Obviousness

US patent 10783228 describes an application software start-up method and system that performs user authentication based on static biometric information, determines a user's state by comparing dynamic biometric information with previously measured data, and then limits application software to be started based on a predefined permission level assigned to each application and the determined user state. The patent also discusses forcibly locking the device based on the determined user state.

Prior Art Reference:
The patent identifies one background art reference:

• JP 2005-293209 A (Patent Document 1)

Analysis of Patent Document 1 as described in US10783228:
US10783228 explains that Patent Document 1 addresses a problem with existing biometric authentication, where static biometric information alone cannot determine a user's intention. This leaves systems vulnerable if a user is coerced into performing illegal operations.

Patent Document 1's solution involves:

• A "physical feature information measuring unit" to measure biometric information indicating a physical feature.
• A "biometrics authentication unit" for user identification based on this physical feature.
• An "emotional feature information measuring unit" to measure biometric information indicating an emotional feature.
• An "emotional biometrics determination unit" to determine a user's mental state based on the emotional feature.
• An "integrated authentication unit" that determines if it is an authorized user and if the operation is according to the user's intention, based on both the user identification result and the mental state determination result.

US10783228 acknowledges that Patent Document 1 can detect situations where a user is threatened, and can "check the 'user's will' and the 'user's intension' for the operation of the user". However, US10783228 states that a limitation of Patent Document 1 is that "checking of the 'user's will' and the 'user's intension' is not necessarily necessary for all pieces of application software, and there are application software in which no checking is necessary and application software in which additional checking of the 'state of the user' is desirable".

Obviousness Analysis under 35 U.S.C. § 103:

A person having ordinary skill in the art (PHOSITA) in the field of information processing device security and application management would be familiar with:

• Biometric authentication using static features (e.g., fingerprints).
• Monitoring physiological signs (e.g., heart rate, blood pressure, body temperature) to infer a user's physical or emotional state.
• The concept of assigning different permission or security levels to various applications based on their sensitivity or potential impact (e.g., a banking app versus a calculator app).
• Implementing access controls based on user identity and/or context.

The inventive step claimed by US10783228 lies primarily in "limiting application software to be started according to the determined state of the user based on a permission level which is set to each application software in advance".

Combination of Prior Art References and Motivation:

The claims of US10783228 would be rendered obvious by combining Patent Document 1 (JP 2005-293209 A) with the general knowledge of application permission systems in the field of computer security.

1. Patent Document 1 provides the core authentication and state determination: Patent Document 1 clearly teaches a system that performs user identification using static biometric information and determines a user's mental state/intention using emotional biometric information. It further combines these to perform an "integrated authentication" that verifies both the user's identity and their intention for an operation. This directly corresponds to US10783228's steps of "performing user authentication based on static biometric information" and "determining a state of a user by comparing dynamic biometric information acquired from a body of the user with dynamic biometric information which is measured in advance". The types of biometric information (e.g., fingerprint for static; heart rate, blood pressure, body temperature for dynamic/emotional) are either explicitly mentioned or broadly encompassed by the descriptions in both documents.

2. General knowledge of application permission systems provides the limiting mechanism: It is common knowledge in computer science and security to assign different applications varying "permission levels" or security classifications. For example, operating systems and application stores routinely categorize applications by the data they can access or the system functions they can utilize. Sensitive applications (e.g., online banking, e-money) are inherently understood to require higher security or more stringent access conditions than less sensitive applications (e.g., a clock, weather app).

Motivation for Combination:

A PHOSITA would have been motivated to combine the integrated authentication system of Patent Document 1 with the known concept of application permission levels for the following reasons:

• Addressing the identified problem: US1073228 itself explicitly identifies the problem with Patent Document 1 as the lack of differentiation in checking "user's will" for various applications. This problem statement directly motivates a PHOSITA to devise a mechanism to apply the "user's intention" determination (from Patent Document 1) selectively. If a system can determine the user's intention or mental state, it is a logical and obvious step to use this contextual information to regulate access to different applications based on their sensitivity.
• Improving security and usability: By combining Patent Document 1's ability to discern a user's mental state (e.g., normal, sleep, stress) with predefined application permission levels, a PHOSITA would recognize that security could be enhanced. For instance, if the user is in a "stress state" (which could imply coercion or impaired judgment), restricting access to high-risk applications (e.g., e-money, online banking) while still allowing less sensitive ones (e.g., clock, web browser) provides a sensible balance between security and usability. This prevents unauthorized or coerced operations on critical applications, which is a core concern highlighted by Patent Document 1.
• Predictable design choices: The implementation of tiered "permission levels" for software is a well-established practice in information security. Mapping the outcomes of Patent Document 1's "integrated authentication unit" (which determines identity and intention) to these existing security frameworks would be a predictable and straightforward design choice for a PHOSITA seeking to build a robust and user-friendly system. The specific examples given in US10783228 (e.g., locking the device in "sleep state," permitting only basic apps in "stress state," allowing all in "normal state") are direct and logical consequences of applying this combination.

Therefore, the combination of Patent Document 1's method for determining user identity and intention with the general knowledge of application permission levels and the motivation to apply varying security measures based on user context would render the claims of US10783228 obvious to a PHOSITA.