DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
Applicant’s arguments with respect to claims 21-42 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


Claims 21-25, 27-31, 33-36 and 38-41 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Jung et al., (US publication No. 2011/0191586), hereinafter “Jung”, and further in view of Lee, (US Publication No. 2010/0281146) and further in view of Hirabayashi, (US Publication No. 2012/0173867) and further in view Maturana” and further in view of Sidles, (US Publication No. 2002/0062342).

Regarding claims 21 and 27, Jung discloses
a data storage device [Jung, figure 1]; 
a hash value generated by hashing a Jung, paragraph 38, a method of generating a hash value using concatenation of data is an example for generating the hash value by using a public key, a random number, and a password. Thus, one of ordinary skill in the art would understand that various other methods of generating the hash value by combining the public key, the random number, and the password may be used. For example, the hash value may be generated after performing an exclusive OR (XOR) operation on bit values of the public key, the random number, and the password, or may be generated in a bitstream generated by adding up all of the bit values of the public key, the random number, and the password and paragraph 98].

Jung does not specifically disclose, however Lee teaches
(1) receiving, at the domain name server from the client, a user name associated with a user of the client [Lee, paragraph 28, sending an account information comprising user name, a password, and a hostname to the dynamic DNS 22 to request registration or modification]. 

invention was made to include generating a random hash key based on the user name received at the domain name server from a client in order to apply and tie the  generation to a specific user for maintaining security.

Jung-Lee does not specifically disclose, however Hirabayashi teaches
(2) generating, at the Hirabayashi, paragraph 6, a user ID is transmitted from a personal computer to a server, and the server generates a random number based on the ID].
It would have been obvious to one having ordinary skill in the art at the time the
invention was made to include generating a random hash key based
on the user name in order to apply and tie the generation to a specific user for
maintaining security.

Jung-Lee-Hirabayashi does not specifically disclose, however Maturana teaches
(3) transmitting, from the Maturana, paragraph 60, the server decides on a particular cipher, and sends the client some random numbers and a certificate that contains the server’s public key]; 
It would have been obvious to one having ordinary skill in the art at the time the
invention was made to include transmitting to the client information related to the user


(4) receiving, at the Maturana, paragraph 60, the client verifies the server’s authenticity and sends back some encrypted information to set the keys, and some encrypted authentication information about the whole session].
It would have been obvious to one having ordinary skill in the art at the time the
invention was made to include the client returning encrypted I hashed values that were
sent from the server to the client and returned in order to verify the values and create a
secure transaction between the server and client. 

Jung-Lee-Hirabayashi-Maturana does not specifically disclose, however Sidles teaches

a biometric identification vector including biometric information of the user [Sidles,
paragraph 69, The method whereby the user gains access to, registers and
corrects the wallet database is as follows: The user uses a User name and
Password (or equivalent PIN, PK.I certificate, biometric, SIM Toolkit, etc.) to
access the secure server that contains all the information in their wallet];
It would have been obvious to one having ordinary skill in the art at the time the
invention was made to include use biometric information in place of a user's id and or
password in order to provide enhanced security of the identification of a user and

(5) registering, in a database, the user name in association with the received hash value to authenticate Sidles, paragraph 69,
The method whereby the user gains access to, registers and corrects the wallet
database is as follows: The user uses a User name and Password (or equivalent
PIN, PK.I certificate, biometric, SIM Toolkit, etc.) to access the secure server that
contains all the information in their wallet].
It would have been obvious to one having ordinary skill in the art at the time the
invention was made to include registering the user in the database of the server for
future transactions in order to allow secure transactions.

Regarding claims 22 and 28, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
transmitting, from the domain name server to the client, a public key for the domain name server, wherein the received hash value is encrypted by the client using the public key [Jung, paragraph 38, a method of generating a hash value using concatenation of data is an example for generating the hash value by using a public key, a random number, and a password. Thus, one of ordinary skill in the art would understand that various other methods of generating the hash value by combining the public key, the random number, and the password may be used. For example, the hash value may be generated after performing an exclusive OR (XOR) operation on bit values of the public key, the random number, and the password, or may be generated in a bitstream generated by adding up all of the bit values of the public key, the random number, and the password and paragraph 98].

Regarding claims 23 and 29, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
establishing a secure connection between the domain name server and the client [Lee, paragraph 6, connection and registration are performed]; and performing steps (1) to (4) using the secure connection [Jung-Lee-Hirabayashi-Maturana-Sidles].

Regarding claims 24 and 30, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
wherein the client sends the hash value to the domain name server in connection with a domain name service request [Lee, paragraphs 6, 28, sending an account information comprising a user name, a password, and a hostname to the dynamic DNS 22 to request registration or modification].

Regarding claims 25 and 31, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
receiving, at the domain name server from the client, a registration request including the user name [Lee, paragraphs 6, 28, sending an account information comprising a user name, a password, and a hostname to the dynamic DNS 22 to request registration or modification]; and performing steps (2) to (5) in response to the registration request [Jung-Lee-Hirabayashi-Maturana-Sidles].


Regarding claims 33 and 38, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
a data storage device storing (1) a user name associated with a user of the client device and (2) a biometric identification vector generated based on biometric information of the user [Sidles, paragraph 69];
sending, to the domain name server, a user name associated with a user of the client [Lee, paragraph 28, sending an account information comprising a user name, a
password, and a hostname to the dynamic DNS 22 to request registration or
modification]; 
receiving, from the domain name server, a random hash key [Maturana, paragraph 60, the server decides on a particular cipher, and sends the client some random numbers and a certificate that contains the server's public key], wherein the random hash key is generated based at least in part on the user name [Hirabayashi,
paragraph 6, a user ID is transmitted from a personal computer to a server, and
the server generates a key and a random number based on the ID]; 
receiving biometric information of the user [Sidles, paragraph 69, The method whereby the user gains access to, registers and corrects the wallet database is as
follows: The user uses a User name and Password (or equivalent PIN, PK.I
certificate, biometric, SIM Toolkit, etc.) to access the secure server that contains
all the information in their wallet]; 

Sidles, paragraph 69, The method whereby the user gains access to, registers and corrects the wallet database is as follows: The user uses a User name and Password (or equivalent PIN, PK.I certificate, biometric, SIM Toolkit, etc.) to access the secure server that contains all the information in their wallet]; 
generating a hash value by hashing the biometric identification vector using the random hash key [Jung, paragraph 38, a method of generating a hash value using concatenation of data is an example for generating the hash value by using
a public key, a random number, and a password. Thus, one of ordinary skill in the
art would understand that various other methods of generating the hash value by
combining the public key, the random number, and the password may be used.
For example, the hash value may be generated after performing an exclusive OR
(XOR) operation on bit values of the public key, the random number, and the
password, or may be generated in a bitstream generated by adding up all of the
bit values of the public key, the random number, and the password and
paragraph 98]; and 
sending the hash value to the domain name server [Maturana, paragraph 60, the
client verifies the server's authenticity and sends back some encrypted information to set the keys, and some encrypted authentication information about the whole session].

Regarding claims 34 and 39, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
Jung, paragraph 38 and 98]; and 
encrypting the hash value using the public key [Jung, paragraph 38 and 98].

Regarding claims 35 and 40, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
establishing a secure connection between the domain name server and the client [Lee, paragraph 6]; and communicating with the domain name server using the secure connection [Lee, paragraph 6].

Regarding claims 36 and 41, Jung-Lee-Hirabayashi-Maturana-Sidles further discloses
sending, to the domain name server, a registration request including the user name [Lee, paragraphs 6, 28, sending an account information comprising a user name, a password, and a hostname to the dynamic DNS 22 to request registration or modification].

Claims 26, 32, 37 and 42 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Jung-Lee-Hirabayashi-Maturana-Sidles as applied to claims 21, 27, 33 and 38 above, and further in view of Lapere et al., (US Publication No. 2001/0039619), hereinafter “Lapere”.

Regarding claims 26 and 32, Jung-Lee-Hirabayashi-Maturana-Sidles does not specifically disclose, however Lapere teaches
wherein the biometric identification vector includes a deviation in the biometric information of the user [Lapere, paragraph 6, user is prompted to provide a biometric input. An encrypted biometric token representative of a biometric input from an authorized user is decrypted. The biometric input is correlated with the decrypted biometric token. When the biometric input correlates to within a selected threshold of the decrypted biometric token, the biometric token is cryptographically transformed to generate an authorization token].
It would have been obvious to one having ordinary skill in the art at the time the
invention was made to include a deviation threshold for the biometric data in order to allow for small differences of the biometric data while using for authentication in order to provide the enhanced security of the biometric information while allowing for a threshold amount of differences due to different scanning equipment, user changes etc.

Regarding claims 37 and 42, Jung-Lee-Hirabayashi-Maturana-Sidles-Lapere further discloses
wherein the biometric identification includes a deviation in the biometric information of the user [Lapere, paragraph 6, user is prompted to provide a biometric input. An encrypted biometric token representative of a biometric input from an authorized user is decrypted. The biometric input is correlated with the decrypted biometric token. When the biometric input correlates to within a selected threshold of the decrypted biometric token, the biometric token is cryptographically transformed to generate an authorization token].


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589.  The examiner can normally be reached on M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433