INFORMATION PROCESSING APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND MEDIUM

reenrollingDETAILED ACTION 1. Claims 1-12 are pending in this examination. Notice of Pre-AIA or AIA Status 2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 3. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 4.1. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 4.2. Claims 1, 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20120084563 to Singhal et al (“Singhal”) in view of US Patent Application No. 20090300744 to Guo et al (“Guo”). Independent claims 1, 10, 11 and 12 As per claims 1, 11 and 12, Singhal discloses an information processing apparatus/CRM/method comprising: a user interface for displaying to a user and for user input ([0048] With referenced to FIG. 2B, the card-device 12 has an interface end and means 14, card-device logic 16 hidden within the card-device 12. On one side, a liquid crystal display means 26 and a entry means 28 for entry of numbers that display on 26. On the other side of the card, a label 27 that shows manufacturer name, brand name, model name, number and serial number may be present). at least one memory storing instructions; and at least one processor that is in communication with the at least one memory and that, when executing the instructions, cooperates with the at least one memory to execute processing, the processing including a first authentication in which, from user information including a plurality of attributes for each user, a first attribute value of a user to be authenticated is, as a first factor, compared to an input value from a user and authentication is performed ([0106] The server 50 has access to an authentication database 52 that pre-stores card s/n, encryption key, card id, thumbprint, and PIN. The authentication logic 51 using the database 52, first identifies the authentication record by card serial number and then authenticates the three factors of card id, thumb print, and PIN, corresponding to "what you have", "what you are", and "what you know" factors… Option E (two-factor) [0132] 1. Card S/N [0133] 2. Card ID (encrypted) [0134] 3. Thumb Print). a second authentication in which a second attribute value of a user for which was successful is, as a second factor, compared to an input value from a user and authentication is performed (Option E (two-factor) [0132] 1. Card S/N [0133] 2. Card ID (encrypted) [0134] 3. Thumb Print… [0140] The authentication logic 51 is customized to a security application enabling different degrees of remote user authentication from multiple factors, wherein the authentication may be based on any two or any three or all four factors of authentication in a specific application. [0141] The authentication logic 51 resident in the server 50 receives multiple factors of authentication from a network interface 15 from a remote user and may apply a weighted priority logic to the authentication factors, which enable dynamic multiple factors of authentication to be used in granting authentication to the remote user…. [0147] At step 150, the authentication logic verifies the authentication factors in the record against the pre-stored data for those factors. [0148] At step 152, the authentication logic 51, if comparisons pass, send authentication successful message to the network device 15. …[0150] As a simplified illustration, ATMs that are used for customers and where the dollar loss may be limited, a two-factor authentication is applicable, whereas, in a financial transaction network where businesses move large amount of funds, a three-factor authentication for the business employees may be used. Hence remote user authentication security of persons who enable large financial transaction may be more stringent while using the same remote user authentication card-device 12.)., and when the second authentication is performed, a user interface screen corresponding to information indicating a type of the second attribute value, included in the second attribute value, is displayed on the user interface, and input corresponding to information indicating the type is accepted ([0149] The database 52 stores the weight for each factor, that enable some factors to be on and some factors to be off. This enables those factors that are on to be used and those factors that are off to not be used. Some factors may be weighted in a 0 to 100% scale. The weighting of the authentication factors allows an optimum authentication to be used for the specific authentication security needs for a specific application in a specific environment. [0151] In the authentication logic 51 means may be provided to disable one or more factors such as via an on/off flag for the thumbprint and on/off flag for the location. In addition, different weights may be assigned for the accuracy of the data of thumbprint and location. For example, the location may not be used if the card-device 12 is in an under-ground location where the GPS signal may not be received or the location is close but does not precisely match the location data stored in the database. As another example, the thumbprint may not be used if the remote user is in hostile environment and is wearing a glove. As yet another example, the PIN entry on the card-device 12 may not be used for the same reason, as long as other factors of authentication, such as card id and location are present… [0146] At step 148, the authentication logic 51 checks the factor flags that are on/off for an application. [0147] At step 150, the authentication logic verifies the authentication factors in the record against the pre-stored data for those factors.). Furthermore, Singhal discloses [0115] As shown in FIG. 4C, the four different factor of remote user authentication using the card-device 12, as described above, may be used in different combinations of, any two-factors, any three-factor and as a four-factor device. In all of these options the card serial number is used to reference the authentication record in the authentication database 52. The one-factor that is required in all of these options is the card id, while other factors may be substituted with other factors for different applications with different security environments, however Singhal does not explicitly disclose other hand in the same field of endeavor, Guo discloses allowing use corresponding to privileges of an authenticated user to a user for which the second authentication was successful; asking second factor after the first authentication factor ([0033] FIG. 3 illustrates example operations and communications (collectively at 300) for accessing a secure server using trusted device-specific authentication. In this example, assume a user wishes to access the secure server from his or her user device. The secure server is in a trust relationship with the account authority server, upon which it depends for authentication of users and devices. Within this trust relationship, the account authority service has knowledge of the security policies of the secure server and enforces said policies when it is asked to authenticate a user and/or device for access to the secure server. Depending upon whether the user provides both user credentials and device credentials, or just user credentials, the level of privilege authorized by the account authority service to the user for access to the secure server can vary. For example, authentication by both user credentials and device credentials may result in the account authority service granting a higher level of privilege to the user than for authentication by user credentials only, … abstract user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service, abstract, [0037] If the user-device-supplied credentials do not satisfy the security requirements of the secure server, the account authority service 316 may prompt the user device for addition credentials. For example, if the secure server requires a two-factor authentication, such as both user and device credentials, the account authority server may require the user to authenticate via a trusted device. Alternatively, if the device ID factor is not satisfied, the secure server may accept alternative second factors, such as HIP solutions, secret question responses (e.g., "Mother's maiden name"), etc.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Singhal with the teaching of Guo by including the feature of privilege levels, in order for Singhal’s system to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. User credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service (Singhal, abstract). As per claims 10, Singhal discloses an authentication system comprising: an information processing apparatus (fig. 4C item 15); and an authentication server, wherein the information processing apparatus includes a communication device (fig. 4C item 50), a user interface for displaying to a user and for user input ([0048] With referenced to FIG. 2B, the card-device 12 has an interface end and means 14, card-device logic 16 hidden within the card-device 12. On one side, a liquid crystal display means 26 and a entry means 28 for entry of numbers that display on 26. On the other side of the card, a label 27 that shows manufacturer name, brand name, model name, number and serial number may be present). at least one memory storing instructions, and at least one processor that is in communication with the at least one memory and that, when executing the instructions, cooperates with the at least one memory to execute processing, the processing including a first authentication in which, from user information including a plurality of attributes for each user, a first attribute value of a user to be authenticated is, as a first factor, compared to an input value from a user and authentication is performed ([0106] The server 50 has access to an authentication database 52 that pre-stores card s/n, encryption key, card id, thumbprint, and PIN. The authentication logic 51 using the database 52, first identifies the authentication record by card serial number and then authenticates the three factors of card id, thumb print, and PIN, corresponding to "what you have", "what you are", and "what you know" factors… Option E (two-factor) [0132] 1. Card S/N [0133] 2. Card ID (encrypted) [0134] 3. Thumb Print). a second authentication in which a second attribute value of a user for which authentication was successful is, as a second factor, compared to an input value from a user and authentication is performed (Option E (two-factor) [0132] 1. Card S/N [0133] 2. Card ID (encrypted) [0134] 3. Thumb Print… [0140] The authentication logic 51 is customized to a security application enabling different degrees of remote user authentication from multiple factors, wherein the authentication may be based on any two or any three or all four factors of authentication in a specific application. [0141] The authentication logic 51 resident in the server 50 receives multiple factors of authentication from a network interface 15 from a remote user and may apply a weighted priority logic to the authentication factors, which enable dynamic multiple factors of authentication to be used in granting authentication to the remote user…. [0147] At step 150, the authentication logic verifies the authentication factors in the record against the pre-stored data for those factors. [0148] At step 152, the authentication logic 51, if comparisons pass, send authentication successful message to the network device 15. … [0150] As a simplified illustration, ATMs that are used for customers and where the dollar loss may be limited, a two-factor authentication is applicable, whereas, in a financial transaction network where businesses move large amount of funds, a three-factor authentication for the business employees may be used. Hence remote user authentication security of persons who enable large financial transaction may be more stringent while using the same remote user authentication card-device 12.), and when the second authentication is performed, a user interface screen corresponding to information indicating a type of the second attribute value, included in the second attribute value, is displayed on the user interface, and input corresponding to information indicating the type is accepted ([0149] The database 52 stores the weight for each factor, that enable some factors to be on and some factors to be off. This enables those factors that are on to be used and those factors that are off to not be used. Some factors may be weighted in a 0 to 100% scale. The weighting of the authentication factors allows an optimum authentication to be used for the specific authentication security needs for a specific application in a specific environment. [0151] In the authentication logic 51 means may be provided to disable one or more factors such as via an on/off flag for the thumbprint and on/off flag for the location. In addition, different weights may be assigned for the accuracy of the data of thumbprint and location. For example, the location may not be used if the card-device 12 is in an under-ground location where the GPS signal may not be received or the location is close but does not precisely match the location data stored in the database. As another example, the thumbprint may not be used if the remote user is in hostile environment and is wearing a glove. As yet another example, the PIN entry on the card-device 12 may not be used for the same reason, as long as other factors of authentication, such as card id and location are present... [0146] At step 148, the authentication logic 51 checks the factor flags that are on/off for an application. [0147] At step 150, the authentication logic verifies the authentication factors in the record against the pre-stored data for those factors). the user information is stored in the authentication server connected to the communication device, the first authentication is performed by the authentication server, with an input value from a user being transmitted to the authentication server ([0105] The network device 15 then sends a data record 44 that includes the (i) network device id 16 and (ii) data record 42 to an authentication server 50. [0106] The server 50 has access to an authentication database 52 that pre-stores card s/n, encryption key, card id, thumbprint, and PIN. The authentication logic 51 using the database 52, first identifies the authentication record by card serial number and then authenticates the three factors of card id, thumb print, and PIN, corresponding to "what you have", "what you are", and "what you know" factors, [0148] At step 152, the authentication logic 51, if comparisons pass, send authentication successful message to the network device 15.), and the second authentication is performed, with second attribute value of a user for which the authentication was successful being obtained from the authentication server ([0149] The database 52 stores the weight for each factor, that enable some factors to be on and some factors to be off. This enables those factors that are on to be used and those factors that are off to not be used. Some factors may be weighted in a 0 to 100% scale. The weighting of the authentication factors allows an optimum authentication to be used for the specific authentication security needs for a specific application in a specific environment. [0151] In the authentication logic 51 means may be provided to disable one or more factors such as via an on/off flag for the thumbprint and on/off flag for the location. In addition, different weights may be assigned for the accuracy of the data of thumbprint and location. For example, the location may not be used if the card-device 12 is in an under-ground location where the GPS signal may not be received or the location is close but does not precisely match the location data stored in the database. As another example, the thumbprint may not be used if the remote user is in hostile environment and is wearing a glove. As yet another example, the PIN entry on the card-device 12 may not be used for the same reason, as long as other factors of authentication, such as card id and location are present… [0146] At step 148, the authentication logic 51 checks the factor flags that are on/off for an application. [0147] At step 150, the authentication logic verifies the authentication factors in the record against the pre-stored data for those factors.). Furthermore, Singhal discloses [0115] As shown in fig. 4C, the four different factor of remote user authentication using the card-device 12, as described above, may be used in different combinations of, any two-factors, any three-factor and as a four-factor device. In all of these options the card serial number is used to reference the authentication record in the authentication database 52. The one-factor that is required in all of these options is the card id, while other factors may be substituted with other factors for different applications with different security environments, however Singhal does not explicitly disclose other hand in the same field of endeavor, Guo discloses allowing use corresponding to privileges of an authenticated user to a user for which the second authentication was successful asking second factor after the first authentication factor ([0033] FIG. 3 illustrates example operations and communications (collectively at 300) for accessing a secure server using trusted device-specific authentication. In this example, assume a user wishes to access the secure server from his or her user device. The secure server is in a trust relationship with the account authority server, upon which it depends for authentication of users and devices. Within this trust relationship, the account authority service has knowledge of the security policies of the secure server and enforces said policies when it is asked to authenticate a user and/or device for access to the secure server. Depending upon whether the user provides both user credentials and device credentials, or just user credentials, the level of privilege authorized by the account authority service to the user for access to the secure server can vary. For example, authentication by both user credentials and device credentials may result in the account authority service granting a higher level of privilege to the user than for authentication by user credentials only, … abstract user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service, abstract, [0037] If the user-device-supplied credentials do not satisfy the security requirements of the secure server, the account authority service 316 may prompt the user device for addition credentials. For example, if the secure server requires a two-factor authentication, such as both user and device credentials, the account authority server may require the user to authenticate via a trusted device. Alternatively, if the device ID factor is not satisfied, the secure server may accept alternative second factors, such as HIP solutions, secret question responses (e.g., "Mother's maiden name"), etc.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Singhal with the teaching of Guo by including the feature of privilege levels, in order for Singhal’s system to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. User credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service (Singhal, abstract). 4.3. Claims 2-9 are rejected under 35 U.S.C. 103 as being unpatentable over Singhal and Guo as applied to claim above, and in view of US Patent Application No. 20150046990 to Oberheid et al (“Oberheid”). As per claim 2, the combination of Singhal and Guo discloses the invention as described above. Singhal discloses the information processing apparatus according to claim 1, wherein in the second authentication, in a case where the second attribute value does not include information indicating the type but the type can be identified, a user interface screen corresponding to the identified type of the second attribute value, and input corresponding to the type is accepted (Singhal, [0149], [0146], [0151]). Singhal and Guo do not explicitly disclose however, In the same field of endeavor, Oberheid discloses second attribute value is displayed on the user interface ([0061], Receiving a second biometric profile is preferably in response to or subsequent to initiating enrollment of a second device instance S132, … The user will preferably use an account setting page to request re-enrollment of a device. For example, when logging into a site, there may be a link for re-enrollment. In another variation shown in FIG. 13, a user can have the option of re-enrolling presented when accessing an authentication application. Upon user selection of this option in the authentication application, the authentication application proceeds to collect a second biometric sample and communicate with the device authentication service to determine if re-enrollment will be permitted). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Singhal with the teaching of Guo/ Oberheid by including the feature of a display, re-enrolment, in order for Singhal’s system to enhances security by ensuring only authorized users can access systems. A system and method that includes receiving a first biometric profile and associating the first biometric profile with a first application instance that is assigned as an authentication device of a first account; receiving a second biometric profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second biometric profile to the first biometric profile; and completing the request of the second application instance according to results of comparing the second biometric profile to the first biometric profile (Oberheid, abstract). As per claim 3, the combination of Singhal, and Guo discloses the information processing apparatus according to claim 2, wherein if the second authentication is successful, a user interface screen corresponding to the identified type of the second attribute value is displayed on the user interface, and input corresponding to information indicating the type is accepted, and on a basis of the input, the second attribute value including information (Singhal, [0151], [0149], [0146]). Singhal and Guo do not explicitly disclose however, In the same field of endeavor, Oberheid discloses authentication type is re-registered ([0061]). The motivation regarding the obviousness of claim 2 is also applied to claim 3. As per claim 4, the combination of Singhal and Guo discloses the information processing apparatus according to claim 1, wherein in the second authentication, in a case where the second attribute value is not set, a selection of a type of the second attribute value by a user is accepted, a user interface screen corresponding to the selected type of the second attribute value is displayed on the user interface, and input corresponding to information indicating the type is accepted, and on a basis of the input, the second attribute value including information (Singhal, [0151], [0149], [0146]). Singhal and Guo do not explicitly disclose however, In the same field of endeavor, Oberheid discloses authentication type is re-registered ([0061]). The motivation regarding the obviousness of claim 2 is also applied to claim 4. As per claim 5, the combination of Singhal and Guo discloses the information processing apparatus according to claim 1, wherein in a case where the second authentication is successful, if a type of the second attribute value is determined and the second attribute value of the user to be authenticated is not the determined type, a user interface screen corresponding to the determined type is displayed on the user interface, and input corresponding to the type is accepted, and on a basis of the input, the second attribute value including information (Singhal, [0151], [0149], [0146]). Singhal and Guo do not explicitly disclose however, In the same field of endeavor, Oberheid discloses authentication type is re-registered ([0061]). The motivation regarding the obviousness of claim 2 is also applied to claim 5. As per claim 6, the combination of Singhal, Guo and Oberheid discloses the information processing apparatus according to claim 1, wherein the first attribute value is card identification information read from a card, and the second attribute value is either a passcode or a pattern (Singhal, [0143] [0091], [0135] 1. Card S/N [0136] 2. Card ID (encrypted) [0137] 3. PIN) As per claim 8, the combination of Singhal, Guo and Oberheid discloses the information processing apparatus according to claim 6, wherein the second attribute value is stored in an identical region to the user information, and information indicating the type included in the second attribute value is information indicating whether the second attribute value stored in the region is a passcode or a pattern (Singhal, [0099]-[0100], figs. 4A, 4C and associated texts). As per claim 8, the combination of Singhal, Guo and Oberheid discloses the information processing apparatus according to claim 1, further comprising: an image forming device (Singhal [0043]-[0044]) As per claim 9, the combination of Singhal, Guo and Oberheid discloses the information processing apparatus according to claim 1, further comprising: a communication device (Singhal, fig. 4C item 15), wherein the user information is stored in an authentication server (Singhal, fig. 4C items 50, 52); connected to the communication device, the first authentication is performed by the authentication server, with an input value from a user being transmitted to the authentication server (Singhal, [0048], and the second authentication is performed, with second attribute value of a user for which the first authentication was successful being obtained from the authentication server ([0132], [0140]-[0141], also see [0147]-[0150]), Furthermore, Singhal discloses [0115] As shown in fig. 4C, the four different factor of remote user authentication using the card-device 12, as described above, may be used in different combinations of, any two-factors, any three-factor and as a four-factor device. In all of these options the card serial number is used to reference the authentication record in the authentication database 52. The one-factor that is required in all of these options is the card id, while other factors may be substituted with other factors for different applications with different security environments, however Singhal does not explicitly disclose other hand in the same field of endeavor, Guo discloses asking second factor after the first authentication factor ([0033], [0137] also see fig. 3, abstract).The motivation regarding the obviousness of claim 1 is also applied to claim 9. 5.1. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892). 5.2. a). US Patent Application No. US-20200250297 to Chae et al., discloses registration means of an authentication system (S) registers, for each user, first authentication information and second authentication information in storage means. First authentication means performs first authentication based on a similarity between the first authentication information that has been input and the registered first authentication information. Second authentication means performs second authentication based on a match between the second authentication information that has been input and the registered second authentication information. Restriction means restricts a plurality of users having similar first authentication information to each other from registering the same second authentication information as each other. a). US Patent Application No. 2016/0044044 to Takamiya et al., discloses an image forming apparatus controls the use of a remote user interface (RUI) by requesting authentication with an RUI access password from a client device in a case where the RUI access password is set. In a case of a department ID management setting, the security setting is different from the RUI access password setting. In this situation, the image forming apparatus requests authentication with the department ID, and then controls the use of the RUI based on the result of the authentication. Conclusion 6.. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. HARUNUR . RASHID Primary Examiner Art Unit 2497 /HARUNUR RASHID/Primary Examiner, Art Unit 2497