Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The present office action is responsive to communications received on 11/08/2024.
Status of Claims
Claims 1-20 are pending.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-2 and 9-10 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Katz-oz et al. (US 20180131692 A1) hereinafter referred to as Katz-oz.
With respect to claim 1, Katz-oz discloses: A system for ongoing multifactor authentication, the system comprising a computer device comprising at least one processor in communication with at least one memory device, wherein the at least one processor is programmed to: instruct a computer device to conduct a multifactor authentication of a user; (Katz-oz ¶88 “authentication methods with different levels of authentication (e.g. username and password vs. active audiovisual data)” which determine level of security)
calculate an authentication level for the user based upon the multifactor authentication of the user; (Katz-oz ¶87 “a bank may require minimal security for accessing stock exchange pages, but maximal security when accessing personal accounts.” ¶88 using the multi-factor authentication ¶89 wherein each authentication method has an associated “Predefined properties per each of the authentication methods.”).
continually monitor one or more actions of the user to determine additional authentication data; (Katz-oz ¶100-101 “The authentication control module 600 identifies a triggering event, originating either by a system condition or user action (e.g. when a user is accessing their bank account) for activating continuous passive monitoring (e.g. continuously produce camera image captures) (step 210) … the method of passive authentication (e.g. face recognition through continuous camera image captures) and appropriate authentication parameters (e.g. image capture rate) (step 212).”)
update the authentication level for the user based upon the additional authentication data; (Katz-oz ¶105 based on the continuous monitoring of authentication data “ascertain whether to make any adjustments [update] or refinements in the authentication process or any of its properties (step 220)”)
receive a request from the user to access a first content; access an authentication profile for the first content; compare the authentication profile to the updated authentication level for the user; and determine whether to grant access to the first content based upon the comparison. (It can be understood from Katz-oz ¶87, cited above, that if the user request is for “personal accounts” which the “bank may require” the “maximal security” then the bank would check if the authentication level matches the access request and the user authentication has to match the requirement of “maximal security” in order for the bank to grant them access to the “personal accounts”. See also Katz-oz ¶154 and 156-157 using content access authentication “user profile … Continuously, based on authentication sensitivity parameters, the process determines active prevention action or authentication action; (step 840). The action may include: Prompt user with requirements, stop session, enable or prevent from user privileged access or action (step 850)”).
With respect to claim 2, Katz-oz discloses: The system of Claim 1, wherein the at least one processor is further programmed to: retrieve an authentication level associated with the first content; and validate the first content based upon the authentication level associated with the first content. (Katz-oz ¶87, cited above, that if the user request is for “personal accounts” which the “bank may require” the “maximal security” then the bank would check if the authentication level matches the access request and the user authentication has to match the requirement of “maximal security” in order for the bank to grant them access to the “personal accounts”.)
With respect to claim 9, Katz-oz discloses: The system of Claim 1, wherein the authentication profile includes a required authentication level to be able to access the first content. (Katz-oz ¶87, cited above, that if the user request is for “personal accounts” which the “bank may require” the “maximal security” then the bank would check if the authentication level matches the access request and the user authentication has to match the requirement of “maximal security” in order for the bank to grant them access to the “personal accounts”.)
With respect to claim 10, Katz-oz discloses: The system of Claim 9, wherein the at least one processor is further programmed to: determine that the updated authentication level for the user is insufficient for the authentication profile; and request one or more additional authentication activities from the user to access the first content. (Katz-oz ¶151-152 teach reaching a sufficient authentication level by using incremental multi-factor authentication when reciting “a procedure of incremental enrollment can be implemented, receiving just a few sentences from the user at the beginning, and then requiring user to say additional sentences during the first login actions to serve as further enrollment process. The procedure of incremental enrollment can be implemented for each authentication method”).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 3-5, 15-16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Katz-oz as applied to claims 1-2 and 9-10 above, and further in view of Schmidt (US 20200169415 A1) hereinafter referred to as Schmidt.
With respect to claim 3, Katz-oz discloses: The system of Claim 1,
Katz-oz does not explicitly disclose: wherein the first content includes a security signature for a creator of the first content.
However, Schmidt in an analogous art discloses: wherein the first content includes a security signature for a creator of the first content. (Schmidt ¶106 discloses PDF is embedded with user ID, hash and high trust signature which is an indication of the level of the creator during creation of the PDF).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Katz-oz wherein the first content includes a security signature for a creator of the first content as taught by Schmidt to identify creator of content (see Schmidt ¶106).
With respect to claim 4, Katz-oz in view of Schmidt disclose: The system of Claim 3, wherein the security signature includes an identifier for the creator of the first content and an authentication level for the creator of the first content during creation of the first content. (Schmidt ¶106 discloses PDF is embedded with user ID, hash and high trust signature which is an indication of the level of the creator during creation of the PDF).
With respect to claim 5, Katz-oz in view of Schmidt disclose: The system of Claim 3, wherein the security signature includes a hash of the first content and the authentication level for the creator of the first content. (Schmidt ¶106 discloses PDF is embedded with user ID, hash and high trust signature which is an indication of the level of the creator during creation of the PDF. It is clear from Schmidt ¶107 that it is the “hash of the document”).
With respect to claim 15, Katz-oz discloses: A system for ongoing multifactor authentication, the system comprising a computer device comprising at least one processor in communication with at least one memory device, wherein the at least one processor is programmed to: instruct a computer device to conduct a multifactor authentication of a user; (Katz-oz ¶88 “authentication methods with different levels of authentication (e.g. username and password vs. active audiovisual data)” which determine level of security).
calculate an authentication level for the user based upon the multifactor authentication of the user; (Katz-oz ¶87 “a bank may require minimal security for accessing stock exchange pages, but maximal security when accessing personal accounts.” ¶88 using the multi-factor authentication ¶89 wherein each authentication method has an associated “Predefined properties per each of the authentication methods.”).
continually monitor one or more actions of the user to determine additional authentication data; (Katz-oz ¶100-101 “The authentication control module 600 identifies a triggering event, originating either by a system condition or user action (e.g. when a user is accessing their bank account) for activating continuous passive monitoring (e.g. continuously produce camera image captures) (step 210) … the method of passive authentication (e.g. face recognition through continuous camera image captures) and appropriate authentication parameters (e.g. image capture rate) (step 212).”)
update the authentication level for the user based upon the additional authentication data; (Katz-oz ¶105 based on the continuous monitoring of authentication data “ascertain whether to make any adjustments [update] or refinements in the authentication process or any of its properties (step 220)”)
Katz-oz does not explicitly disclose: receive a first content item from the user; generate a security signature for the first content item based upon the updated authentication level for the user; and add the security signature to the first content item.
However, Schmidt in an analogous art discloses: receive a first content item from the user; generate a security signature for the first content item based upon the updated authentication level for the user; and add the security signature to the first content item. (Schmidt ¶106 discloses PDF is embedded with user ID, hash and high trust signature which is an indication of the level of the creator during creation of the PDF. Schmidt ¶106 discloses PDF is embedded with user ID, hash and high trust signature which is an indication of the level of the creator during creation of the PDF. It is clear from Schmidt ¶107 that it is the “hash of the document”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Katz-oz with receive a first content item from the user; generate a security signature for the first content item based upon the updated authentication level for the user; and add the security signature to the first content item as taught by Schmidt to identify creator of content (see Schmidt ¶106).
With respect to claim 16, Katz-oz in view of Schmidt disclose: The system of Claim 15, wherein the security signature includes a hash of the first content item and the authentication level for the user. (Schmidt ¶106 discloses PDF is embedded with user ID, hash and high trust signature which is an indication of the level of the creator during creation of the PDF. It is clear from Schmidt ¶107 that it is the “hash of the document”).
With respect to claim 18, Katz-oz in view of Schmidt disclose: The system of Claim 15, wherein the at least one processor is further programmed to store an authentication profile with the first content item that includes a required authentication level to be able to access the first content. (Katz-oz ¶87, cited above, that if the user request is for “personal accounts” which the “bank may require” the “maximal security” then the bank would check if the authentication level matches the access request and the user authentication has to match the requirement of “maximal security” in order for the bank to grant them access to the “personal accounts”. See also Katz-oz ¶154 and 156-157 using content access authentication “user profile … Continuously, based on authentication sensitivity parameters, the process determines active prevention action or authentication action; (step 840). The action may include: Prompt user with requirements, stop session, enable or prevent from user privileged access or action (step 850)”)
Claim(s) 6 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Katz-oz and Schmidt as applied to claims 1-5, 9-10, 15-16 and 18 above, and further in view of Avni et al. (US 20140281946 A1) hereinafter referred to as Avni.
With respect to claim 6, Katz-oz in view of Schmidt disclose: The system of Claim 5,
Katz-oz in view of Schmidt do not explicitly disclose: wherein the at least one processor is further programmed to: retrieve a copy of the hash from a third-party server; and compare the copy of the hash from the third-party server to the hash from the security signature to validate the first content.
However, Avni in an analogous art discloses: wherein the at least one processor is further programmed to: retrieve a copy of the hash from a third-party server; and compare the copy of the hash from the third-party server to the hash from the security signature to validate the first content. (Avni ¶247 (illustrated in Avni Fig. 10) teaches user request access and obtaining user signature for authentication and ¶¶250-251 disclose the hash from the signature is compared to hash held by the authentication server to validate signature of user with signature associated with the content).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level and signature disclosed by Katz-oz in view of Schmidt wherein the at least one processor is further programmed to: retrieve a copy of the hash from a third-party server; and compare the copy of the hash from the third-party server to the hash from the security signature to validate the first content as taught by Avni to ensure access is secure by using hash comparison (see Avni ¶251).
With respect to claim 17, Katz-oz in view of Schmidt disclose: The system of Claim 16,
Katz-oz in view of Schmidt do not explicitly disclose: wherein the at least one processor is further programmed to store a copy of the hash with a third-party server to be used to validate the first content item.
However, Avni in an analogous art discloses: wherein the at least one processor is further programmed to store a copy of the hash with a third-party server to be used to validate the first content item. (Avni ¶247 (illustrated in Avni Fig. 10) teaches user request access and obtaining user signature for authentication and ¶¶250-251 disclose the hash from the signature is compared to hash held by the authentication server to validate signature of user with signature associated with the content).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level and signature disclosed by Katz-oz in view of Schmidt wherein the at least one processor is further programmed to store a copy of the hash with a third-party server to be used to validate the first content item as taught by Avni to ensure access is secure by using hash comparison (see Avni ¶251).
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Katz-oz as applied to claims 1-2 and 9-10 above, and further in view of Hustad et al. (US 11899814 B1) hereinafter referred to as Hustad.
With respect to claim 7, Katz-oz discloses: The system of Claim 1,
Katz-oz does not explicitly disclose: wherein the first content is encrypted.
However, Hustad in an analogous art discloses: wherein the first content is encrypted. (Hustad 7: 20-35 “identifying an encryption method specified by the corresponding security level for the particular one of the plurality of data elements 108; encrypting the particular one of the plurality of data elements 108 using the encryption method associated with the particular one of the plurality of data elements 108 to produce an encrypted data element;”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level disclosed by Katz-oz wherein the first content is encrypted as disclosed by Hustad to secure the data (see Hustad 7: 20-35).
Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Katz-oz and Schmidt as applied to claim 15 above, and further in view of Hustad et al. (US 11899814 B1) hereinafter referred to as Hustad.
With respect to claim 19, Katz-oz in view of Schmidt disclose: The system of Claim 15,
Katz-oz does not explicitly disclose: wherein the first content item is encrypted.
However, Hustad in an analogous art discloses: wherein the first content item is encrypted. (Hustad 7: 20-35 “identifying an encryption method specified by the corresponding security level for the particular one of the plurality of data elements 108; encrypting the particular one of the plurality of data elements 108 using the encryption method associated with the particular one of the plurality of data elements 108 to produce an encrypted data element;”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level disclosed by Katz-oz wherein the first content item is encrypted as disclosed by Hustad to secure the data (see Hustad 7: 20-35).
Claim(s) 8 and 11-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Katz-oz as applied to claims 1-2 and 9-10 above, and further in view of Thoren et al. (US 10235533 B1) hereinafter referred to as Thoren.
With respect to claim 8, Katz-oz discloses: The system of Claim 1,
Katz-oz does not explicitly disclose: wherein the first content is locked from being changed.
However, Thoren in an analogous art discloses: wherein the first content is locked from being changed. (Thoren 17:50-60 teach content is blocked from view which would mean it cannot be changed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level disclosed by Katz-oz wherein the first content is locked from being changed as disclosed by Thoren to prevent an unauthorized user from editing or viewing the data (see Thoren 17:50-60).
With respect to claim 11, Katz-oz discloses: The system of Claim 1, wherein the at least one processor is further programmed to:
Katz-oz does not explicitly disclose: receive a listing of a plurality of content items, wherein each content item includes a required authentication level to access; compare the updated authentication level of the user the plurality of required authentication levels to access; and filter and display at least a portion of the plurality of content items based upon the comparison.
However, Thoren in an analogous art discloses: receive a listing of a plurality of content items, wherein each content item includes a required authentication level to access; (Thoren 33:5-15 “the computer system 800 determines the access category level [required authentication level] of the database-linked information it has obtained in block 922.”).
compare the updated authentication level of the user the plurality of required authentication levels to access; and filter and display at least a portion of the plurality of content items based upon the comparison. (Thoren 33:15-35 “In block 928, the computer system 800 compares the stored access category level of each user with the access category level of the data or artifact as determined in block 926. Based on a determination of whether a particular user has the appropriate access category level, the computer system 800, in block 930 causes display of the updated electronic visualization interface to user with the appropriate access category levels”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level disclosed by Katz-oz with receive a listing of a plurality of content items, wherein each content item includes a required authentication level to access; compare the updated authentication level of the user the plurality of required authentication levels to access; and filter and display at least a portion of the plurality of content items based upon the comparison as taught by Thoren to allow user to see data they are only allowed to see (see Thoren 33:15-35).
With respect to claim 12, Katz-oz in view of Thoren disclose: The system of Claim 11, wherein the at least one processor is further programmed to prevent display of content items of the plurality of content items that the updated authentication level is insufficient to access. (Thoren 33:15-35 “In block 928, the computer system 800 compares the stored access category level of each user with the access category level of the data or artifact as determined in block 926. Based on a determination of whether a particular user has the appropriate access category level, the computer system 800, in block 930 causes display of the updated electronic visualization interface to user with the appropriate access category levels”).
With respect to claim 13, Katz-oz in view of Thoren disclose: The system of Claim 11, wherein the at least one processor is further programmed to display an indicator of the required authentication level for each displayed content item listing. (Thoren 17:20-30 “the indicator 190 also displays the required access category level so that the user may know who has access to the information”).
With respect to claim 14, Katz-oz in view of Thoren disclose: The system of Claim 11, wherein the request from the user to access a first content is from a user selection of the first content from the plurality of content items. (Thoren 17-5-35 teach user selection of content to access).
Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Katz-oz and Schmidt as applied to claims 1-5, 9-10, 15-16 and 18 above, and further in view of Thoren et al. (US 10235533 B1) hereinafter referred to as Thoren.
With respect to claim 20, Katz-oz in view of Schmidt disclose: The system of Claim 15,
Katz-oz does not explicitly disclose: wherein the first content item is locked from being changed.
However, Thoren in an analogous art discloses: wherein the first content item is locked from being changed. (Thoren 17:50-60 teach content is blocked from view which would mean it cannot be changed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify user access level disclosed by Katz-oz wherein the first content item is locked from being changed as disclosed by Thoren to prevent an unauthorized user from editing or viewing the data (see Thoren 17:50-60).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322. The examiner can normally be reached Mon to Fri 8:00AM - 4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HANY S. GADALLA/Primary Examiner, Art Unit 2493