Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-5, 7-15, and 17-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3, 4, 6-8, 11, and 13-17  of U.S. Patent No. 10,469,259. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-4, 7-14, 17, and 18 overlap in claimed scope when compared with respective claims 1, 3, 4, 6-8, 11, and 13-17 of the ‘259 patent.
Claims 6, 16, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 11, and 15  of U.S. Patent No. 10,469,259 in view of “Shi” (US 2017/0177847). Claims 6, 16, and 20 are directed to “wherein one or more portions of the character string vary in length, vary in alphanumeric character type, vary in arrangement such that the one or more portions collectively represent information associated with the one or more biological characteristics of the user” which is not disclosed by claims 1, 11, and 15 of the ‘259 patent. However, Shi discloses the above “In the preceding example, the first feature value corresponding to the fingerprint information of the middle finger of the left hand includes 2, the second feature value corresponding to the fingerprint information of the middle finger of the right hand includes 7, the generated character string includes 27, which may be used for subsequent security verification”, while paragraphs 33 and 34 disclose different examples of character strings varying based on biometric information, the he varying ranging from different length (paragraph 26 disclosing only three fingers being captured on the right hand), different types of characters (numeric shown in paragraph 32 to alphanumeric shown in paragraph 33, or symbols described in paragraph 34), and arrangement (paragraph 29 disclosing capturing fingerprints at different points in time.
Thus, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify the system recited by claims 1, 11, and 15 of the ‘259 patent by enhancing the ‘259 patent’s character string to vary in length, characters, and arrangement per user, as taught by Shi, in order to represent received biometrics in a much more comprehensive manner. The motivation is to collect various information with regards to a received fingerprint, and represent the information utilizing a number, a letter, or a symbol in order to generate complex strings that represent fingerprints in a comprehensive manner

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-7, 12, 13, and 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 20017/0005794) in view of “Shi” (US 2017/0177847) in further view of “Arad” (US 2018/0373885).

Regarding Claim 1:
Paddon teaches:
An apparatus (Fig. 3, element 210) comprising:
	memory to store instructions; and
	processing circuitry, coupled with the memory, operable to execute the instructions, that when executed, cause the processing circuitry to (¶0022, “The biometric information decoded may include circuitry and/or programming…”):
		receive biological information corresponding to a user (Fig. 3, element 210 receives biometric information element 310);
“… adapted to obtain a modified string by decoding a bit string associated with acquired biometric information, as if the biometric information had been encoded”);
	…
	generate a … string based at least in part on the one or more biological characteristics (¶0022, “… adapted to obtain a modified bit string by decoding a bit string associated with acquired biometric information…”), and
	…
	wherein the … string is used for generating a biometric key associated with the user (Fig. 3 details element 210 providing a modified bit string from element 212 in order to generate key 306).
Paddon does not disclose:
determine one or more biological characteristics uniquely associated with the user based on the performed analysis; and
generate a character string based at least in part on the one or more biological characteristics, 
	wherein the character string comprises a plurality of alphanumeric characters,
	wherein the alphanumeric characters are space delimited and character delimited such that the space delimitation and the character delimitation uniquely relate to or identifies the user, and
Shi teaches:

generate a character string based at least in part on the one or more biological characteristics (¶0020, “Determining 72 the sequence of values from the detected biometric features…”; ¶0024, “… the feature value may include a number, a letter, or the like corresponding to texture information”; i.e., create an alphanumeric string from characteristics of a biometric), 
wherein the character string comprises a plurality of alphanumeric characters (¶0024, “… the feature value may include a number, a letter, or the like corresponding to texture information”),
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon’s system for generating cryptographic keys from biometrics by enhancing Paddon’s biometric information decode to generate a string for creating cryptographic keys that utilizes numbers and letters, rather than solely binary, as taught by Shi, in order to represent received biometrics in a much more comprehensive manner.
	The motivation is to collect various information with regards to a received fingerprint, and represent the information utilizing a number, a letter, or a symbol in order to generate complex strings that represent fingerprints in a comprehensive manner. Use of various numbers and letters, rather than solely binary, allows a biometric system to more uniquely represent various individuals fingerprints and thus providing fewer false-positive matches within the system.
Paddon in view of Shi does not disclose:

Arad teaches:
wherein the alphanumeric characters are space delimited and character delimited such that the space delimitation and the character delimitation uniquely relate to or identifies the user (¶0053, “In some embodiments, the authentication token may be a string of randomly generated characters that are designed to be difficult to guess … The term "token" is not limited to a single sequence of characters delimited by white space…”; ¶0054, “In some embodiments, the received authentication token may be stored in the un-trusted environment, as indicated by block 56, for example, in association with a tenant account and a test or session with that tenant account”; i.e., the space and character delimited authentication token string is associated with a user), and
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi’s system for generating cryptographic keys from biometrics by enhancing Paddon in view of Shi’s character string to include white space delimited and random characters delimited that is associated with a user, as taught by Arad, in order to create a character string that can be used for authentication and is difficult to guess.
	The motivation is to further delimit a character string associated with a user by utilizing white space and random characters in order to make guessing the string difficult by an unaffiliated entity (Arad, ¶0053, “… the authentication token may be a string of randomly generated characters that are designed to be difficult to guess…”). This strengthens the overall security of the system by virtue of strengthening authentication of a user associated with the string.

Regarding Claim 2:
The apparatus of claim 1, wherein Paddon in view of Shi in further view of Arad further teaches the biological information comprises: (i) a fingerprint, (ii) a face, (iii) a palm print, (iv) palm veins, (v) a hand geometry, (vi) a voice, (vii) an iris, (viii) a retina, and/or (ix) an eye scan (Paddon, ¶0026, “… the biometric information … may include … a fingerprint sensor, and an eye scanner”).

Regarding Claim 3:
The apparatus of claim 1, wherein Paddon in view of Shi in further view of Arad further teaches the biological information is received via at least one input device, and wherein the at least one input device is: (i) a camera, (ii) a microphone, (iii) a fingerprint reader, (iv) a palm print scanner or reader, (v) a palm vein scanner or reader, and/or (vii) an eye scanner (Paddon, ¶0026, “… the biometric information … may include … a fingerprint sensor, and an eye scanner”).

Regarding Claim 5:
The apparatus of claim 1, wherein Paddon in view of Shi in further view of Arad further teaches the space delimitation and the character delimitation of the alphanumeric characters represent information associated with the one or more biological “In some embodiments, the authentication token may be a string of randomly generated characters that are designed to be difficult to guess … The term "token" is not limited to a single sequence of characters delimited by white space…”; ¶0054, “In some embodiments, the received authentication token may be stored in the un-trusted environment, as indicated by block 56, for example, in association with a tenant account and a test or session with that tenant account”; Shi, ¶0024, “… the feature value may include a number, a letter, or the like corresponding to texture information”; i.e., the character strings delimited by white space and characters, as taught in Arad, are associated with biological features as described by Shi’s disclosed of generating a character string from biometric characteristics).

Regarding Claim 6:
The apparatus of claim 1, wherein one or more portions of the character string vary in length, vary in alphanumeric character type, vary in arrangement such that the one or more portions collectively represent information associated with the one or more biological characteristics of the user (Shi, ¶0032, “In the preceding example, the first feature value corresponding to the fingerprint information of the middle finger of the left hand includes 2, the second feature value corresponding to the fingerprint information of the middle finger of the right hand includes 7, the generated character string includes 27, which may be used for subsequent security verification”; ¶0033 & ¶0034 further disclose examples of character strings varying based on biometric information, the varying ranging from different length (paragraph 26 disclosing only three fingers being captured on the right hand), different types of characters (numeric shown in paragraph 

Regarding Claim 7:
The apparatus of claim 1, wherein Paddon in view of Shi in further view of Arad the processing circuitry is further caused to provide or send the generated character string to one or more remote computing devices for generating the biometric key (Paddon, Fig. 3 details element 212 receiving the modified string from element 210), and wherein the biometric key is generated based on a cryptographic algorithm (Paddon, Fig. 3, element 212 “Cryptographic Key Generator”).

Regarding Claims 12, 13, 15, and 16:
Method claims 12, 13, 15 and 16 correspond to respective apparatus claims 1, 2, 5 and 6 above, and contain no further limitations. Therefore claims 12, 13, 15, and 16 are each rejected by applying the same rationale used to reject claims 1, 2, 5, and 6, respectively.

Regarding Claims 17-20:
Non-transitory computer-readable storage medium claims 17-20 correspond to respective apparatus claims 1, 3, 5 and 6 above, and contain no further limitations. Therefore claims 17-20 are each rejected by applying the same rationale used to reject claims 1, 3, 5, and 6, respectively.

Claims 4 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 20017/0005794) in view of “Shi” (US 2017/0177847) in view of “Arad” (US 2018/0373885) in further view of “Schultz” (US 2017/0085562).

Regarding Claim 4:
Paddon in view of Shi in further view of Arad teaches:
The apparatus of claim 1, …
Paddon in view of Shi in further view of Arad does not disclose:
… wherein the one or more biological characteristics include: (i) a pupillary distance (PD), (ii) a monocular PD, (iii) a distance between, or distances among, an eye, a pupil, an ear, a nose, an upper lip, a lower lip, and/or a chin, (iv) a face width, (v) a face height, (vi) voice frequency, (vii) an arch, loop, and/or whorl of a fingerprint, (viii) a distance between at least two veins of a palm, (ix) a size of an iris, (x) a size of a pupil, and/or (xi) a distance between at least two veins of a retina.
Schultz teaches:
… wherein the one or more biological characteristics include: (i) a pupillary distance (PD), (ii) a monocular PD, (iii) a distance between, or distances among, an eye, a pupil, an ear, a nose, an upper lip, a lower lip, and/or a chin, (iv) a face width, (v) a face height, (vi) voice frequency, (vii) an arch, loop, and/or whorl of a fingerprint (¶0040 discloses comparing features of a fingerprint including an arch pattern, a loop pattern, and a whorl pattern), (viii) a distance between at least two veins of a palm, (ix) a size of an iris, (x) a size of a pupil, and/or (xi) a distance between at least two veins of a retina.

	The motivation is to more accurately represent a user’s fingerprint by including features such an arch, loop, or whorl which would result in a more defined character string representing a biometric of the user. This would further result in a more unique (less predictable) biometric key generated from the character string, thus increasing the overall security of the system.

Regarding Claim 14:
Method claim 14 corresponds to apparatus claim 4 and contains no further limitations. Therefore claim 14 is rejected by applying the same rationale used to reject claim 4 above.

Claims 8 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 20017/0005794) in view of “Shi” (US 2017/0177847) in view of “Arad” (US 2018/0373885) in further view of “Spencer” (US 2016/0125416).

Regarding Claim 8:
Paddon in view of Shi in further view of Arad teaches:
The apparatus of claim 1, 
Paddon in view of Shi in further view of Arad does not disclose:
… wherein the biometric key is a 512-bit key, a 768-bit key, a 1024-bit key, or a 2048-bit key.
Spencer teaches:
… wherein the biometric key is a 512-bit key, a 768-bit key, a 1024-bit key, or a 2048-bit key (¶0080 discloses using a 2048-bit RSA algorithm to generate a key).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in further view of Arad’s system for generating cryptographic keys from biometrics by enhancing Paddon in view of Shi in further view of Arad’s system for generating cryptographic keys from biometrics to include a 2048-bit RSA cryptographic algorithm to generate the key, as taught by Spencer, in order to create larger biometric keys.
	The motivation is to increase the complexity of a cryptographic key be enhancing the key’s generation algorithm to incorporate a 2048-bit RSA algorithm such that the resultant key generated is increased in size and improving the overall security of the key. Further, using an RSA algorithm is preferable given the algorithm’s well-established role and availability within the cryptographic arts, such as the systems disclosed by Paddon, Shi, and Arad.

Regarding Claim 9:
Paddon in view of Shi in further view of Arad teaches:

Paddon in view of Shi in further view of Arad does not disclose:
… wherein the cryptographic algorithm is: (i) a Triple Data Encryption Standard (DES) algorithm, (ii) a RSA public-key encryption algorithm, (iii) a Blowfish algorithm, (iv) a Twofish algorithm, (v) an Advanced Encryption Standard 24Attorney Docket No. 1988.0055C (AES) algorithm, (vi) a Diffie-Hellman algorithm, (vii) a Cramer-Shoup algorithm, and/or (viii) a ElGamal encryption algorithm.
Spencer teaches:
… wherein the cryptographic algorithm is: (i) a Triple Data Encryption Standard (DES) algorithm, (ii) a RSA public-key encryption algorithm (¶0080 discloses using a 2048-bit RSA algorithm to generate a key), (iii) a Blowfish algorithm, (iv) a Twofish algorithm, (v) an Advanced Encryption Standard 24Attorney Docket No. 1988.0055C (AES) algorithm, (vi) a Diffie-Hellman algorithm, (vii) a Cramer-Shoup algorithm, and/or (viii) a ElGamal encryption algorithm.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in further view of Arad’s system for generating cryptographic keys from biometrics by enhancing Paddon in view of Shi in further view of Arad’s system for generating cryptographic keys from biometrics to include a 2048-bit RSA cryptographic algorithm to generate the key, as taught by Spencer, in order to create larger biometric keys.
	The motivation is to increase the complexity of a cryptographic key be enhancing the key’s generation algorithm to incorporate a 2048-bit RSA algorithm such that the resultant key generated is increased in size and improving the overall security of the key. Further, using an RSA algorithm is preferable given the algorithm’s well-.

Claims 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 20017/0005794) in view of “Shi” (US 2017/0177847) in view of “Arad” (US 2018/0373885) in further view of “Kaufman” (US 5666415).

Regarding Claim 10:
Paddon in view of Shi in further view of Arad teaches:
The apparatus of claim 1, 
Paddon in view of Shi in further view of Arad does not disclose:
… wherein at least one hash function is applied to the biometric key to generate a hashed biometric key, wherein salt is applied to the hashed biometric key to generate a salted and hashed biometric key, and wherein the salted and hashed biometric key is stored in one or more storage devices.
Kaufman teaches:
… wherein at least one hash function is applied to the biometric key to generate a hashed biometric key (Col. 5, lines 63-66 disclose hashing a password and storing it has “term 1”; Col. 7, lines 30-42, “… to check the validity of the second argument, the server accesses a first term in a database, which is a first hash of the user’s password”), wherein salt is applied to the hashed biometric key to generate a salted and hashed biometric key (Col. 7, lines 30-42, “… and concatenates the current nonce, R, to the value”; salt the hashed password with a nonce value), and wherein the salted and 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in further view of Arad’s system for generating cryptographic keys from biometrics by enhancing Paddon in view of Shi in further view of Arad’s method of generating a biometric key from a character string to further hash and salt the biometric key, as taught by Kaufman, in order to enhance the security of the biometric key.
	The motivation is to utilize well-known hashing and salting techniques to protect a biometric key from extraction methods which may result from database vulnerabilities. Generating a key via hashing and salting techniques thus ensures that the key is never stored in plaintext (unprotected), which prevents the key from being realized if obtained via said extraction methods.

Claims 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 20017/0005794) in view of “Shi” (US 2017/0177847) in view of “Arad” (US 2018/0373885) in view of “Kaufman” (US 5666415) in further view of “Suffling” (US 2013/0227139).

Regarding Claim 11:
Paddon in view of Shi in view of Arad in further view of Kaufman teaches:
The apparatus of claim 10, 
Paddon in view of Shi in view of Arad in further view of Kaufman does not disclose:
… wherein the at least one hash function is changed at a predetermined interval to rotate, update, or roll the biometric key.
Suffling teaches:
… wherein the at least one hash function is changed at a predetermined interval to rotate, update, or roll the biometric key (¶0035, “It will also be appreciated that the definition of the function H may change from time to time, provided that the definition is agreed on by the entities involved … For example, the definition of the function H may change in accordance with a change in the current time interval value T … For simplicity, in the following discussion, the function H is referred to as a hash algorithm H, and any expression of the form H(X) is described as a hash”; i.e., change a hash function utilized between entities in accordance with a time value T).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in view of Arad in further view of Kaufman’s system for generating cryptographic keys from biometrics by enhancing Paddon in view of Shi in view of Arad in further view of Kaufman’s method of generating a biometric key from a hash function to further change the hash function in accordance with a time value, as taught by Suffling, in order to further enhance the security of the biometric key by creating a new key within a predefined interval of time in accordance with the change of hash function.


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491