,074,869. Although the conflicting claims are not identical, they are not patentably distinct from each other – accordingly, because the listed claims of U.S. Patent virtually contain(s) every element of the listed claims of the instant application and thus anticipate the claim(s) of the instant application. Claim(s) of the instant application therefore is/are not patently distinct from the earlier patent claim(s) and as such is/are unpatentable over obvious-type double patenting. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001)”. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1, 7, 9, 12 & 13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Geosim et al. (U.S. Patent 7,308,581). As per claim 1 & 13, Geosim teaches a method, comprising: providing an authentication request to a user, said authentication request requiring said user to record an act that involves relative movement between said user and a camera (Geosim: Figure 1 & Col. 1 Line 18 – 22, Col. 4 Line 15 – 25 / Line 26 – 30 / Line 39 – 42 / Line 50 – 52, Col. 5 Line 27 – 39, Col. 6 Line 56 – 59 / Line 65 – 67, Col. 8 Line 10 – 12 / Line 45 – 46 / Line 50 – 53 / Line 60 – 65, Col. 2 Line 43 – 51, Col. 10 Line 14 – 16, Col. 14 Line 41 – 43, Col. 7 Line 4 – 10 and Col. 9 Line 29 – 32: (a) when a user attempts / requests to access a secure resource (e.g. on-line course material) on a target computer, the user is required to provide biometric information for verification (Geosim: FIG, 1 & Col. 4 Line 15 – 25 / Line 57 – 59, Col. 3 Line 54 – 57) and the biometric scanning device can be a camera to take continuous motion pictures of the user for real-time verification (i.e. a continuous & liveness movement) so as to enable a continuous access to secure data content (Geosim: Col. 5 Line 27 – 39); and (b) the authentication computing device can be at the user computer, containing a biometric identification program, or the central server (Col. 4 Line 18 – 25 / Line 50 – 52 and Col. 6 Line 65 – 67), which receives the request from the user computer (i.e. the requesting device) for authentication in order to take an on-line study course (i.e. secure data content); (c) the authentication computer can receive the biometric data either from a 3rd-party device first, or alternatively from the user computer or from a card reader’s microchip of the user computer (Figure 1 / E45 & Col. 6 Line 56 – 59) through a first communication channel, and then (d) subsequently receives the sets of biometric data (i.e. contextual data) from a biometric reader of the user computer (Figure 1 / E50: the biometric reader can also alternatively be operated by a remote computer, as taught by Geosim) through another second communication channel); receiving a recording from said user of said user performing said act (see above); determining whether said recording indicates a live performance of said act by said user, based at least in part on said recording (see above); authenticating said user, based at least in part on said recording (see above); and providing access to a resource to said user based on said authentication of said user and said determination of whether said recording indicates a live performance of said act by said user (see above). As per claim(s) 7 & 9, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale. As per claim 12, Geosim teaches wherein said resource includes data stored in a blockchain (Geosim: Col. 9 Line 17 – 24: a distributed 3rd-party database that can be queried and storing confidential data is qualified as one type of a blockchain). Claims 14 – 19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Horton et al. (U.S. Patent 2011/0314539). As per claim 14, Horton teaches a method for authenticating a user to allow said user to access functionality of a restricted access device, said method comprising: detecting a user approaching said device, thereby causing said restricted access device to trigger an authentication process on a user device separate from said restricted access device (Horton: Figure 6 & Para [0048] Line 13 – 24 / Last sentence and Para [0008] / [0041]: upon detection of a user approaching (in proximity of) a smart phone (i.e. a restricted access device) with a security token device, an authenticating process is required to activate the associated security token device by (e.g.) entering / inputting biometric information to the security token device, prior to unlocking the smart phone for accessing to the secure resource (Horton: Para [0048] Line 20 – 24)); providing contextual data to an authentication computing system associated with said restricted access device, said contextual data being indicative of an identity of said user (Horton: see above & Para [0033]: providing user identities associated with a user account through a setting server that communicates with a database hosting the user account for a user of a wireless communication device). authenticating said identity of said user with said authentication computing system using at least said contextual data (Horton: see above); and providing an unlock command to said restricted access device, when said identity of said user is successfully authenticated (Horton: Figure 6 & Para [0048] Line 23 – 25: unlocking the smart phone (i.e. the restricted access device) for accessing the secure resource upon successfully completing the required authentication). As per claim 15, Horton teaches said restricted access device is a door lock; and said unlock command causes said door lock to unlock (Horton: see above & Para [0029] Last sentence: locking / unlocking a door entry). As per claim 16, Horton teaches placing a transponder proximate to said restricted access device, wherein: said transponder is configured to determine if said user has approached said restricted access device; and said transponder is configured to trigger said authentication process on said user device (Horton: see above & Para [0048] Line 13 – 24 / Last sentence and Para [0008] / [0041]: a transponder of a wireless proximity device). As per claim 17, Horton teaches wherein said contextual data includes data indicative of a location of said user device (Horton: see above & Para [0049] Line 2 – 4: at a particular location of the user device). As per claim 18, Horton teaches providing biometric data indicative of said identity of said user to said authentication computing system (Horton: Figure 6 & Para [0048] Line 13 – 24 / Last sentence and Para [0008] / [0041]: entering / inputting a biometric information to the security token device, prior to unlocking the smart phone for accessing to the secure resource (Horton: Para [0048] Line 20 – 24) upon detection of a user along with a security token device approaching (in proximity of) a smart phone (i.e. a restricted access device)). As per claim(s) 19, the claims contain(s) similar limitations to claim(s) 14 and thus is/are rejected with the same rationale. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Geosim (U.S. patent 7,308,581), in view of Rensin et al. (U.S. Patent 2007/0199076). As per claim 2, Mckinley (& Geosim) teaches wherein said authentication request requires said user to illuminate a color while said camera records said act (Mckinley: Para [0135] / [0048]: providing a color key for generating (e.g.) a hidden digital watermark and accordingly, a color signature can be compared against an expected signature stored). It would have been obvious to a person of ordinary skill in the art having common sense at the time the invention was made to combine the teaching of Mckinley within the system of Geosim because Mckinley teaches enhancing security metrics by including a color key and color signature to protect the confidential data (see above). Claims 3 – 6, 8 & 10 – 11 are rejected under 35 U.S.C. 103(a) as being unpatentable over Geosim (U.S. patent 7,308,581), in view of Clark (U.S. Patent 8,244,21199076). As per claim 3 & 5, Clark (& Geosim) teaches wherein said authentication request requires said user to generate a flash at a location while said camera records said flash (Clark: Col. 5 Line 62 – 64 / Line 48 – 49, Col. 2 Line 11 – 14 / Line 63 – 67 and Col. 5 Line 41 – 64: (a) the user device requests the access to data content and authenticating the user request by the biometric data (e.g. facial / image), (b) along with the environmental factors captured from the Geo Location, accelerometer device, and etc., and (c) the comparison of a camera Geo location would flash the camera when taking the photo of the user’s facial / image data at an angle relative to the camera for authentication). It would have been obvious to a person of ordinary skill in the art having common sense at the time the invention was made to combine the teaching of Clark within the system of Geosim because Clark teaches enhancing security metrics by including a comparison of Geo location when taking the photo of the user’s facial / image data at an angle relative to a camera for authentication to protect the confidential data (see above). As per claim 4, Clark (& Geosim) teaches wherein said authentication request requires said user to perform a gesture while said camera records said user performing said gesture (Clark: Col. 5 Line 56 – 57). See the same rationale of combination applied herein as above in rejecting the claim 3. As per claim 6, Clark (& Geosim) teaches wherein said authentication request requires said user to perform a gesture and at the same time cause a flash while said camera observes said gesture (Clark: Col. 5 Line 56 – 57 / Line 62 – 64 / Line 48 – 49). See the same rationale of combination applied herein as above in rejecting the claim 3. As per claim 8, Clark (& Geosim) teaches contextual operational information comprising a geographical location of said user, a time period since a previous successful authentication, or a distance between a current location of said user and a location of said user during said previous authentication (Clark: Col. 5 Line 62 – 64 / Line 48 – 49: Geo location of the user). See the same rationale of combination applied herein as above in rejecting the claim 3. As per claim 10 – 11, Clark (& Geosim) teaches wherein said recording is encrypted (Clark: Col. 6 Line 47 – 48 & Col. 5 Line 62 – 64 / Line 48 – 49: the recording data, such as taking photo at a particular location, can be encrypted when transmitted or exchanged so as to protect from a security risk of a chaos-based situation). See the same rationale of combination applied herein as above in rejecting the claim 3. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Horton et al. (U.S. Patent 2011/0314539), in view of Geosim (U.S. patent 7,308,581). As per claim 20, Geosim (& Horton) teaches contextual data includes a recording captured by said user subsequent to said detection of said user approaching said device; and the liveness of said recording can be determined based at least in part on content of said recording (Geosim: Col. 5 Line 27 – 39, Col. 4 Line 15 – 25 / Line 57 – 59, Col. 3 Line 54 – 57: the biometric scanning device can be a camera to take continuous motion pictures of the user for real-time verification (i.e. continuous & liveness movements) for enabling a continuous access to secure data content (Geosim: Col. 5 Line 27 – 39) when a user attempts (REQ) to access a secure resource (e.g. on-line course material) on a target computer, the user is required to provide biometric information for verification (Geosim: FIG, 1 & Col. 4 Line 15 – 25 / Line 57 – 59, Col. 3 Line 54 – 57)). It would have been obvious to a person of ordinary skill in the art having common sense at the time the invention was made to combine the teaching of Geosim within the system of Horton because Geosim teaches enhancing security metrics by requiring the biometric scanning device such as a camera to take continuous motion pictures of the user for real-time verification (i.e. continuous & liveness movements) for enabling a continuous access to secure data content (see above). Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. --------------------------------------------------- /Longbit Chai/ Longbit Chai E.E. Ph.D Primary Examiner, Art Unit 2431 No.#2512 - 2025 ---------------------------------------------------