DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
s 1-5, 8-12, 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Doloff (USPN 10,505,925) in view of Wheeler et al (USPAP 2003/0014372).

Re claims 1, 5, 8, 12, 15 and 19: Doloff teaches a method comprising receiving, by an authorization system via a network, an external authorization request from a remote server, the external authorization request including a unique identifier for a user account of the authorization system and the external authorization request including data identifying a requested action (col. 7, lines 6-25, “target environment”; col. 9, lines 29-34);
transmitting, via the network to a client device associated with the user account, an internal authorization request, the internal authorization request including the data identifying the requested action and the internal authorization request causing the client device to perform operations comprising presenting a prompt to authorize the requested action (col. 9, lines 60 through col. 10, lines 35);
receiving, via the network from the client device, an internal authorization message in response to the internal authorization request, the internal authorization message indicating that the requested action has been authorized, the internal authorization message including a digital signature (that was generated by the client device using a private key stored in a secure hardware of the client device) (col. 9, lines 60 through col. 10, lines 35; col. 2, lines 65 through col. 3, lines 40);
in response to receiving the internal authorization message, verifying the digital signature using a public key associated with the user account (col. 9, lines 60 through col. 10, lines 35; col. 2, lines 65 through col. 3, lines 40); and

Doloff does not explicitly teach that the digital signature was generated by the client device using a private key stored in a secure hardware of the client device; and accessing the public key associated with the user account from a distributed database (claim 5).
Wheeler teaches the concept of authorization message including a digital signature that was generated by a client device using a private key stored in a secure hardware of the device, and accessing the public key associated with the user account from a distributed database (abstract). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Doloff to include this feature as taught by Wheeler for the obvious reason of ensuring that the message originates from a trusted device.

Re claims 2, 3, 9, 10, 16 and 17: Wheeler further teaches wherein the internal authorization request further causes the client device to perform operation comprising:
capturing an image of a user using the client device; comparing the image of the user using the client device to a verified image of the user associated with the user account, the verified image stored in the secure hardware of the client device and having been captured by the client device during an enrollment process with the authorization system; and
determining, based on comparing the image of the user using the client device to the verified image of the user associated with the user account, that the user using the client device is the user associated with the user account (Wheeler: 0008, 0033; “biometric data”). Therefore, it would 


 Re claims 4, 11 and 18: Wheeler further teaches wherein the internal authorization request further causes the client device to perform operations comprising: presenting a prompt to enter a passcode and a biometric data item; receiving the passcode and biometric data item from a user using the client device; and verifying the user using the client device based on the passcode and biometric data item (Wheeler: 0009, Combination of two or more different types of entity authentication, for example factors B(PIN) and  C (biometric)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Doloff to include this feature as taught by Wheeler for the obvious reason of achieving additional security (Wheeler: 0009).

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Doloff in view of Wheeler and further in view of Van Oorschot (USPN 6,370,249) (hereinafter referred to as “Van”).

Re claims 6, 13 and 20: Doloff and Wheeler do not explicitly teach, wherein the requested action is transmitting personal information associated with the user account to a recipient, the method further comprising: 

transmitting the encrypted personal information to a second client device associated with the user account of the recipient, the second client device maintaining a private key to decrypt the encrypted personal information.
Van teaches the concept of transmitting message (personal information) associated with the user account to a recipient, the method further comprising: transmitting, to the client device, a public key associated with a user account of the recipient; receiving, from the client device, encrypted message (personal information), the message (personal information) having been encrypted by the client device using the public key associated with the user account of the recipient; and
transmitting the encrypted message (personal information) to a second client device associated with the user account of the recipient, the second client device maintaining a private key to decrypt the encrypted personal information (col. 4, lines 34 through col. 5, lines 12). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Doloff and Wheeler combination to include this feature as taught by Van for the obvious reason of enhancing the applicability of the process/system.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Doloff in view of Wheeler and further in view of Cairns et al (USPN 10,142,464).



Cairns teaches these features at col. 6, lines 27-63. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Doloff and Wheeler combination to include this feature as taught by Cairns for the obvious reason of enhancing the flexibility of the system.


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLABODE AKINTOLA whose telephone number is (571)272-3629.  The examiner can normally be reached on Mon-Fri 8:30a-6:00p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Kalinowski can be reached on 571-272-6771.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/OLABODE AKINTOLA/Primary Examiner, Art Unit 3691