Detailed Action
This is a Non-final Office action in response to communications received on 12/24/2020.  Claims 3 and 4 were amended. Claims 1, 3-8 and 10-19 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/25/2020 has been entered.

Response to Arguments
Applicant’s amendments, filed 12/24/2020, to claim 3, correcting the claim to recite “The method according to claim 1” is sufficient to overcome the objection to the aforementioned claim.  Accordingly, the objection to claim 3, as filed in (8) of the Final Office action filed 9/28/2020, is withdrawn.  
Applicant’s arguments regarding the rejection under 35 U.S.C. 103 of the claims under Sandhu and Caceres have been considered, and are found unpersuasive.
Applicant argues on pages 10-11 of the Remarks, filed 12/24/2020, that Sandhu and Caceres fail to disclose “forming, at the client device, a key pair based on [either a] user specific data element[ comprising biometric data relating to the user, or a user password], a previously selected data element stored at the client device and an ID of the user, wherein the key pair comprises a public and a private key, and wherein the previously selected data element comprises information individually selected by the user” because “the sequence in which the user provides different fingerprints is not ‘stored at the client device’ as provided for by claims 1, 8, and 10. In fact, the user must provide the fingerprints in a specific sequence. Thus, while the ‘serial number’ (which the Examiner interprets as the ‘user specific data element’) may be ‘stored at the user devices’ as alleged by the Examiner, the claims provide that the ‘previously selected data element compris[ing] information individually Serial No. 15/775,100Page 11 of 14 selected by the user’ is the item that is actually stored at the client device. In the Final Office Action, the Examiner alleges that the ‘previously selected data element compris[ing] information individually selected by the user’ is the ‘user selected sequence of fingerprints previously provided,’ which - as noted above - is not stored at the user device as claimed”, however Examiner respectfully disagrees. It is the combination of both Sandhu and Caceres which teaches the limitation of “forming, at the client device, a key pair based on the user specific data element, a previously selected data element stored at the client device and an ID of the user”. Sandhu teaches, in paragraphs [0034], [0040]-[0041], [0077] & [0079], that the key pair is formed based on multiple factors for the generation of a first portion of an 
In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
Applicant argues on page 13 of the Remarks, filed 12/24/2020, that “The Examiner appears to allege that the ‘password’ of Sandhu is the ‘user specific data element’ and that the biometric information of Caceres is the ‘ID of the user’ of claims 1, 8, and 10. Final Office Action at pages 3-4. However, these claims specify that the ‘user specific data element comprises biometric data relating to the user.’ Thus, a password cannot be the ‘user specific data element’ of claims 1, 8, 10”, however, Examiner respectfully disagrees. It is “information associated with the identification information of the user” of Caceres which teaches “ID of the user” which is used to form a key pair. 
Applicant argues on page 13 of the Remarks, filed 12/24/2020, that “the Examiner alleges that the ‘password’ of Sandhu is the ‘user specific data element’ and that the ‘sequence of fingerprints’ of Caceres is the ‘previously selected data element’ of the claims. Final Office Action at page 19-22. These claims, however, recite forming ‘a key pair based on a user password, a previously selected data element and an ID of the user’ and not ‘biometric data’ of the user”, however, Examiner respectfully disagrees. As argued in paragraph 4 of the final rejection, filed 9/28/2020, the sequence of fingerprints (or rather, the order in which they are input) is information which is not necessarily the biometric information of the fingerprint itself. Therefore, it would not necessarily be the biometric data of the fingerprint which would be utilized to form the key pair.
Applicant argues on page 13 of the Remarks, filed 12/24/2020, that “It is unclear how one could combine a "user selected sequence of fingerprints previously provided" and a user password to form a key pair ", however, Examiner respectfully disagrees. As previously stated, Caceres teaches in paragraphs [0012] and [0039]-[0041] generating a public/private key pair based on biometric information associated with identification information for the user (i.e. an ID of the user) and a sequence of fingerprints (as in paragraph [0041] where a fingerprint sequence is used in the generation of a matching private key) which is either provided or selected by the user at the time of enrollment (i.e. previously selected data element). The sequence of fingerprints, which may be selected by a user at the time of enrollment (i.e. previously) is used in generation of the public/private key pair. Sandhu also teaches, as previously stated, in paragraphs how to generate a key pair from this information.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Consequently, the rejection of the claims under 35 U.S.C. 103 is sustained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-5, 7-8 and 10-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sandhu (US 2010/0202609 A1), further in view of Caceres (US 2016/0381003 A1).
Regarding claim 1, Sandhu teaches the limitations of claim 1 substantially as follows:
A computer-implemented method for single sign-on of a user operating a client device connected to an authentication server using a network connection, the method comprising the steps of: (Sandhu; Paras. [0033], [0042] & [0091]-[0094]: A processor implemented method (i.e. computer-implemented method) for single sign-on of a user operating a user device (i.e. client device) connected to a sponsor station/merchant server (i.e. authentication server) via a network (i.e. using a network connection))
receiving, at the client device, a user specific data element, (Sandhu; Paras. [0040]-[0041]: Inputting into the user device (i.e. receiving at the client device) a user password (i.e. user specific data element)) 
forming, at the client device, a key pair based on the user specific data element, a data element stored at the client device (Sandhu; Paras. [0034], [0040]-[0041], [0077] & [0079]: Generating (i.e. forming), at the user device (i.e. client device), a key pair based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device (i.e. data element) stored on a user device (i.e. stored at the client device) including a user password (i.e. user specific data element))
wherein the key pair comprises a public and a private key, and (Sandhu; Para. [0067], [0077] & [0079]: A key pair containing a public and a private key (i.e. comprises a public and private key))
receiving, at the server, a request for authentication; (Sandhu; Paras. [0072]-[0073] & [0086]: A server logged in with the sponsor station receives (i.e. receiving, at the server) a user ID from the user in order to be authenticated and a request to initiate the process of key association with the user (i.e. a request for authentication))
transmitting, from the server to the client device, a challenge data element; (Sandhu; Para. [0087]: The sponsor station sends (i.e. transmitting, from the server) to the user device (i.e. to the client device), a challenge (i.e. a challenge data element))
signing, at the client device, the challenge data element using the private key; (Sandhu; Paras. [0065], [0087]-[0088] & [0096]: The user device signs (i.e. signing at the client device) the challenge (i.e. the challenge data element) using a private key)
transmitting, from the client device to the server, a signed version of the challenge data element, and (Sandhu; Paras. [0088] & [0096]: Transmitting, from the user device (i.e. from the client device) to the sponsor station (i.e. to the server) a signed permission request containing the challenge (i.e. a signed version of the challenge data element))
authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user. (Sandhu; Paras. [0018], [0043], [0089], [0096]-[0097]: The sponsor station authenticates the user operated user device (i.e. authenticating, at the server, the user) by decrypting (i.e. validating) the signed challenge (signed version of the challenge data element) using a stored public key of the user (i.e. previously stored public key relating to the user))
Sandhu does not teach the limitations of claim 1 as follows:
wherein the user specific data element comprises biometric data relating to the user;
forming a key pair based on an ID of the user and a previously selected data
wherein the previously selected data element comprises information individually selected by the user;

wherein the user specific data element comprises biometric data relating to the user;  (Caceres; Para. [0012]: User identification information (i.e. user specific data element) includes user biometric data (i.e. biometric data relating to the user))
 forming a key pair based on an ID of the user and a previously selected data element (Caceres; Paras. [0012], [0039]-[0041] & [0090]: Generating a key pair using information associated with the identification information for the user (i.e. based on an ID of the user) and a user selected sequence of fingerprints previously provided at a time of enrollment (i.e. previously selected data element))
wherein the previously selected data element comprises information individually selected by the user; (Caceres; Paras. [0039]-[0041] & [0090]: A user selected sequence of fingerprints previously provided (i.e. previously selected data element) comprised of a user selected sequence and user selected quantity of fingerprints (i.e. information individually selected by the user))
 Caceres is combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu to incorporate the ID based key pair generation and biometric data as user identification information as in Caceres in order to enable the key pair to be generated from forms of user authentication that the user does not have 

Regarding claim 3, Sandhu and Caceres teach the limitations of claim 1.
Caceres teaches the limitations of claim 3 as follows:
The method according to claim [[3]] 1, wherein the biometric data relates to at least one of information relating to a fingerprint, an iris, a retina, a palm print, a voice print, DNA, a handwritten signature, and behavioral biometrics for the user. (Caceres; Paras. [0001], [0012] & [0021]: User biometric data includes fingerprints and iris characteristics)
 Caceres is further combinable with Sandhu because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have further modified the system of Sandhu to incorporate the various forms of biometric data as in Caceres in order to expand the types of data that can be utilized to authenticate a user.
 
Regarding claim 4, Sandhu and Caceres teach the limitations of claim 3.
Caceres teaches the limitations of claim 4 as follows:
The method according to claim [[3]] 1, further comprising wirelessly connecting an electronic device to the client device, (Caceres; Paras. [0009]-[0010] & [0022]: A wireless network connection (i.e. wirelessly connecting) between an enrollment device (i.e. electronic device) to the cloud/server device (i.e. client device))
wherein the electronic device is provided with a software application and/or a sensor for collecting the biometric data and for providing the biometric data to the client device.  (Caceres; Paras. [0009]-[0010], [0022] & [0029]-[0033]: The enrollment device (i.e. electronic device) contains a input component (i.e. a sensor) for sensing biometric information (i.e. for collecting the biometric data) and a communication interface for sending the information to the server device (i.e. providing the biometric data to the client device))
 Caceres is further combinable with Sandhu because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have further modified the system of Sandhu to incorporate the enrollment device for sensing and sending the biometric information as in Caceres in order to portably collect biometric information.
 
Regarding claim 5, Sandhu and Caceres teach the limitations of claim 1.
Sandhu teaches the limitations of claim 5 as follows:
The method according to claim 1, further comprising the step of: - registering the user at the server by providing the ID of the user and the public key from the client device to the server. (Sandhu; Paras. [0065], [0073]-[0074] & [0077]: Storing new user associated user data (i.e. registering the user) at the sponsor station (i.e. at the server) by sending (i.e. providing) the user ID and non-private key (i.e. the public key) from the user device (i.e. from the client device) to the sponsor station (i.e. to the server))

Regarding claim 7, Sandhu and Caceres teach the limitations of claim 3.
Caceres teaches the limitations of claim 7 as follows:
The method according to claim 3, wherein the user specific data element comprises a combination of the biometric data relating to the user and a user password.  (Caceres; Paras. [0013]-[0014]: Information for authenticating a user (i.e. user specific data element) includes a combination of user biometric information (i.e. biometric data relating to the user) and a user password)
Caceres is further combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu to incorporate a combined password and biometric data as authentication information as in Caceres in order to improve the security of the system by requiring multiple forms of authentication information.

Regarding claim 8, Sandhu teaches the limitations of claim 8 substantially as follows:
An authentication system comprising at least a client device and an authentication server connected there-between using a network connection, each of the client device and the authentication server including one or more hardware processors, the authentication system configured for single sign-on of a user operating the client device, the authentication system configured for: (Sandhu; Paras. [0031], [0033], [0042] & [0091]-[0094]: A cryptosystem for authenticating (i.e. authentication system) a user comprising a user device (i.e. client device) and a sponsor station/merchant server (i.e. authentication server), containing processors, connected via a network (i.e. using a network connection) for single sign-on of a user operating a user device (i.e. client device))
receiving, at the client device, a user specific data element, (Sandhu; Paras. [0040]-[0041]: Inputting into the user device (i.e. receiving at the client device) a user password (i.e. user specific data element))
forming, at the client device, a key pair based on the user specific data element, a data element stored at the client device (Sandhu; Paras. [0034], [0040]-[0041], [0077] & [0079]: Generating (i.e. forming), at the user device (i.e. client device), a key pair based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device (i.e. data element) stored on a user device (i.e. stored at the client device) including a user password (i.e. user specific data element))
wherein the key pair comprises a public and a private key, and (Sandhu; Para. [0067], [0077] & [0079]: A key pair containing a public and a private key (i.e. comprises a public and private key))
receiving, at the server, a request for authentication; (Sandhu; Paras. [0072]-[0073] & [0086]: A server logged in with the sponsor station receives (i.e. receiving, at the server) a user ID from the user in order to be authenticated and a request to initiate the process of key association with the user (i.e. a request for authentication))
transmitting, from the server to the client device, a challenge data element; (Sandhu; Para. [0087]: The sponsor station sends (i.e. transmitting, from the server) to the user device (i.e. to the client device), a challenge (i.e. a challenge data element))
signing, at the client device, the challenge data element using the private key; (Sandhu; Paras. [0065], [0087]-[0088] & [0096]: The user device signs (i.e. signing at the client device) the challenge (i.e. the challenge data element) using a private key)
transmitting, from the client device to the server, a signed version of the challenge data element, and (Sandhu; Paras. [0088] & [0096]: Transmitting, from the user device (i.e. from the client device) to the sponsor station (i.e. to the server) a signed permission request containing the challenge (i.e. a signed version of the challenge data element))
authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user.  (Sandhu; Paras. [0018], [0043], [0089], [0096]-[0097]: The sponsor station authenticates the user operated user device (i.e. authenticating, at the server, the user) by decrypting (i.e. validating) the signed challenge (signed version of the challenge data element) using a stored public key of the user (i.e. previously stored public key relating to the user))
Sandhu does not teach the limitations of claim 8 as follows:
wherein the user specific data element comprises biometric data relating to the user;
forming a key pair based on an ID of the user and a previously selected data
wherein the previously selected data element comprises information individually selected by the user;
However, in the same field of endeavor, Caceres discloses the limitations of claim 8 as follows:
wherein the user specific data element comprises biometric data relating to the user; (Caceres; Para. [0012]: User identification information (i.e. user specific data element) includes user biometric data (i.e. biometric data relating to the user))
forming a key pair based on an ID of the user and a previously selected data element (Caceres; Paras. [0012], [0039]-[0041] & [0090]: Generating a key pair using information associated with the identification information for the user (i.e. based on an ID of the user) and a user selected sequence of fingerprints previously provided during enrollment (i.e. previously selected data element))
wherein the previously selected data element comprises information individually selected by the user; (Caceres; Paras. [0039]-[0041] & [0090]: A user selected sequence of fingerprints previously provided (i.e. previously selected data element) comprised of a user selected sequence and user selected quantity of fingerprints (i.e. information individually selected by the user))
Caceres is combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu to incorporate the ID based key pair generation and biometric data as user identification information as in Caceres in order to enable the 

Regarding claim 10, Sandhu teaches the limitations of claim 10 substantially as follows:
A computer program product comprising a non- transitory computer readable medium having stored thereon computer program means for a user operated client device and an authentication server in network connection there-between, wherein the computer program product comprises: (Sandhu; Paras. [0033], [0042], [0057] & [0091]-[0094]: Stored computer programming instructions (i.e. computer program product comprising a non-transitory computer readable medium having stored thereon computer programming means) implemented by a processor for single sign-on of a user operating a user device (i.e. user operated client device) connected to a sponsor station/merchant server (i.e. authentication server) via a network (i.e. a network connection there-between))
code for receiving, at the client device, a user specific data element, (Sandhu; Paras. [0040]-[0041] & [0057]: Code for inputting into the user device (i.e. receiving at the client device) a user password (i.e. user specific data element))
code for forming, at the client device, a key pair based on the user specific data element, a data element stored at the client device (Sandhu; Paras. [0034], [0040]-[0041], [0057], [0077] & [0079]: code for generating (i.e. code for forming), at the user device (i.e. client device), a key pair based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device (i.e. data element) stored on a user device (i.e. stored at the client device) including a user password (i.e. user specific data element))
wherein the key pair comprises a public and a private key, and (Sandhu; Para. [0067], [0077] & [0079]: A key pair containing a public and a private key (i.e. comprises a public and private key))
code for receiving a request for authentication; (Sandhu; Paras. [0057] & [0072]-[0073] & [0086]: Code for a server logged in with the sponsor station to receive (i.e. receiving, at the server) a user ID from the user in order to be authenticated and a request to initiate the process of key association with the user (i.e. a request for authentication))
code for transmitting a challenge data element; (Sandhu; Paras. [0057] & [0087]: Code for a sponsor station to send (i.e. transmitting) to the user device a challenge (i.e. a challenge data element))
code for signing the challenge data element using the private key; (Sandhu; Paras. [0057], [0065], [0087]-[0088] & [0096]: Code for the user device to sign (i.e. signing) the challenge (i.e. the challenge data element) using a private key)
code for transmitting a signed version of the challenge data element, and (Sandhu; Paras. [0057], [0088] & [0096]: Code for transmitting, from the user device to the sponsor station a signed permission request containing the challenge (i.e. a signed version of the challenge data element))
code for authenticating the user by validating the signed version of the challenge data element using a previously stored public key relating to the user.  (Sandhu; Paras. [0018], [0043], [0057], [0089], [0096]-[0097]: Code for the sponsor station to authenticate the user operated user device (i.e. authenticating the user) by decrypting (i.e. validating) the signed challenge (signed version of the challenge data element) using a stored public key of the user (i.e. previously stored public key relating to the user))
Sandhu does not teach the limitations of claim 10 as follows:
wherein the user specific data element comprises biometric data relating to the user;
forming a key pair based on an ID of the user and a previously selected data
wherein the previously selected data element comprises information individually selected by the user;
However, in the same field of endeavor, Caceres discloses the limitations of claim 10 as follows:
wherein the user specific data element comprises biometric data relating to the user; (Caceres; Para. [0012]: User identification information (i.e. user specific data element) includes user biometric data (i.e. biometric data relating to the user))
forming a key pair based on an ID of the user and a previously selected data element (Caceres; Paras. [0012], [0039]-[0041] & [0090]: Generating a key pair using information associated with the identification information for the user (i.e. based on an ID of the user) and a user selected sequence of fingerprints previously provided during enrollment (i.e. previously selected data element))
wherein the previously selected data element comprises information individually selected by the user; (Caceres; Paras. [0039]-[0041] & [0090]: A user selected sequence of fingerprints previously provided (i.e. previously selected data element) comprised of a user selected sequence and user selected quantity of fingerprints (i.e. information individually selected by the user))
Caceres is combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu to incorporate the ID based key pair generation and biometric data as user identification information as in Caceres in order to enable the key pair to be generated from forms of user authentication that the user does not have to remember and expand the types of data that may be used to generate the key pairs and authenticate a user.

Regarding claim 11, Sandhu teaches the limitations of claim 11 substantially as follows:
A computer-implemented method for single sign-on of a user operating a client device connected to an authentication server using a network connection, the method comprising the steps of: (Sandhu; Paras. [0033], [0042] & [0091]-[0094]: A processor implemented method (i.e. computer-implemented method) for single sign-on of a user operating a user device (i.e. client device) connected to a sponsor station/merchant server (i.e. authentication server) via a network (i.e. using a network connection))
forming, at the client device, a key pair based on a user password, a data element (Sandhu; Paras. [0034], [0040]-[0041], [0077] & [0079]: Generating (i.e. forming), at the user device (i.e. client device), a key pair based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device (i.e. data element) stored on a user device (i.e. stored at the client device) including a user password (i.e. user specific data element))
wherein the key pair comprises a public and a private key, and (Sandhu; Para. [0067], [0077] & [0079]: A key pair containing a public and a private key (i.e. comprises a public and private key))
 receiving, at the server, a request for authentication; (Sandhu; Paras. [0072]-[0073] & [0086]: A server logged in with the sponsor station receives (i.e. receiving, at the server) a user ID from the user in order to be authenticated and a request to initiate the process of key association with the user (i.e. a request for authentication))
transmitting, from the server to the client device, a challenge data element; (Sandhu; Para. [0087]: The sponsor station sends (i.e. transmitting, from the server) to the user device (i.e. to the client device), a challenge (i.e. a challenge data element))
signing, at the client device, the challenge data element using the private key; (Sandhu; Paras. [0065], [0087]-[0088] & [0096]: The user device signs (i.e. signing at the client device) the challenge (i.e. the challenge data element) using a private key)
transmitting, from the client device to the server, a signed version of the challenge data element, and (Sandhu; Paras. [0088] & [0096]: Transmitting, from the user device (i.e. from the client device) to the sponsor station (i.e. to the server) a signed permission request containing the challenge (i.e. a signed version of the challenge data element))
 authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user, (Sandhu; Paras. [0018], [0043], [0089], [0096]-[0097]: The sponsor station authenticates the user operated user device (i.e. authenticating, at the server, the user) by decrypting (i.e. validating) the signed challenge (signed version of the challenge data element) using a stored public key of the user (i.e. previously stored public key relating to the user))
wherein the data element is stored remotely from the client device.  (Sandhu: Para. [0040]: The factor (i.e. data element) is stored on a removable media (i.e. stored remotely from the client device))
Sandhu does not teach the limitations of claim 11 as follows:
forming a key pair based on an ID of the user and a previously selected data element 
wherein the previously selected data element comprises information individually selected by the user;
the previously selected data element is stored
However, in the same field of endeavor, Caceres discloses the limitations of claim 11 as follows:
forming a key pair based on an ID of the user and a previously selected data element (Caceres; Paras. [0012], [0039]-[0041] & [0090]: Generating a key pair using information associated with the identification information for the user (i.e. based on an ID of the user) and a user selected sequence of fingerprints previously provided during enrollment (i.e. previously selected data element))
wherein the previously selected data element comprises information individually selected by the user; (Caceres; Paras. [0039]-[0041] & [0090]: A user selected sequence of fingerprints previously selected (i.e. previously selected data element) comprised of a user selected sequence and user selected quantity of fingerprints (i.e. information individually selected by the user))
the previously selected data element is stored (Caceres; Paras. [0039]-[0041]: A user selected sequence of fingerprints previously selected (i.e. previously selected data element) is stored)
Caceres is combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu to incorporate the ID based key pair generation as in Caceres in order to enable the key pair to be generated from forms of user authentication that the user does not have to remember and expand the types of data that may be used to generate the key pairs and authenticate a user.

Regarding claim 12, Sandhu and Caceres teach the limitations of claim 11.
Sandhu teaches the limitations of claim 12 as follows:
The method according to claim 11, further comprising the steps of: - receiving a user password from the user; and forming the hash version of the user password.  (Sandhu; Paras. [0040]-[0041] & [0080]: A user inputs a user password (i.e. receiving a user password from the user) and the password is hashed (i.e. forming the hash version of the user password))
 
Regarding claim 13, Sandhu and Caceres teach the limitations of claim 11.
Sandhu and Caceres teach the limitations of claim 13 as follows:
The method according to claim 11, 
wherein an electronic device is configured to communicate the previously selected data element to the client device (Caceres; Paras. [0009]-[0010], [0022] & [0027], [0029]-[0033], [0039]-[0041], [0090], Fig. 6A: The  enrollment device (i.e. electronic device) communicates a sequence of fingerprints previously selected by the user to the second user device/verification server device (i.e. client device))
communicate the data element to the client device upon a request from the client device (Sandhu; Para. [0093]: The individual user enters (i.e. communicates) their user ID or password (i.e. data element) into the user device (i.e. client device) in response to a request from the user device (i.e. upon a request from the client device))
Caceres is further combinable with Sandhu because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have further modified the system of Sandhu to incorporate sending the previously selected sequence of fingerprints as in Caceres in order to provide an (Para. [0041]).
 
Regarding claim 14, Sandhu and Caceres teach the limitations of claim 13.
Caceres teaches the limitations of claim 14 as follows:
The method according to claim 13, wherein the electronic device is wired or wirelessly connected to the client device.  (Caceres; Paras. [0009]-[0010] & [0022]: An user/enrollment device (i.e. electronic device) is wired or wirelessly connected to the second/verification server device (i.e. client device))
 Caceres is further combinable with Sandhu because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Caceres is further combinable with Sandhu because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have further modified the system of Sandhu to incorporate the wired or wirelessly connected enrollment device as in Caceres in order to give the option of portably collecting information.
 
Regarding claim 15, Sandhu and Caceres teach the limitations of claim 13.
Caceres teaches the limitations of claim 15 as follows:
The method according to claim 13, wherein the electronic device is a mobile phone.  (Caceres; Para. [0023]: The enrollment device (i.e. the electronic device) is a smart phone (i.e. a mobile phone))
Caceres is further combinable with Sandhu because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have further modified the system of Sandhu and Caceres to implement the enrollment device as a smart phone as in Caceres in order to expand application of the system to a user’s smart phone.
 
Regarding claim 16, Sandhu teaches the limitations of claim 16 substantially as follows:
An authentication system comprising at least a client device and an authentication server connected there-between using a network connection, each of the client device and the authentication server including one or more hardware processors, the authentication system configured for single sign-on of a user operating the client device, the authentication system configured for: (Sandhu; Paras. [0031], [0033], [0042] & [0091]-[0094]: A cryptosystem for authenticating (i.e. authentication system) a user comprising a user device (i.e. client device) and a sponsor station/merchant server (i.e. authentication server), containing processors, connected via a network (i.e. using a network connection) for single sign-on of a user operating a user device (i.e. client device))
forming, at the client device, a key pair based on a user password, a data element (Sandhu; Paras. [0034], [0040]-[0041], [0077] & [0079]: Generating (i.e. forming), at the user device (i.e. client device), a key pair based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device (i.e. data element) stored on a user device (i.e. stored at the client device) including a user password (i.e. user specific data element))
wherein the key pair comprises a public and a private key, and (Sandhu; Para. [0067], [0077] & [0079]: A key pair containing a public and a private key (i.e. comprises a public and private key))
receiving, at the server, a request for authentication; (Sandhu; Paras. [0072]-[0073] & [0086]: A server logged in with the sponsor station receives (i.e. receiving, at the server) a user ID from the user in order to be authenticated and a request to initiate the process of key association with the user (i.e. a request for authentication))
transmitting, from the server to the client device, a challenge data element; (Sandhu; Para. [0087]: The sponsor station sends (i.e. transmitting, from the server) to the user device (i.e. to the client device), a challenge (i.e. a challenge data element))
signing, at the client device, the challenge data element using the private key; (Sandhu; Paras. [0065], [0087]-[0088] & [0096]: The user device signs (i.e. signing at the client device) the challenge (i.e. the challenge data element) using a private key)
transmitting, from the client device to the server, a signed version of the challenge data element, and (Sandhu; Paras. [0088] & [0096]: Transmitting, from the user device (i.e. from the client device) to the sponsor station (i.e. to the server) a signed permission request containing the challenge (i.e. a signed version of the challenge data element))
authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user, (Sandhu; Paras. [0018], [0043], [0089], [0096]-[0097]: The sponsor station authenticates the user operated user device (i.e. authenticating, at the server, the user) by decrypting (i.e. validating) the signed challenge (signed version of the challenge data element) using a stored public key of the user (i.e. previously stored public key relating to the user))
wherein the data element is stored remotely from the client device.  (Sandhu: Para. [0040]: The factor (i.e. data element) is stored on a removable media (i.e. stored remotely from the client device))
Sandhu does not teach the limitations of claim 16 as follows:
forming a key pair based on an ID of the user and a previously selected data element 
wherein the previously selected data element comprises information individually selected by the user;
the previously selected data element is stored
However, in the same field of endeavor, Caceres discloses the limitations of claim 16 as follows:
forming a key pair based on an ID of the user and a previously selected data element (Caceres; Paras. [0012], [0039]-[0041] & [0090]: Generating a key pair using information associated with the identification information for the user (i.e. based on an ID of the user) and a user selected sequence of fingerprints previously selected (i.e. previously selected data element))
wherein the previously selected data element comprises information individually selected by the user; (Caceres; Paras. [0039]-[0041] & [0090]: A user selected sequence of fingerprints (i.e. previously selected data element) comprised of a user selected sequence and user selected quantity of fingerprints previously selected (i.e. information individually selected by the user))
the previously selected data element is stored (Caceres; Paras. [0039]-[0041]: A user selected sequence of fingerprints previously selected (i.e. previously selected data element) is stored)
Caceres is combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu to incorporate the ID based key pair generation as in Caceres in order to enable the key pair to be generated from forms of user authentication that the user does not have to remember and expand the types of data that may be used to generate the key pairs and authenticate a user.

Regarding claim 17, Sandhu teaches the limitations of claim 17 substantially as follows:
A computer program product comprising a non- transitory computer readable medium having stored thereon computer program means for a user operated client device and an authentication server in network connection there-between, wherein the computer program product comprises: (Sandhu; Paras. [0033], [0042], [0057] & [0091]-[0094]: Stored computer programming instructions (i.e. computer program product comprising a non-transitory computer readable medium having stored thereon computer programming means) implemented by a processor for single sign-on of a user operating a user device (i.e. user operated client device) connected to a sponsor station/merchant server (i.e. authentication server) via a network (i.e. a network connection there-between))
code for forming, at the client device, a key pair based on a user password, a data element (Sandhu; Paras. [0034], [0040]-[0041], [0057 ], [0077] & [0079]: Code for generating (i.e. code for forming), at the user device (i.e. client device), a key pair based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device (i.e. data element) stored on a user device (i.e. stored at the client device) including a user password (i.e. user specific data element))
wherein the key pair comprises a public and a private key, and (Sandhu; Para. [0067], [0077] & [0079]: A key pair containing a public and a private key (i.e. comprises a public and private key))
code for receiving a request for authentication; (Sandhu; Paras. [0057], [0072]-[0073] & [0086]:  Code for a server logged in with the sponsor station to receive (i.e. receiving, at the server) a user ID from the user in order to be authenticated a request to initiate the process of key association with the user (i.e. a request for authentication))
code for transmitting a challenge data element; (Sandhu; Paras. [0057] & [0087]: Code for a sponsor station to send (i.e. transmitting) to the user device a challenge (i.e. a challenge data element))
code for signing the challenge data element using the private key; (Sandhu; Paras. [0057], [0065], [0087]-[0088] & [0096]: Code for the user device to sign (i.e. signing) the challenge (i.e. the challenge data element) using a private key)
code for transmitting a signed version of the challenge data element, and (Sandhu; Paras. [0057], [0088] & [0096]: Code for transmitting, from the user device to the sponsor station a signed permission request containing the challenge (i.e. a signed version of the challenge data element))
code for authenticating the user by validating the signed version of the challenge data element using a previously stored public key relating to the user, (Sandhu; Paras. [0018], [0043] , [0057], [0089], [0096]-[0097]: Code for the sponsor station to authenticate the user operated user device (i.e. authenticating the user) by decrypting (i.e. validating) the signed challenge (signed version of the challenge data element) using a stored public key of the user (i.e. previously stored public key relating to the user))
wherein the data element is stored remotely from the client device.  (Sandhu: Para. [0040]: The factor (i.e. data element) is stored on a removable media (i.e. stored remotely from the client device))
Sandhu does not teach the limitations of claim 17 as follows:
forming a key pair based on an ID of the user and a previously selected data element 
wherein the previously selected data element comprises information individually selected by the user;
the previously selected data element is stored
However, in the same field of endeavor, Caceres discloses the limitations of claim 17 as follows:
forming a key pair based on an ID of the user and a previously selected data element (Caceres; Paras. [0012], [0039]-[0041] & [0090]: Generating a key pair using information associated with the identification information for the user (i.e. based on an ID of the user) and a user selected sequence of fingerprints previously selected (i.e. previously selected data element))
wherein the previously selected data element comprises information individually selected by the user; (Caceres; Paras. [0039]-[0041] & [0090]: A user selected sequence of fingerprints (i.e. previously selected data element) comprised of a user selected sequence and user selected quantity of fingerprints previously selected (i.e. information individually selected by the user))
the previously selected data element is stored (Caceres; Paras. [0039]-[0041]: A user selected sequence of fingerprints previously selected (i.e. previously selected data element) is stored)
Caceres is combinable with Sandhu because both are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to 

Regarding claims 18 and 19, Sandhu and Caceres teach the method of claim 1 and the authentication system of claim 8.
Caceres teaches the limitations of claims 18 and 19 as follows:
wherein the previously selected data element is based on a random sequence formed for the user. (Caceres; Paras. [0039]-[0041]: The fingerprint sequence selected at enrollment (i.e. previously selected data element) may be based on a random sequence provided to the user (i.e. random sequence formed for the user))
The same motivations to combine as in claims 1 and 8 are applicable to the instant claims.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Sandhu (US 2010/0202609 A1), further in view of Caceres (US 2016/0381003 A1), and further in view of Le Saint (US 2004/0218762 A1).
Regarding claim 6, Sandhu and Caceres teach the limitations of claim 1.
Sandhu and Caceres do not teach the limitations of claim 6 as follows:
The method according to claim 1, further comprising the steps of: 
forming a session key pair based on a random bitstring, 
wherein the session key pair have a preselected lifetime; and
using the session key pair for subsequent authentication of the user.
However, in the same field of endeavor, Le Saint discloses the limitations of claim 6 as follows:
The method according to claim 1, further comprising the steps of: 
forming a session key pair based on a random bitstring, (Le Saint; Paras. [0058] & [0071]: Generating (i.e. forming) a session key pair from a random number comprising bits (i.e. based on a random bitstring))
wherein the session key pair have a preselected lifetime; and (Le Saint; Abstract; Paras. [0052], [0058] & [0071]: Session keys (i.e. session key pair) are useful for the duration of the session for which they were created (i.e. preselected lifetime))
using the session key pair for subsequent authentication of the user. (Le Saint; Para. [0052]: Session keys (i.e. session key pair) are used for gaining access after initial authentication (i.e. subsequent authentication of the user))
Le Saint is combinable with Sandhu and Caceres because all are from the same field of endeavor of authentication of a user on a mobile device. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Sandhu and Caceres to incorporate the session key pair formation as in Le Saint in order to increase efficiency of the system by not requiring repeat authentications of a user during the same communication session.
	
Prior Art Considered But Not Relied Upon
Nocera (US 2016/0013942 A1), which teaches identity verification using key pairs.

Conclusion
For the above-stated reasons, claims 1, 3-8 and 10-19 are rejected.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357.  The examiner can normally be reached on Monday - Friday 0700-1700 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/B.I.N./Examiner, Art Unit 2438        

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498