DETAILED ACTION
Claims 1-8, 13, 17-24, 35 and 49 are pending and currently amended. Claims 9-12, 14-16, 25-34 and 36-48 are cancelled.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 08/15/2019 and 12/07/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Objections
Claims 1 and 24 are objected to because of the following informalities:  The claims recite, “said biometric” in line 6 of claim 1 & line 7 of claim 24. The examiner suggest amending this limitation to recite “the biometric” to correspond with the other claim language and provide better clarity.  Appropriate correction is requested.
Claim 6 is objected to because of the following informalities:  The examiner suggest amending the limitation “the second secret” in line 14 to recite “the second secret key” to provide better clarity.  Appropriate correction is requested.
Claim 20 is objected to because of the following informalities:  The examiner suggest amending the limitation “the at least one received secret random number” to “the at least one received associated random numbered” or “the associated secret random number” to provide better clarity.  Appropriate correction is requested.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 2, 4-5, 24 and 49 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 1 recites receiving a request…, and receiving,…transformed biometric data…a client-generated second secret key and a client generated secret random number.
The limitations of receiving , from a client device,…, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “a network node” and “a client device” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “network node” language, “receiving” in the context of this claim encompasses manually receiving data. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
i.e., as a generic receiver receiving information), the client device is recited as a generic transmitter, transmitting a request and information, such that they amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Independent claim 24 and claim 49 includes limitations similar to the limitations of independent claim 1 and rejected under 35 USC 101 for being directed to abstract idea for similar reasons as discussed above with respect to independent claim 1.
In particular, the claims 24 and 49 recites generic additional elements – using a processing unit (claim 24) and a computer readable storage medium/ processing unit (claim 49) to perform the steps. These elements in said steps are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function and a CRSM containing instructions) such that they amounts no more than mere instructions to apply the exception 
The claims does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Dependent claims 2 and 4-5 does not cure the deficiency of the independent claim and are rejected under 35 USC 101 for being directed to abstract idea.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 7 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 7 and 17 recites the limitation "the feature transformation key" in line 3 of claim 7 & line 6 of claim 17.  There is insufficient antecedent basis for this limitation in the claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-5, 13, 24, 35 and 49 are rejected under 35 U.S.C. 103 as being unpatentable over O’Regan et al. (US Patent No. 10,313,317) in view of Tran Khanh Dang (Cancellable fuzzy fault with periodic transformation for biometric template protection), hereinafter Dang, and in further view of Uchida (US Patent No. 6,751,734). 
Regarding independent claim 1, O’Regan teaches a method performed by a network node  of enabling authentication of a user of a client device over a secure communication channel based on biometric data (O’Regan, Abstract and column 1, lines 56-67), comprising: receiving a request from the client device to enroll the biometric data of the user captured at O’Regan, column 11, lines 44-45 and 57-61; registration request received at the secure server); and receiving, from the client devicO’Regan, column 11, lines 25-61, column 13, lines 36-45& 60-64, column 10 , lines 34-38 and column 14, lines 35-54; the secure server receives the token [transformed biometric], which is generated based on a seed value and obscured algorithm that produces a non-invertible token; the encryption key [second secret key] is also received which is generated based on a random number and generated secret key [first secret key]).
O’Regan teaches the secured server receiving the token, the random encryption key generated based on a random number & secret key, the seed value and other information (O’Regan, column 11, lines 25-61) but does not explicitly teach receiving, from the client device, a fuzzy vault containing a client-generated first secret key, the vault being locked using the biometric data of the user and a client-generated secret random number. 
Dang teaches receiving, from the client device, a fuzzy vault containing a client-generated first secret key, the vault being locked using the biometric data (Dang, Figure 1, pages 230-231, sections 2.1-2.2 and 3.1; fuzzy vault including the secret key is created and locked). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan with the teachings of Dang to use a cancellable fuzzy vault to provide the advantage of the transformed features being hard to Dang, page 230, column 1 and page 235, section 6).
O’Regan in view of Dang does not explicit teach receiving, from the client device, a client-generated secret random number.
Uchida teaches receiving, from the client device, a client-generated secret random number (Uchida, column 9, lines 37-55; supplies random number). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan in view of Dang with the teachings of Uchida for the portable terminal to send the random number to provide the advantage of the stable and correct results and unauthorized use of the secret information (Uchida, column 1, line 66 – column 2, line 9 and column 9, lines 30-55).  
	Regarding claim 4, O’Regan in view of Dang and in further view of Uchida teaches the method wherein the second secret key is generated by processing the first secret key and the secret random number in a pseudorandom function (O’Regan, column 14, lines 35-49).
Regarding claim 5, O’Regan in view of Dang and in further view of Uchida teaches the method further comprising: storing the received transformed biometric data, fuzzy vault, second secret key and secret random number in a secure end-user database (O’Regan, column 11, lines 57-66; stored on secured server).
Regarding independent claim 13, O’Regan teaches a method performed by a client device of enabling authentication of user of the client device with a network node over a secure communication channel based on biometric data (O’Regan, Abstract and column 1, lines 56-67), comprising: submitting a request to the network node to enroll the biometric data of the user  O’Regan, column 11, lines 25-44 and 57-61; registration request sent to the secure server); andPreliminary Amendment capturing the biometric data of the user (O’Regan, column 11, lines 7-10; receives biometric input); transforming the biometric data into non-invertible biometric data (O’Regan, column 13, lines 36-45 & 60-64, column 10 , lines 34-38; the token [transformed biometric], which is generated based on a seed value and obscured algorithm that produces a non-invertible token); generating a first secret key (O’Regan, column 14, lines 35-54; generated secret key); generating a secret random number (O’Regan, c column 14, lines 35-54; a random number); creating a second secret key based on the first secret key and the secret random number (O’Regan, column 14, lines 35-54; the encryption key [second secret key] is generated based on a random number and generated secret key [first secret key]); and submitting, to the network node, the transformed biometric data, the second secret key (O’Regan, column 11, lines 25-61; the secure element transmits the token [transformed biometric] and the encryption key [second secret key]).
O’Regan teaches the secured server receiving the token, the random encryption key generated based on a random number & secret key, the seed value and other information (O’Regan, column 11, lines 25-61) but does not explicitly teach creating a fuzzy vault containing the first secret key, the vault being locked using the biometric data of the user; submitting, to the network node, the fuzzy vault and the secret random number. 
Dang teaches creating a fuzzy vault containing the first secret key, the vault being locked using the biometric data of the user (Dang, Figure 1, pages 230-231, sections 2.1-2.2 and 3.1; fuzzy vault including the secret key is created and locked); submitting, to the network node, the fuzzy vault (Dang, Figure 1 and page 231, section 2.2; vault database). 
Dang, page 230, column 1 and page 235, section 6).
O’Regan in view of Dang does not explicit teach submitting, to the network node, the secret random number.
Uchida teaches submitting, to the network node, the secret random number (Uchida, column 9, lines 37-55; supplies random number). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan in view of Dang with the teachings of Uchida for the portable terminal to send the random number to provide the advantage of the stable and correct results and unauthorized use of the secret information (Uchida, column 1, line 66 – column 2, line 9 and column 9, lines 30-55).  
Regarding independent claim 24, O’Regan teaches a network node configured to enable authentication of a user of a client device over a secure communication channel based on biometric data, the trusted network node comprising a processing unit being configured to: (O’Regan, Figure 10, Abstract, column 1, lines 56-67 and column 19, lines 53-61), comprising: receive a request from the client device to enroll the biometric data of the user captured at the client devicO’Regan, column 11, lines 44-45 and 57-61; registration request received at the secure server); and receive, from the client devicO’Regan, column 11, lines 25-61, column 13, lines 36-45& 60-64, column 10 , lines 34-38 and column 14, lines 35-54; the secure server receives the token [transformed biometric], which is generated based on a seed value and obscured algorithm that produces a non-invertible token; the encryption key [second secret key] is also received which is generated based on a random number and generated secret key [first secret key]).
O’Regan teaches the secured server receiving the token, the random encryption key generated based on a random number & secret key, the seed value and other information (O’Regan, column 11, lines 25-61) but does not explicitly teach receive, from the client device, a fuzzy vault containing a client-generated first secret key, the vault being locked using the biometric data of the user and a client-generated secret random number. 
Dang teaches receive, from the client device, a fuzzy vault containing a client-generated first secret key, the vault being locked using the biometric data (Dang, Figure 1, pages 230-231, sections 2.1-2.2 and 3.1; fuzzy vault including the secret key is created and locked). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan with the teachings of Dang to use a cancellable fuzzy vault to provide the advantage of the transformed features being hard to recover and strengthening the fuzzy vault with cancellability probability (Dang, page 230, column 1 and page 235, section 6).
O’Regan in view of Dang does not explicit teach receiving, from the client device, a client-generated secret random number.
Uchida, column 9, lines 37-55; supplies random number). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan in view of Dang with the teachings of Uchida for the portable terminal to send the random number to provide the advantage of the stable and correct results and unauthorized use of the secret information (Uchida, column 1, line 66 – column 2, line 9 and column 9, lines 30-55).  
Regarding independent claim 35, O’Regan teaches a client device configured to enable authentication of user of the client device with a network node over a secure communication channel based on biometric data, the client device comprising a biometric data sensing system  comprising a biometric data sensor and a processing unit (O’Regan, Figure 10, Abstract, column 1, lines 56-67 and column 15, line 57- column 16, line 7), the processing unit being configured to:  submit a request to the network node to enroll the biometric data of the user  captured at the client device (O’Regan, column 11, lines 25-44 and 57-61; registration request sent to the secure server); andPreliminary Amendment the biometric data sensor being configured to: capture the biometric data of the user (O’Regan, column 11, lines 7-10 and column 16, lines 4-7; receives biometric input); the processing unit further being configured to: transform the biometric data into non-invertible biometric data (O’Regan, column 13, lines 36-45 & 60-64, column 10 , lines 34-38; the token [transformed biometric], which is generated based on a seed value and obscured algorithm that produces a non-invertible token); generate a first secret key (O’Regan, column 14, lines 35-54; generated secret key); generate a secret random number (O’Regan, c column 14, lines 35-54; a random number); create a second secret key based on the first secret key and the secret O’Regan, column 14, lines 35-54; the encryption key [second secret key] is generated based on a random number and generated secret key [first secret key]); and submit, to the network node, the transformed biometric data, the second secret key (O’Regan, column 11, lines 25-61; the secure element transmits the token [transformed biometric] and the encryption key [second secret key]).
O’Regan teaches the secured server receiving the token, the random encryption key generated based on a random number & secret key, the seed value and other information (O’Regan, column 11, lines 25-61) but does not explicitly teach create a fuzzy vault containing the first secret key, the vault being locked using the biometric data of the user; submit, to the network node, the fuzzy vault and the secret random number. 
Dang teaches create a fuzzy vault containing the first secret key, the vault being locked using the biometric data of the user (Dang, Figure 1, pages 230-231, sections 2.1-2.2 and 3.1; fuzzy vault including the secret key is created and locked); submit, to the network node, the fuzzy vault (Dang, Figure 1 and page 231, section 2.2; vault database). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan with the teachings of Dang to use a cancellable fuzzy vault to provide the advantage of the transformed features being hard to recover and strengthening the fuzzy vault with cancellability probability (Dang, page 230, column 1 and page 235, section 6).
O’Regan in view of Dang does not explicit teach submit, to the network node, the secret random number.
Uchida, column 9, lines 37-55; supplies random number). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan in view of Dang with the teachings of Uchida for the portable terminal to send the random number to provide the advantage of the stable and correct results and unauthorized use of the secret information (Uchida, column 1, line 66 – column 2, line 9 and column 9, lines 30-55).  
Regarding claim 49, O’Regan in view of Dang and in further view of Uchida teaches a computer program product comprising a non- transitory computer readable medium, the non-transitory computer readable medium having the a computer program  according to claim 18 embodied thereon comprising computer-executable instructions for causing a trusted network node to perform the method of claim 1 when the computer-executable instructions are executed on a processing unit included in the network node (Uchida, column 21, lines 56-65 and column 23, lines 32-53; claim 1 limitations shown above).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over O’Regan et al. (US Patent No. 10,313,317) in view of Tran Khanh Dang (Cancellable fuzzy fault with periodic transformation for biometric template protection), hereinafter Dang, and in further view of Uchida (US Patent No. 6,751,734) as applied to claims 1, 4-5, 13, 24, 35 and 49 above, and further in view of Fang et al. (US Pub No. 2018/0247049). 
Regarding claim 2, O’Regan in view of Dang and in further view of Uchida teaches each and every claim limitation of claim 1, however, does not explicitly teach the method further 
Fang teaches submitting, to the client device, a feature transformation key enabling the client device to transform the biometric data into non-invertible biometric data (Fang, page 3, paragraph 0045; server symmetric key). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify O’Regan in view of Dang and in further view of Uchida with the teachings of Fang to use the server encryption key to ensure security to provide the advantage of preventing illegal interception and manipulation of the information (Fang, page 3, paragraph 0045).

Allowable Subject Matter
Claims 3, 6-8 and 17-23 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Examiner’s Statement of Reasons for Indicating Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter: The prior art Jo et al. (US Pub No. 2015/0381616) discloses a secret data matching device includes a memory unit for storing a first secret vector obtained by concealing a first data set and a key data using a determination matrix; an obtaining unit for obtaining a second secret vector by concealing a second data set using the determination matrix; a calculating unit for calculating a residue vector which is a residue when the determination matrix is a modulus, Jo, Abstract), Choi et al. (US Pub No. 2011/0037563) discloses a biometric register includes: a feature extraction unit for performing preprocessing for a fingerprint to extract a feature point m for the fingerprint; a transformation function generation unit for generating a transformation function which is composed of an arbitrary rotation matrix and an arbitrary vector; and a template generation unit for transforming a coordinate of the feature point m using the generated transformation function, and organizing a fuzzy vault using a randomly generated fake feature point and a feature point m.sub.1 applied by the transformed coordinate, thereby generating a one-time template (Choi, Abstract), FUJII et al. (US Pub No. 2010/0191967) discloses a client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus.  Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key.  In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these.  Fujii, Abstract), and Langin-Hooper et al. (US Pub No. 2007/0165847) discloses the demonstrable levels of "randomness" also have been a concern in the design of pseudo-random number generators.  Many tests have been devised that indicate the "randomness" of a sequence of values generated by a pseudo-random number generator.  While passing such tests is no guaranty of acceptable randomness, failure of such tests usually indicates a weakness in the pseudo-random number generator.  The pseudo-random number generator processes of the claimed invention create output sequences that satisfy known randomness tests such at the "birthday spacing’s" and random-walk tests that other pseudo-random number generators, including its underlying pseudo-random number generating components, are known to fail (Langin-Hooper, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “receiving an indication from the client device that the feature transformation key failed to pass a randomness test, wherein the enrollment of the biometric data is terminated” (claim 3), “submitting, to the client device, the fuzzy vault and the secret random number of said at least one data set; receiving, from the client device, an indication that the client device proves knowledge of the second secret key, in which case the client device was capable of unlocking the fuzzy vault using the captured biometric data and using the first secret key and the secret random number to create the second secret, wherein the user of the client device is authenticated” (claim 6) and “receiving, from the network node, at least one fuzzy vault and an associated secret random number; attempting to unlock the received at least one fuzzy vault using the captured biometric data; creating a second secret key based on the first secret key and the associated secret random number of the at least one fuzzy vault successfully unlocked; and submitting, to the network node, an indication that the client device proves knowledge of the second secret key, wherein the user  of the client device is authenticate” (claim 17), in combination with the rest of the claim limitations.
Any claims not specifically addressed above, depends on the claims addressed above and therefore are objected to. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access 






/SHAQUEAL D WADE/Examiner, Art Unit 2437