DETAILED ACTION
This office action is in response to the application filed on 05/04/2026. Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed on 05/04/2026 have been fully considered but they are not persuasive for the following reasons:
Applicant’s Argument:
For example, amended claim 1 recites to "receive a passcode that satisfies the passcode authentication; and display, on a lock screen, while multiple-factor authentication is activated due to the mobile device being in the untrusted location, an indication that the lockout is activated in response to the one or more multiple- factor authentication attempt failures, the one or more multiple-factor authentication attempt failures including receiving one or more biometric authentication attempt failures when the passcode satisfies the passcode authentication." Neither Alameh, Krzyzanowski, nor Han is cited as disclosing or suggesting activating a lockout despite receiving a passcode that satisfies the passcode authentication, due to the mobile device detecting it is in an untrusted location and activating multiple-factor authentication. Applicant notes that with respect to claim 1, Han is cited as teaching a determination that the first input meets the second unlock-failure criteria. Office Action at p. 4. However, there is no discussion in Han of receiving a satisfactory passcode yet still displaying the lock screen due to multiple-factor authentication requirements activated from being in an untrusted location. (Applicant’s response filed on 05/04/2026, page 8-9).
Examiner’s Response:
The Examiner respectfully disagrees. Han Col. 7 Ln. 20-31 teaches, “maintaining the device in the locked mode and adjusting unlock settings so that the device is enabled to be unlocked via an unlock operation in a first set of one or more unlock operations, and in accordance with a determination that the first input meets the second unlock-failure criteria, maintaining the device in a second set of one or more unlock operations that is different from the first set of unlock operations.” Which clearly establishes the teaching of despite a first unlock operation being correct displaying a second lock screen to a failure of another criterion. This alone does not fully teach the claimed limitation, but when taken in combination with the teaching of Krzyz ¶ 8 and 13, “The device includes a processor configured to determine whether the device is in a trusted location and alter the protected mode of the device if the device is determined to be in a trusted location. In another embodiment, the device can include a positioning system. Any suitable positioning system can be used, including, for example, a global positioning system, local positioning system or a geolocation system. The trusted location can be defined by a predetermined set of trusted geographic locations. In such case, the determining step can include the steps of determining the geographic location of the device via the positioning system, and comparing the determined geographic location of the device to the predetermined set of trusted geographic locations.” It would be obvious to one with ordinary skill in the art having the teachings of Krzyz and Han before them to include the multiple unlocking step of Han based off of certain criteria to include the elevated security based off of the devices location of Krzyz. One would be motived to do so to have enhanced security in untrusted locations with the goal of making it more difficult for an attacker to unlock a device.
Applicant's arguments with respect to amended claim(s) 1, 8, and 15 have been fully considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-5, 7-12, and 14-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Alameh (US 2020/0026830 A1), hereinafter Alameh in view of KRZYZANOWSKI (US 2012/0174237 A1), hereinafter Krzyz in further view of Han (US 9,898,642 B2), hereinafter Han.
Regarding Claim(s) 1, 8, and 15 Alameh teaches:
A method, comprising: (Alameh ¶ 15 teaches, methods and systems for gradually granting operational access to features of, applications operable on, or data stored in, an electronic device as an increasing number of authentication factors verify that an object within an environment of an electronic device is the authorized user of the electronic device. ¶ 17 teaches, comprised of one or more conventional processors and unique stored program instructions that control the one or more processors to implement. ¶ 100 teaches, A storage device, such as memory 205, can optionally store the executable software code used by the one or more processors 204 during operation.)
activating multiple-factor authentication on a mobile device (Alameh Fig. 1 ¶ 24 teaches, therein is one explanatory electronic device 100 configured in accordance with one or more embodiments of the disclosure. (The image shows a mobile phone). Some users can grant full access to the features, applications, or data of the electronic device when only two authentication factors sufficiently match predefined authentication references (i.e., multi-factor authentication)) …the multiple-factor authentication including biometric authentication and passcode authentication; (Alameh ¶ 174 teaches, the grant of additional operational access to features, applications, data, or other functionality of the electronic device occurs only when a user enters a PIN code or password (i.e., passcode authentication). ¶ 163 teaches, Examples of biometric factors include voiceprints, iris scans, retinal scans, fingerprints, or other biometric data. Biometric factors could also include receiving fingerprint data from different fingers.)
activating a biometric lockout in response to multiple biometric authentication attempt failures; (Alameh ¶ 39 teaches, if no facial changes or other motion are detected in the sequential authentication operations, the authentication concludes that the object being authenticated is inanimate. In such conditions one or more processors of the device may grant no additional operational access beyond that initially granted. In other embodiments, the one or more processors may simply lock the device.)
receiving a passcode that satisfies the passcode authentication; and (Alameh ¶ 150 teaches, the one or more processors 204 prompt, on the user interface 202, for one or more of a personal identification number or password.)
Alameh does not appear to explicitly teach but in related art:
in response to the mobile device being in an untrusted location, (Krzyz¶ 8 and 13 teaches, The device includes a processor configured to determine whether the device is in a trusted location and alter the protected mode of the device if the device is determined to be in a trusted location. In another embodiment, the device can include a positioning system. Any suitable positioning system can be used, including, for example, a global positioning system, local positioning system or a geolocation system. The trusted location can be defined by a predetermined set of trusted geographic locations. In such case, the determining step can include the steps of determining the geographic location of the device via the positioning system, and comparing the determined geographic location of the device to the predetermined set of trusted geographic locations. Krzyz teaches the concept of using a stronger security measure in an untrusted location. One would be motivated to choose a stronger security measure such as multi factor authentication as taught by Alameh.)
and display, on a lock screen, while multiple-factor authentication is activated due to the mobile device being in the untrusted location (Krzyz¶ 8 and 13 teaches, The device includes a processor configured to determine whether the device is in a trusted location and alter the protected mode of the device if the device is determined to be in a trusted location. In another embodiment, the device can include a positioning system. Any suitable positioning system can be used, including, for example, a global positioning system, local positioning system or a geolocation system. The trusted location can be defined by a predetermined set of trusted geographic locations. In such case, the determining step can include the steps of determining the geographic location of the device via the positioning system, and comparing the determined geographic location of the device to the predetermined set of trusted geographic locations. Krzyz teaches the concept of using a stronger security measure in an untrusted location. One would be motivated to choose a stronger security measure such as multi factor authentication as taught by Alameh.)
It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Alameh with Krzyz, to modify the multiple authentication system of Alameh with the trusted location for access to a device of Krzyz. The motivation to do so, Krzyz ¶ 78, the need for a user to frequently unlock the device 10 after a period of inactivity can be minimized.
Alameh in view of Krzyz does not appear to explicitly teach but in related art:
, an indication that the lockout is activated in response to the one or more multiple-factor authentication attempt failures, the one or more multiple- factor authentication attempt failures including receiving one or more biometric authentication attempt failures when the passcode [[that]] satisfies the passcode (Han Col. 7 Ln. 20-31 teaches, maintaining the device in the locked mode and adjusting unlock settings so that the device is enabled to be unlocked via an unlock operation in a first set of one or more unlock operations, and in accordance with a determination that the first input meets the second unlock-failure criteria, maintaining the device in a second set of one or more unlock operations that is different from the first set of unlock operations.)
It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Alameh with Krzyz, to modify the multiple authentication system of Alameh with the trusted location for access to a device of Krzyz with the multiple unlock criteria of Han. The motivation to do so, Han Col. 111. 60-65, to have more unlock operations that is different from the first.
Regarding Claim(s) 2, 9, and 16 Alameh-Krzyz-Han teaches:
The method of claim 8, (Alameh-Krzyz-Han teaches the parent claim above.) wherein the biometric authentication comprises one or more of face recognition, fingerprint recognition, voice recognition, or grip recognition. (Alameh ¶ 163 teaches, Examples of biometric factors include voiceprints, iris scans, retinal scans, fingerprints, or other biometric data. Biometric factors could also include receiving fingerprint data from different fingers.)
Regarding Claim(s) 3, 10, and 17 Alameh-Krzyz-Han teaches:
The method of claim 8, (Alameh-Krzyz-Han teaches the parent claim above.) wherein the passcode comprises one or more of a password, a personal identification number, or an input pattern. (Alameh ¶ 174 teaches, the grant of additional operational access to features, applications, data, or other functionality of the electronic device occurs only when a user enters a PIN code or password (i.e., passcode authentication).)
Regarding Claim(s) 4, 11, and 18 Alameh-Krzyz-Han teaches:
The method of claim 8, further comprising, (Alameh-Krzyz-Han teaches the parent claim above.) in response to the mobile device being in a trusted location, to:
deactivating the multiple-factor authentication on the mobile device; and (Krzyz ¶ 13 teaches, In another respect, embodiments are directed to an electrical device. The device has a protected mode in which the device automatically locks itself after a period of inactivity and an unprotected mode in which the device does not lock itself. The device includes a processor configured to determine whether the device is in a trusted location and alter the protected mode of the device if the device is determined to be in a trusted location.)
deactivating the biometric lockout. (Krzyz ¶ 8 teaches, In another embodiment, the device can include a positioning system. Any suitable positioning system can be used, including, for example, a global positioning system, local positioning system or a geolocation system. The trusted location can be defined by a predetermined set of trusted geographic locations. In such case, the determining step can include the steps of determining the geographic location of the device via the positioning system, and comparing the determined geographic location of the device to the predetermined set of trusted geographic locations.)
The motive given in Claim 8 is equally applicable to the above claim.
Regarding Claim(s) 5, 12, and 19 Alameh-Krzyz-Han teaches:
The method of claim 11, (Alameh-Krzyz-Han teaches the parent limitation above.) further comprising determining that the mobile device is in the trusted location based at least in part on a geographic location of the mobile device. (Krzyz ¶ 8 In another embodiment, the device can include a positioning system. Any suitable positioning system can be used, including, for example, a global positioning system, local positioning system or a geolocation system. The trusted location can be defined by a predetermined set of trusted geographic locations. In such case, the determining step can include the steps of determining the geographic location of the device via the positioning system, and comparing the determined geographic location of the device to the predetermined set of trusted geographic locations.)
The motive given in Claim 8 is equally applicable to the above claim.
Regarding Claim(s) 7, 14, and 20 Alameh-Krzyz-Han teaches:
The method of claim 11, (Alameh-Krzyz-Han teaches the parent claim above.) further comprising locking the mobile device in response to detecting that the mobile device has been moved, while the mobile device is locked, from the trusted location to a location that is not trusted. (Krzyz¶ 8 If the determined geographic location is within the predetermined set of trusted geographic locations, then the device is determined to be in a trusted location. ¶ 13 In another respect, embodiments are directed to an electrical device. The device has a protected mode in which the device automatically locks itself after a period of inactivity and an unprotected mode in which the device does not lock itself. The device includes a processor configured to determine whether the device is in a trusted location and alter the protected mode of the device if the device is determined to be in a trusted location.)
The motive given in Claim 8 is equally applicable to the above claim.
Claim(s) 6 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Alameh-Krzyz-Han as applied to claim 1 and 8 above, and further in view of Pattar (US 2018/0278612 A1), hereinafter Pattar.
Regarding Claim(s) 6, 13 Alameh-Krzyz-Han teaches:
The method of claim 11, (Alameh-Krzyz-Han teaches the parent claim above.)
Alameh-Krzyz-Han does not appear to explicitly teach but in related art:
further comprising determining that the mobile device is in the trusted location based at least in part on the mobile device being connected to a trusted device. (Pattar ¶ 9 teaches, the access management system may enable password-less authentication of a user associated with any of a trusted device and/or location.)
It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Alameh-Krzyz-Han with Pattar, to modify the multiple authentication system of Alameh with the trusted location for access to a device of Krzyz with the multiple unlock operations of Han with the trusted device of Pattar. The motivation to do so, Pattar ¶ 3, to control access to many different resources.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 11,227,036 B1 - Determination Of Authentication Assurance Via Algorithmic Decay
US 9,419,957 B1 - Confidence-based Authentication
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB BENEDICT KNACKSTEDT whose telephone number is (703)756-5608. The examiner can normally be reached Monday-Friday 8:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/J.B.K./Examiner, Art Unit 2408
/LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408