DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

This office action is in response to amendment filed on December 9th, 2020.  Claims 1-2, 6-7, 9-11, and 13-15 have been amended.  Claim 17 has been added.  No claims have been canceled.  Therefore, claims 1-17 are presented for examination.
The prior office actions are incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments.

Response to Arguments
Applicant’s argument with respect to claim interpretation of claims 9-11 and 13-15 under 35 U.S.C. 112(f) is persuasive based on amended claims thus, the claim interpretation under 112(f) is withdrawn.
 Applicant’s argument with respect to rejection of claims 2 and 6-7 under 35 U.S.C. 112(b) is persuasive based on amended claims thus, the rejection under 112(b) is withdrawn.
Applicant’s argument with respect to claim(s) 1-17 have been considered but are moot because of the new ground of rejection does not rely on any reference applied in prior reference applied in prior rejection of record for any teachings or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 5-7, 9-11, 13-15, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Tang et al. (Chinese Publication No. 105207776, China Standard Software CO LTD (2015)) [This prior art is provided/cited in the IDS] hereafter Tang in view of Herder et al. (US PGPUB # 2017/0141920).

Regarding claim 1.Tang does disclose, a fingerprint data processing method, applied to a host of an electronic device, comprising [Tang, page 6, para. 1, see step 201, Authenticating step (S201), described client initiates authentication request, and after server-side certificate administration module receives authentication request, produce pair of secret keys, described key comprises PKI and private key]:
receiving a first ciphertext that carries fingerprint data [Tang, page 3, para. 7, FIG. 3, see receiving step (S103), the PKI of client identity authentication module reception server end.  Page 5, para. 3, see Receiving step (S303), the PKI of client identity authentication module reception server end, produce a user key simultaneously, the user key data of this PKI to user fingerprints information.];
wherein the first ciphertext is sent by a fingerprint sensor of the electronic device [Tang, page 4, para. 15, and FIG. 3, see the fingerprint sensor of described bank client end system obtains the finger print information of user, and client identity authentication module obtains user ID, and as shown in Figure 1 and Figure 3.];
decrypting the first ciphertext to obtain the fingerprint data [Tang, page 5, para. 4, and FIG. 3, see decryption step (S304), server end uses the private key in the key produced in step S301 to be decrypted described enciphered data and obtains data decryption, comprises user fingerprints information, user ID, user key and/or timestamp.];


Tang further discloses, encrypting the identification result, and generating a second ciphertext that carries the identification result [Tang, page 5, para. 6, and FIG. 3, see step (S306), after server-side certificate success, server-side certificate administration module distributes a session key for this user, and sends to client identity authentication module after using the user key in step S304 to be encrypted this session key.]; and
sending the second ciphertext to a corresponding application proxy or application program [Tang, page 6, para. 4, and FIG. 6,  second distribution module (306), after described matching module, the match is successful, for described user distributes a session key, and decipher according to deciphering module (304) after the user key obtained is encrypted described session key and send to client.  The fingerprint sensor with client system obtains the finger print information of user, and client identity authentication module obtains user ID, and as shown in Figure 1.].
Tang does not explicitly disclose, identifying the fingerprint data, generating an identification result;
However, Herder does disclose, identifying the fingerprint data, generating an identification result [Herder, para. 0102, 0109, and FIG. 6, server for storing a hash of the secret number along with the biometric public keys. The hashes are indexed using identifying information (such as a name or address), then secured with an identification number and cryptographically signed. These records are then provided to anyone who wishes to authenticate a subject purporting to be an individual. The processes 61-63 of receiving a digital electronic signal that characterizes a biometric of a subject 41 purporting to be an individual 31, extracting biometric values and corresponding confidence values, and using the confidence values to select a confident subset of biometric values, are the same as processes 51-53 of FIG. 5.].
Tang and Herder are in same field of endeavor as they both are pertaining to field of biometric authentication and identity authentication, specifically a kind of fingerprint verification method and system.
Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5)  with teachings of Herder (Herder, para. 0102, 0109 and FIG. 6) would enable Tang using an algorithm to generate an identification result and an encryption of it to later be include with ciphered text sent to the user of the biometric application.

Regarding claim 2. The combination of Tang and Herder does disclose, the fingerprint data processing method according to claim 1.  Furthermore Tang discloses, wherein the decrypting the first ciphertext to obtain the fingerprint data specifically comprises [Tang, page 5, para. 4, see decryption step (S304), server end uses the private key in the key produced in step S301 to be decrypted described enciphered data and obtains data decryption, comprises user fingerprints information, user ID, user key and/or timestamp. Further, described enciphered data includes timestamp, when described timestamp is not out of date, mates described data decryption according to the data message that this locality stores.]: 
Tang does not disclose, decrypting the first ciphertext by using a first decryption algorithm, to obtain the fingerprint data and a first message authentication code corresponding to the fingerprint data;
generating a second message authentication code corresponding to the fingerprint data by using a message authentication code algorithm; and 
determining that the obtained fingerprint data is valid when determining that the first message authentication code is matched with the second message authentication code;
wherein, the first ciphertext is obtained after the fingerprint data and the first message authentication code are encrypted by using a first encryption algorithm;
the first decryption algorithm is matched with the first encryption algorithm.
However, Herder does disclose, decrypting the first ciphertext by using a first decryption algorithm, to obtain the fingerprint data and a first message authentication code corresponding to the fingerprint data [Herder, para. 0102-0103, FIG. 6, the processes 61-63 of receiving a digital electronic signal that characterizes a biometric of a subject 41 purporting to be an individual 31, extracting biometric values and corresponding confidence values, and using the confidence values to select a confident subset of biometric values, are the same as processes 51-53 of FIG. 5, described above in detail.  (Para. 0103), the authentication processes of FIG. 6 diverge from the enrollment processes of FIG. 5 in process 64, in which the computing facility receives a biometric public key from a storage facility as described above in connection with FIG. 5. That is, the computing facility of the authentication system receives the product of the processes of FIG. 5. The storage facility may be, for example, a database controlled by a biometric certificate authority, or a dongle or cryptographic token, or a local memory, such as a non-transitory data store within the computing facility itself. In process 65, the computing facility calculates a candidate value for the secret number using the biometric public key and the confident subset. If the linear algebra method described in connection with process 55 is used to compute the biometric public key, the process 65 may be carried out in accordance with the formulas given in that description.];
generating a second message authentication code corresponding to the fingerprint data by using a message authentication code algorithm [Herder, para. 0104, FIG. 6 concludes with a process 66, in which the computing facility transmits an indication that the subject is authenticated as the individual when the candidate value for the secret number is deemed equivalent to the secret number characterized by the biometric public key. As described above in connection with FIG. 1, to determine equivalence, the secret number S may be encrypted using a one-way function (say, F) and the hashed value F(S) is received with the biometric public key K in process 64. It should be appreciated that, because the function F is one-way only, the secret number S cannot be feasibly recovered from the hashed value F(S), so the latter value F(S) may be made public without compromising the secret number S. To authenticate the subject, the function F is applied to the candidate value for the secret number S' to determine whether there is a match; that is, whether F(S)=F(S'). If so, then using well-known properties of cryptographic hash functions, one may conclude with a high degree of confidence that S=S', so the computing facility in fact already possesses the secret number S…]; and 
determining that the obtained fingerprint data is valid when determining that the first message authentication code is matched with the second message authentication code [Herder, para. 0060,  0104, FIG. 6, the biometric public key contains sufficient information for the computing facility 13 to determine that the secret number was correctly computed. For example, the secret number may be encrypted using a one-way function, such as a cryptographic hash, and the hashed value is communicated with the biometric public key. To authenticate the subject 11, the one-way function is applied to the computed (candidate) secret number to determine whether there is a match. Once the determination has been made, the computing facility 13 transmits to the information system 15 an indication that the subject 11 is authenticated as a known individual.]; 
wherein, the first ciphertext is obtained after the fingerprint data and the first message authentication code are encrypted by using a first encryption algorithm [Herder, para. 0060, FIG. 1, the biometric public key contains sufficient information for the computing facility 13 to determine that the secret number was correctly computed. For example, the secret number may be encrypted using a one-way function, such as a cryptographic hash, and the hashed value is communicated with the biometric public key. To authenticate the subject 11, the one-way function is applied to the computed (candidate) secret number to determine whether there is a match. Once the determination has been made, the computing facility 13 transmits to the information system 15 an indication that the subject 11 is authenticated as a known individual.]; 
the first decryption algorithm is matched with the first encryption algorithm [Herder, para. 0104, FIG. 6, The method of FIG. 6 concludes with a process 66, in which the computing facility transmits an indication that the subject is authenticated as the individual when the candidate value for the secret number is deemed equivalent to the secret number characterized by the biometric public key. As described above in connection with FIG. 1, to determine equivalence, the secret number S may be encrypted using a one-way function (say, F) and the hashed value F(S) is received with the biometric public key K in process 64. It should be appreciated that, because the function F is one-way only, the secret number S cannot be feasibly recovered from the hashed value F(S), so the latter value F(S) may be made public without compromising the secret number S. To authenticate the subject, the function F is applied to the candidate value for the secret number S' to determine whether there is a match; that is, whether F(S)=F(S'). If so, then using well-known properties of cryptographic hash functions, one may conclude with a high degree of confidence that S=S', so the computing facility in fact already possesses the secret number S.]. 

Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder (Herder, para. 0060, 00102-0104, FIG. 1, and FIG. 6) would enable Tang to using a message authentication code algorithm corresponding to the biometric data and assessing that the obtained biometric data is valid and by matching corresponding message authentication code.

Regarding claim 3. The combination of Tang and Herder does teach, the fingerprint data processing method according to claim 2. Herder does disclose, wherein parameters of the message authentication code algorithm comprise the fingerprint data and a first session key [Herder, para. 0122, In a second, communication phase, the sender sends only the biometric public key to a subject 41 purporting to be the individual 31. The subject 31 uses a picture of their eye and the biometric public key to reconstruct the hash of the secret number, using the processes described above. If these processes are successful, then the hash function of the secret number becomes a shared secret that may be used, for example, as a "session key" (as that phrase is known in the art). However, the authentication processes can only be successful if the subject 41 possesses the biometrics of the individual 31. In this way, this embodiment enables the creation of a secure session for communication.]; and
 the method, before the receiving the first ciphertext that carries fingerprint data, further comprises [Herder, para. 0118, FIG. 7, In particular, it includes a transducer 76 and a computing facility that performs at least two functions: a key recovery function 77 that recovers the secret number 78 (identical to the key recovery function 46 described in connection with FIG. 4), and a decryption algorithm 79 that uses the recovered secret number 78 (e.g., fingerprint data) to reproduce the plain text 72 from received cipher text 74.]: 
generating the first session key according to a preset shared key [Herder, 0122, If these processes are successful, then the hash function of the secret number becomes a shared secret that may be used, for example, as a "session key" (as that phrase is known in the art).]; and
establishing a first session channel to a sender of the first ciphertext according to the first session key [Herder, para. 0116, 0122, to establish the secure communications channel to the subject 41, an individual first configures the encryption system 71 to receive a record containing the necessary encryption information. For example, the record may characterize a public/private key pair for performing an asymmetric encryption algorithm as known in the art. The public key may be stored directly in the record, while the private key may be the secret number characterized by the biometric public key 37. (Para. 0122)However, the authentication processes can only be successful if the subject 41 possesses the biometrics of the individual 31. In this way, this embodiment enables the creation of a secure session for communication.]; 
wherein the first session channel is used in transmission of the first ciphertext [Herder, para. 0116, 0118, FIG. 7, To establish the secure communications channel to the subject 41, an individual first configures the encryption system 71 to receive a record containing the necessary encryption information. For example, the record may characterize a public/private key pair for performing an asymmetric encryption algorithm as known in the art. The public key may be stored directly in the record, while the private key may be the secret number characterized by the biometric public key 37.  (Para. 0118), Then, to encrypt plain text 72, a computing facility of the encryption system 71 executes an encryption algorithm 73 to generate a cipher text 74 using the public key data from the record. The cipher text 74 may then be sent to the decryption system 75 using any insecure communications means, such as the Internet.]. 
Tang and Herder are in same field of endeavor as they both are pertaining to field of identity authentication, specifically a kind of fingerprint verification method and system.
Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder (Herder, para. 0116, 0118, 0122, and FIG.7) would enable Tang to use a session key and the 

Regarding claim 5. The combination of Tang and Herder does disclose, the fingerprint data processing method according to claim 1.  Herder does disclose, wherein the method, before the identifying the fingerprint data and generating the identification result, further comprises: 
obtaining a third ciphertext that carries a fingerprint template [Herder, para. 0118, 0134, FIG. 7, and 11, generate a cipher text 74 using the public key data from the record. Note that the construction in FIG. 11 requires securing the ROM 1107 to permit securely and secretly storing both the biometric template information and the secret key.]; and 
decrypting the third ciphertext to obtain the fingerprint template, wherein the identifying the fingerprint data and generating the identification result is specifically: performing matching identification on the fingerprint data and the fingerprint template, and generating the identification result [Herder, 0005, 0119, This first category of biometric authentication is analogous to "secret key" cryptosystems, in that they store the "secret key" i.e., the biometric template in some secure database, and the user presents his/her biometric template for authentication.  A decryption algorithm 79 that uses the recovered secret number 78 to reproduce the plain text 72 (e.g., identification result) from received cipher text 74.  (Para. 0134), the transducer 1105 processes the biometric information 1102 and sends these data to an authentication algorithm 1106. The authentication algorithm 1106 obtains a copy of an authorized individual's biometric data from the ROM 1107. If the biometric information 1102 matches (to within an acceptable level) the individual's biometric data obtained from the ROM 1107, the authentication algorithm 1106 obtains the secret key stored in the ROM 1107. Other algorithms (e.g., the signing algorithm 1109, the decryption algorithm 1110, and other crypto algorithms 1111) may then access the secret key 1108. The applications processor 1104 may communicate with the co-processor 1103 to invoke the cryptographic algorithms 1109, 1110, 1111. Note that the construction in FIG. 11 requires securing the ROM 1107 to permit securely and secretly storing both the biometric template information and the secret key.]. 
	Tang and Herder are in same field of endeavor as they both are pertaining to field of biometric authentication and identity authentication, specifically a kind of fingerprint verification method and system.
Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder (Herder, para. 0005, 0118-0119, 0134, FIG. 7 and FIG. 11) would enable Tang to continue with communication and generating third ciphertext, decrypting, and identifying biometric data to be transmitted. 

Regarding claim 6. The combination of Tang and Herder does disclose, the fingerprint data processing method according to claim 1.  Herder does disclose, wherein the encrypting the identification result and generating the second ciphertext that carries the identification result specifically comprises: 
generating a message authentication code corresponding to the identification result by using a message authentication code algorithm [Herder, para. 0025, 0124, associating, by the computing facility, the biometric public key with a one-way function of the secret number; and storing the one-way function of the secret number in the storage facility. The one-way function may be a cryptographic hash function.  (Para. 0124) in accordance with this use case, the subject 41 provides the signature system 80 with a message 84 to be signed. The computing facility of the signature system 80 performs a signing algorithm 85 on the message to produce a signed message 86 that purports to be from the individual, using the secret key 83 recovered by the key recovery function 82. Such signing algorithms are well known in the art. For example, a message may be signed by applying a keyed-hash message authentication code (HMAC) as known in the art, using the secret key 83 as the key.]; and 
encrypting the identification result and the third message authentication code by using  an encryption algorithm, and generating the second ciphertext [Herder, 0060, the biometric public key contains sufficient information for the computing facility 13 to determine that the secret number was correctly computed. For example, the secret number may be encrypted using a one-way function, such as a cryptographic hash, and the hashed value is communicated with the biometric public key.  (Para. 0118), FIG. 7, to encrypt plain text 72, a computing facility of the encryption system 71 executes an encryption algorithm 73 to generate a cipher text 74 using the public key data from the record.]. 
Tang and Herder are in same field of endeavor as they both are pertaining to field of identity authentication, specifically a kind of fingerprint verification method and system and authentication of user biometric data.
Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder (Herder, 0025, 0060, 0124, and FIG. 7) would enable Tang to use a session key and the identification result generated from a message authentication code algorithm in addition to establishing session channel for a secure transmission of encrypted information.

Regarding claim 7. The combination of Tang and Herder does teach, the fingerprint data processing method according to claim 6.  Tang does not does disclose, wherein parameters of the message authentication code algorithm comprise a session key and the identification result;
However, Herder does disclose, wherein parameters of the message authentication code algorithm comprise a session key and the identification result [Herder, para. 0122, In a second, communication phase, the sender sends only the biometric public key to a subject 41 purporting to be the individual 31. The subject 31 uses a picture of their eye and the biometric public key to reconstruct the hash of the secret number, using the processes described above. If these processes are successful, then the hash function of the secret number becomes a shared secret that may be used, for example, as a "session key" (as that phrase is known in the art). However, the authentication processes can only be successful if the subject 41 possesses the biometrics of the individual 31. In this way, this embodiment enables the creation of a secure session for communication.]; and
 the method, before the encrypting the identification result and generating the second ciphertext that carries the identification result, further comprises [Herder, para. 0117, 0118, FIG. 7, Obtaining the record may be done using methods known in the art of public key distribution and public key infrastructure, for example by the encryption system 71 providing sufficient identity information to the biometric certificate authority 38 to permit retrieval of the record from the public key database 39. The particular biometric certificate authority 38 that includes the correct record may itself be determined, for example, by consulting a directory that maps individuals to such authorities. (Para. 0118) then, to encrypt plain text 72, a computing facility of the encryption system 71 executes an encryption algorithm 73 to generate a cipher text 74 using the public key data from the record.]:
 generating the session key according to a DH key negotiation algorithm and an identity authentication algorithm [Herder, 0121, 0122, It should be appreciated that the data flows depicted in FIG. 6 establish a unidirectional communications channel. To provide bidirectional communications, the process depicted in FIG. 6 may be performed between two or more individuals for mutual authentication (once per individual), simply by reversing the roles of the sender and receiver. Such mutual authentication may be performed prior to transmission of meaningful data. Moreover, if the communications will be extensive, a symmetric encryption algorithm 73 is preferred for computational efficiency. Such algorithms require the establishment of a shared secret, which may be done using a key agreement protocol known in the art such as the Diffie-Hellman protocol or the Kerberos protocol.  The subject 31 uses a picture of their eye and the biometric public key to reconstruct the hash of the secret number, using the processes described above. If these processes are successful, then the hash function of the secret number becomes a shared secret that may be used, for example, as a "session key" (as that phrase is known in the art). However, the authentication processes can only be successful if the subject 41 possesses the biometrics of the individual 31. In this way, this embodiment enables the creation of a secure session for communication.]; and 
establishing a session channel to a receiver of the second ciphertext according to the second session key [Herder, para. 0039, FIG. 7 is a schematic representation of data flow through functional components used in an embodiment of the invention to provide a unidirectional encrypted communications channel.  The subject 31 uses a picture of their eye and the biometric public key to reconstruct the hash of the secret number, using the processes described above. If these processes are successful, then the hash function of the secret number becomes a shared secret that may be used, for example, as a "session key" (as that phrase is known in the art). However, the authentication processes can only be successful if the subject 41 possesses the biometrics of the individual 31. In this way, this embodiment enables the creation of a secure session for communication.]; 
wherein the session channel is used in transmission of the second ciphertext [Herder, para. 0039, 0118, FIG. 7 is a schematic representation of data flow through functional components used in an embodiment of the invention to provide a unidirectional encrypted communications channel.  (Para. 0118), Then, to encrypt plain text 72, a computing facility of the encryption system 71 executes an encryption algorithm 73 to generate a cipher text 74 using the public key data from the record. The cipher text 74 may then be sent to the decryption system 75 using any insecure communications means, such as the Internet.]. 
Tang and Herder are in same field of endeavor as they both are pertaining to field of identity authentication, specifically a kind of fingerprint verification method and system and authentication of user biometric data.
Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder (Herder, para. 0005, 0025, 0039, 0060, 0117-0119, 0121-0122, and FIG.7 and FIG. 11) would enable Tang to use a session key and the identification result generated from a message authentication code algorithm in addition to establishing session channel for a secure transmission of encrypted information.

Regarding apparatus claim 9 that is same or similar to limitations of method claim 1, and similarly rejected.
Regarding apparatus claim 10 that is same or similar to limitations of method claim 2, and similarly rejected.
Regarding apparatus claim 11 that is same or similar to limitations of method claim 3, and similarly rejected.
Regarding apparatus claim 13 that is same or similar to limitations of method claim 5, and similarly rejected.
Regarding apparatus claim 14 that is same or similar to limitations of method claim 6, and similarly rejected.
Regarding apparatus claim 15 that is same or similar to limitations of method claim 7, and similarly rejected.

Regarding claim 17. Tang does disclose, the fingerprint data processing method according to claim 1, wherein, the host of the electronic device runs in a trusted execution environment [Tang, page 5, para. 6, see client receives the session key after encryption, and uses this user key to be decrypted to obtain session key, and namely between client and server end, set up secure connection, the communication between client and server end is encrypted by this session key.].

Claims 4, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Tang et al. (Chinese Publication No. 105207776, China Standard Software CO LTD (2015)) [This prior art is provided/cited in the IDS] hereafter Tang in view of Herder et al. .

Regarding claim 4. The combination of Tang and Herder does disclose, the fingerprint data processing method according to claim 3.  Tang and Herder does not disclose, wherein a preset manner of the shared key is factory presetting.
However, Reagan does teach, wherein a preset manner of the shared key is factory presetting [Reagan, para. 0025, communications from the loader service 141 and the discovery service 149 can be authenticated by employing hash message authentication code (HMAC) so that a response from the discovery service 149 to the loader service 141 can be verified as authentic, reducing the possibility of a malicious application being installed upon the client device 106. In some embodiments, communications between the loader service 141 and discovery service 149 can be encrypted using a pre-shared key with which the client device 106 is provided by an OEM.].
Tang, Herder and Reagan are in same field of endeavor as they both are pertaining to security arrangements for protecting computers, components thereof, programs or data against unauthorized activity by providing authentication of user biometric data.
Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder that relates to .

Regarding apparatus claim 12 that is same or similar to limitations of method claim 4, and similarly rejected.

Claims 8, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Tang et al. (Chinese Publication No. 105207776, China Standard Software CO LTD (2015)) [This prior art is provided/cited in the IDS] hereafter Tang in view of Herder et al. (US PGPUB # 2017/0141920) further in view of Mardikar et al. (US PGPUB # 2009/0305673).

Regarding claim 8. The combination of Tang and Herder does disclose, the fingerprint data processing method according to claim 3.  Tang and Herder does not disclose, wherein parameters of the message authentication code algorithm further comprise a count value of a built-in counter.
However, Mardikar does teach, wherein parameters of the message authentication code algorithm further comprise a count value of a built-in counter [Mardikar, para. 0013, 0029, FIG. 2,  in accordance with another embodiment of the disclosure, a secure SMS system comprises a client in communication with a remote location via a network. The secure SMS system also comprises one or more processors and one or more memories adapted to store a plurality of machine-readable instructions. When executed by the one or more processors, the machine-readable instructions are adapted to cause the client device to encrypt SMS data to be sent from the client device by generating a Hash Message Authentication Code (HMAC) using an encryption algorithm and applying the HMAC to a combination of a timestamp and/or counter with second factor authentication information in a component of the client device; and send encrypted SMS data via a secure SMS application using a regular SMS channel of the client device to the remote location.  (Para. 0029, FIG. 2), In accordance with another embodiment of the disclosure, a secure SMS system comprises a client in communication with a remote location via a network. The secure SMS system also comprises one or more processors and one or more memories adapted to store a plurality of machine-readable instructions. When executed by the one or more processors, the machine-readable instructions are adapted to cause the client device to encrypt SMS data to be sent from the client device by generating a Hash Message Authentication Code (HMAC) using an encryption algorithm and applying the HMAC to a combination of a timestamp and/or counter with second factor authentication information in a component of the client device; and send encrypted SMS data via a secure SMS application using a regular SMS channel of the client device to the remote location.]. 

Therefore, it would have been obvious to one of ordinary skill in art before the effective date of claimed invention to modify the teachings of Tang that relates to field of identity authentication, specifically a kind of fingerprint verification method and system (Tang, please see abstract and page 2, para. 5) with teachings of Herder that relates to security arrangements for protecting computers, components thereof, programs or data against unauthorized activity by providing authentication of user biometric data (Herder, please see abstract and para. 0002) and teachings of Mardikar (Mardikar, para. 0013, 0029, and FIG. 2) would enable Tang and Herder to use hash message authentication code (HMAC) algorithm with implementing a counter that us used for replay protection and the message or data is thus internally in the client device. 

Regarding apparatus claim 16 that is same or similar to limitations of method claim 8, and similarly rejected.

Conclusion
The prior art made of record and not relied upon is considered pertinent to application’s disclosure:
US PGPUB No. (2009/0100269) to Naccache discloses a biometric authentication method and apparatus are provided. A user to be 
US PGPUB No. (2010/0119061) to Kawale discloses a private key is generated for use in a public key communications environment, and the private key includes a partial private key and processed biometric data.
US PGPUB No. (2007/0038867) to Verbauwhede discloses a secure embedded system that uses cryptographic and biometric signal processing acceleration is described. In one embodiment, the secure embedded system is configured as a wireless pay-point protocol for brick-and-mortar and e-commerce applications in which biometric information is localized and does not require transmission of biometric data for authentication.
 US PGPUB No. (2008/0263363) to Jueneman discloses a portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S SHAMS whose telephone number is (571)272-3406.  The examiner can normally be reached on Monday-Friday 8:00 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 






/MOHAMMAD S SHAMS/Examiner, Art Unit 2434   

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498