Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are presented for examination.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for most of this examiner’s amendment was given in an interview with Mr. Brian K. Buchheit (Reg. No.: 52,667) on 09 February 2021.
The application has been amended as follows: 

1.	(Currently Amendment) A secure computer system architecture comprising:
	a plurality of network-enabled end-user devices;
a plurality of services available to the end-user devices, wherein each service is provided via at least one of an appropriately-configured server meeting a predefined minimum level of computer and network security and a blockchain network
a biometric authentication gateway that controls access to the plurality of services by the plurality of end-user devices based upon validation of a biometric vector of a user of an end-user device, wherein enrollment with the biometric authentication gateway by each end-user device and their respective user is required, said enrollment establishing an enrollment biometric vector of the user and a relationship with an identifier of the respective end-user device, wherein network communications not performed 

2.	(Currently Amendment) The system architecture of claim 1, wherein an end-user device utilizes a secure real-time operating system (RTOS) that further increases security for the locally-stored fuzzy vault having a respective part of the user’s private encryption key therein

6.  	(Currently Amendment) The system architecture of claim 1, wherein at least one service requires ownership of non-native tokens as governed by a non-native application configured to manage generation and assignation of said non-native tokens, wherein said non-native application is accessible by [[the]] a corresponding software application running on the end-user devices.

8. 	(Currently Amendment) The system architecture of claim 1, wherein the blockchain network is a decentralized, open-source blockchain network. 

9.	(Currently Amendment) A method for securing a private encryption key comprising:

	enrolling users of a computer system, which is configured in accordance with a secure system architecture that utilizes a biometrics authentication gateway to control access to at least one of components and services of the computer system, with the biometric authentication gateway to establish a respective enrollment biometric vector and an identity of a respective end-user device;
	segmenting a [[the]] generated 
	encrypting a first part and a second part of the segmented 
	storing the three parts of the when one or two of the three parts becomes compromised, wherein the storing further comprises: 
storing a first vault in a data store associated with the biometric authentication gateway, wherein the first vault comprises a third part of the encryption key and is encrypted in the first vault using the enrollment biometric vector; 
storing a second vault local to the end-user device, wherein the second vault comprises the second part of the encryption key and is encrypted in the second vault using the enrollment biometric vector.

10.	 (Currently Amendment) The method of claim 9, wherein encrypting the first and second parts further comprises:
	accessing the respective user’s enrollment biometric vector, wherein said biometric vector conforms to a fuzzy vault framework;
creating a first fuzzy vault, also referenced as the first vault, using a predetermined fuzzy vault algorithm, the first part, and the enrollment biometric vector; and
creating a second fuzzy vault, also referenced as the second vault, using the predetermined fuzzy vault algorithm, the second part, and the enrollment biometric vector.[[;]]

11.  	(Currently Amendment)	The method of claim 10, wherein storing the three parts further comprises:
storing the second fuzzy vault local to the end-user device; and 
	storing the first fuzzy vault and a third part of the 

15.	(Currently Amendment)	The method of claim 9, further comprising:
	when a task of the computer system requires use of the 
	decrypting the first and second parts of the 
	reassembling the 
	
16.	(Currently Amendment)	A computer system security method comprising:


in response to a request to access a service provided by a
upon successful biometric authentication
upon unsuccessful biometric authentication, wherein biometric authentication further comprises:
	capturing the at least one item of the user’s biometric data in real-time;
	processing the captured at least one item of biometric data for consumption;
	generating the biometric vector from the at least one item of captured biometric data;
attempting to decrypt the enrollment biometric vector using the generated biometric vector;
	upon successful decryption of the enrollment biometric vector, comparing the new biometric vector to the enrollment biometric vector to produce a similarity score that quantitatively represents an equivalence between the newly-captured biometric vector and the enrollment biometric vector;
	when the similarity score meets a predefined threshold value, indicating that the biometric authentication is successful;
	when the similarity score fails to meet a predefined threshold value, indicating that the biometric authentication is unsuccessful; 
encrypting the enrollment biometric vector using a predetermined cryptography technique and the new biometric vector; and
	purging the generated biometric vector from local memory to guard against its unauthorized access.

17.	(Proposed Amendment)	The security method of claim 16, wherein enrollment further comprises:
	


	performing the capturing, processing, and generating two additional and separate times to produce a set of three biometric vectors; and
	calculating a mean biometric vector for the set of three biometric vectors, wherein said mean biometric vector is used as the user’s enrollment biometric vector.


securing a public key infrastructure (PKI) private encryption key belonging to the user by segmenting the private encryption key into three parts and distributing the three parts between the end-user device and at least one component of the secure computer system, wherein at least two of the three parts are encrypted using the predetermined cryptography technique that utilizes the user’s enrollment biometric vector, wherein the private encryption key remains uncompromised if one or two of the three parts becomes compromised;
	









18, wherein, when the request is to execute the task that requires use of the user’s secured private encryption key and biometric authentication is successful, said method further comprises:
	obtaining the three parts of the private encryption key from the end-user device and the at least one component of the secure computer system;
	decrypting the at least two of the three parts of the private encryption key that are encrypted; and
	reassembling the private encryption key from the three parts.
Allowable Subject Matter
Claims 1-20 are allowed.
The claims are directed to novel and non-obvious methods for securing a private encryption key, secure computer system architectures which requires, at least in part, a biometric authentication gateway that controls access to the plurality of services by the plurality of end-user devices based upon validation of a biometric vector of a user of an end-user device, wherein enrollment with the biometric authentication gateway by each end-user device and their respective user is required, said enrollment establishing an enrollment biometric vector of the user and a relationship with an identifier of the respective end-user device, wherein network communications between the plurality of end-user devices, servers or the computing system providing the services, and the biometric authentication gateway are secured using an improved public key infrastructure (PKI) approach that segments a private encryption key generated for the user into three parts and distributes the three parts between the respective end-user device and the biometric authentication gateway, wherein two of the three parts are encased within fuzzy vaults based upon the user’s respective biometric vector, wherein retrieving the two parts of the user’s respective private encryption key from the fuzzy vaults for reassembly is not 
The claims are also directed to novel and non-obvious methods which require, at least in part, upon unsuccessful biometric authentication
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850.  The examiner can normally be reached on 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARREN B SCHWARTZ/               Primary Examiner, Art Unit 2435