DETAILED ACTION
This office action is in response to applicant’s communication dated 3/1/2021. If needed, this communication is herein referred to as “Amendment”. 
The Amendment was in response to examiner's non-final office action dated 11/30/2020. If needed, this office action is herein referred to as “Previous OA”.
Any citation of the instant specification is as published in US Patent Application Publication 20190333070.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims’ Status
Claims 21-39 are newly submitted, pending, and are currently being examined.
Claims 1-20 are newly cancelled.

Response to Amendment
112 Rejections
The 112(b) rejections of claim 1-20 are removed due to claim cancellation.

103 Rejections
Applicant's 103 arguments filed 3/1/2021 have been fully considered but they are not persuasive. See the specific applicant arguments and examiner’s responses below:

103 Argument 1:
	The applicant argues that the prior arts of record do not teach a key generated based on biometric data of a user and that biometric data is not stored anywhere. (Amendment, Pg 11)
	"all of these prior art references use a variety of PINs, passwords and authentication methods, which the claimed invention does not require”. (Amendment, Pg 11)
	The applicant argues that the data files “remain encrypted on the server at all times and during transmission between the server (or local memory card) and a device over a secure or non-secure communication network” and “that the encrypted data file is only decrypted locally at the device upon retrieval from a storage device such as a server”. (Amendment, Pg 12)
	“Finn teaches the use of biometric data to complete a registration of an account at the server, but not to decrypt an encrypted data file at a device (see paragraph 39 of Finn).” (Amendment, Pg 13) 

103 Response 1:
	The examiner respectfully disagrees. First, the examiner points out that the only claim 29 that requires that biometric data is not stored is claim 29, which specifically states “wherein said biometric data is not stored on said device or said storage device”.
Secondly, the claims, as presented, do not preclude the use of PINs, passwords and authentication methods. Therefore, this argument is irrelevant. It is noted that the In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
	Furthermore, the newly presented reference (Schwach) teaches/suggests all of the supposed deficiencies of the prior arts of record.
As explained in the 103 rejection below: 
Schwach, in an analogous art of system for securing data (¶ 6), teaches/suggests the concept(s) of:
that the stored data file is stored “encrypted” and is “decrypted” to obtain the encrypted information (¶ 18 – “the ECU 16 may store data that will be or has been encrypted by the ECU 16 according to one or more methods of this disclosure. That is, in an embodiment, the ECU 16 may store the data to which the ECU 16 controls access.” And ¶ 32 – “a generic method of providing or controlling access to data that includes biometric-based encryption and decryption of data without ongoing storage of the user's biometric information”)
that the personal information in the data file “is encrypted using a respective unique personalized data key associated with a user” (¶ 7 – “using the first key to encrypt data to create encrypted data”)
generate a personalized data key based on the obtained biometric data of the user (¶ 7 – “receiving a first image of a biometric identifier of a user, converting the first image into a first key”)
decrypt one of the at least one encrypted data file using the generated unique personalized data key (¶ 7 – “a second image of a biometric identifier, converting the second image into a second key, using the second key to attempt to decrypt the encrypted data”)

103 Argument 2:
	The applicant also relies on the 103 arguments above to further allege the patentability of claim(s) 21, 35 and 38 and/or remaining claim(s). (Amendment, Pg(s) 13-14)

103 Response 2:
	The examiner respectfully disagrees at least for the same reasons provided in the above 103 responses and/or in the below 103 rejection section.

Claim Objections
Claims 21 and 38 are objected to because of the following informalities:  
Claim 21 combines two separate thoughts (clauses) with a comma and line indentation. Namely, the comma and line indentation separates the “obtaining the biometric data…” clause and the “generating…a personalized data key…” clause. This is a grammatical error (a “comma splice”). Use a semicolon and line indentation instead. MPEP 2143.03 states: “As a general matter, the grammar and ordinary meaning of terms as understood by one having ordinary skill in the art used in a claim will dictate whether, and to what extent, the language limits the claim scope.”.
Claim 38 combines two separate thoughts (clauses) with just a line indentation. Namely, the line indentation separates the “obtain biometric data…” clause and the “generate a personalized data key…” clause. This is a grammatical error (a “fused sentence”). Use a semicolon and line indentation instead.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 21-24, 28-32, 35-36 and 38-39 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finn (US Patent Application Publication 20080201769) in view of Schwach (US Patent Application Publication 20160352520).

	As per claims 21, 35 and 38, Finn teaches a system (and respective method and device) for securely retrieving a data file, comprising:
	a server configured to store at least one […] data file associated with an identifier, each of the at least one […] data file containing personal information (e.g., credit card information) […] (Abstract, Pars. 9, 20, 22 and 38. Since the consumer may gain access to the information, such as payment options, e.g. credit/debit cards, in the server by entering a password, the password is necessarily stored at the database in order to verify the data entered by the consumer, see Par 38. Also see FIGs. 2-3);
	and a device (POS terminal) in data communication with the server (Par 21 and Fig.2, POS terminal 210 is operatively connected to a central server 230 via a communication network 220 using a secure, encrypted communication channel. Also see Par 18, for application software), 

	receive, at the device, the identifier from the user of the device, the identifier being associated with the user (Abstract  and Pars. 9, 20 and 24. Also see Par 36, the consumer may be required to enter a PIN [which is interchangeable with a password, see Par 9], and if so, receives a unique user ID associated with the consumer account);
	retrieve from the server the at least one […] data file associated with the identifier (Abstract  and Pars. 9, 20 and 24. Also see Par 36, the consumer may be required to enter a PIN [which is interchangeable with a password, see Par 9], and if so, receives a unique user ID associated with the consumer account), 
wherein each of the at least one […] data file contains personal information  (e.g., credit card information) […] (“[0022] Central server 230 may be configured with a central database 232 (e.g., as provided in storage unit 104 of data processing system 100 (see FIG. 1)), that may store various pieces of consumer related data and merchant related data. For consumers, central database 232 may be configured to consolidate and store information about various consumer specific payment methods available to each consumer. The information about various consumer specific payment methods may include the type of payment option (e.g., credit cards, debit cards, loyalty cards, etc.), and data relating to each type of payment option.”);

	[…]; and 
display the personal information obtained from the […] data file on a display associated with the device (FIG. 2:108 and Pars. 26-27, payment options, such as credit cards, are displayed on display 108. Also see Par 31).
Finn doesn’t teach/suggest: 
that the stored data file is stored “encrypted” and is “decrypted” to obtain the encrypted information
that the personal information in the data file “is encrypted using a respective unique personalized data key associated with a user”
generate a personalized data key based on the obtained biometric data of the user
decrypt one of the at least one encrypted data file using the generated unique personalized data key
However, Schwach, in an analogous art of system for securing data (¶ 6), teaches/suggests the concept(s) of:
that the stored data file is stored “encrypted” and is “decrypted” to 
that the personal information in the data file “is encrypted using a respective unique personalized data key associated with a user” (¶ 7 – “using the first key to encrypt data to create encrypted data”)
generate a personalized data key based on the obtained biometric data of the user (¶ 7 – “receiving a first image of a biometric identifier of a user, converting the first image into a first key”)
decrypt one of the at least one encrypted data file using the generated unique personalized data key (¶ 7 – “a second image of a biometric identifier, converting the second image into a second key, using the second key to attempt to decrypt the encrypted data”)
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of that the stored data file is stored “encrypted” and is “decrypted” to obtain the encrypted information, that the personal information in the data file “is encrypted using a respective unique personalized data key associated with a user”, generate a personalized data key based on the obtained biometric data of the user, and decrypt Schwach, to modify (or “further modify”) the system/method/device of Finn, because this would lead to the predictable results of a more secure system/method/device that does not store biometric images for comparison (Schwach ¶ 32 – “thereby improving on known biometric data security systems that store biometric images for comparison”).

As per claims 22, 36 and 39, Finn, as modified, teaches the method of claim 21, the device of claim 35, and the system of claim 38, wherein the device is a Point of Sale (POS) device (Finn Par 21 and Fig.2, POS terminal 210 is operatively connected to a central server 230 via a communication network 220 using a secure, encrypted communication channel).

As per claim 23, Finn, as modified, teaches the method of claim 22, wherein the decrypted personal information comprises payment data, identification data or a combination of payment data and identification data (Finn ¶ 22 – “central database 232 may be configured to consolidate and store information about various consumer specific payment methods available to each consumer. The information about various consumer specific payment methods may include the type of payment option (e.g., credit cards, debit cards, loyalty cards, etc.), and data relating to each type of payment option.”).

	As per claim 24, Finn, as modified, teaches the method of claim 23, further comprising selecting one of the data of the decrypted personal information for use in a Finn “[0028] Upon selection of one of the available payment options, card number data and any verification code corresponding to the selected payment option may be retrieved from central database 232, and provided to the merchant to complete the payment transaction.”). 

	As per claim 28, Finn, as modified, teaches the method of claim 21, 
wherein the biometric data comprises fingerprint data corresponding to at least one finger of the user (Finn ¶ 20 – “POS terminal 210 may also be configured with one or more biometric scanners, such as a fingerprint scanner 216, a retina scanner 218, or a voiceprint scanner 219…A biometric scan…may be used for authorizing access to system 200”.) and 
wherein the fingerprint data is obtained from a fingerprint scanner in data communication with the device (Finn ¶ 20 – “POS terminal 210 may also be configured with one or more biometric scanners, such as a fingerprint scanner 216, a retina scanner 218, or a voiceprint scanner 219…A biometric scan…may be used for authorizing access to system 200”.), and 
the method further comprises the step of:
for each of the at least one finger of the user, generating an associated personalized data key using the fingerprint data relating to the fingerprint corresponding to the finger of the user (Schwach “[0007]…method for securing data that improves on known methods may Schwach Abstract – “a biometric identifier (e.g., retina, fingerprint, etc.)”). 

As per claim 29, Finn, as modified, teaches the method of claim 21, wherein said biometric data is not stored on said device or said storage device (Schwach “[0032] The first method 22 may be considered a generic method of providing or controlling access to data that includes biometric-based encryption and decryption of data without ongoing storage of the user's biometric information, thereby improving on known biometric data security systems that store biometric images for comparison”). 

As per claim 30, Finn, as modified, teaches the method of claim 21, wherein the storage device is a server in data communication with the device (Finn ¶ 21 and Fig.2, POS terminal 210 is operatively connected to a central server 230 via a communication network 220 using a secure, encrypted communication channel). 

As per claim 31, Finn, as modified, teaches the method of claim 22. 
Finn, as modified, doesn’t teach/suggest
wherein the storage device is a memory device inserted in the POS device 
However, Schwach, mentioned above, teaches/suggests the concept(s) of:
wherein the storage device is a memory device inserted in the POS 
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of wherein the storage device is a memory device inserted in the POS device, as taught/suggested by Schwach, to modify (or “further modify”) the method of Finn, as modified, because this would lead to the predictable results of a more versatile method that allows for performing authentication for purchase transactions locally, without having to connect to a server.

	As per claim 32, Finn, as modified, teaches the method of claim 21, wherein the biometric data comprises data representing the palm or the retina of a user (Finn ¶ 20 – “POS terminal 210 may also be configured with one or more biometric scanners, such as a fingerprint scanner 216, a retina scanner 218.).

Claim(s) 25, 33 and 37 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finn (US Patent Application Publication 20080201769) in view of Schwach (US Patent Application Publication 20160352520), as applied to claims 22, 24  above, and further in view of White (US Patent Application Publication 20170091774).

As per claim 25, Finn, as modified, teaches the method of claim 24, further comprising sending an electronic receipt of the transaction to an email address or a cellphone number associated with the user. 
Finn, as modified, doesn’t teach/suggest
further comprising sending an electronic receipt of the transaction to an email address or a cellphone number associated with the user.
However, White, in an analogous art of a biometric transaction system (Abstract), teaches/suggests the concept(s) of:
further comprising sending an electronic receipt of the transaction to an email address or a cellphone number associated with the user (¶ 15 – “Server 18 may then be programmed to provide user with a receipt for the transaction, such as by emailing user or sending a receive to dedicated mobile application 16”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of further comprising sending an electronic receipt of the transaction to an email address or a cellphone number associated with the user, as taught/suggested by White, to modify (or “further modify”) the method of Finn, as modified, because this would lead to the predictable results of a more user friendly method that ensures the user is informed about the results of the transaction and can store such information for future use.

As per claims 33 and 37, Finn, as modified, teaches the method of claim 22 and the device of claim 35. 
Finn, as modified, doesn’t teach/suggest 
wherein the biometric scanner is embedded in the POS device (or “wherein the biometric scanner is embedded thereto”)
However, White, in an analogous art of a biometric transaction system (Abstract), teaches/suggests the concept(s) of:
wherein the biometric scanner is embedded in the POS device (or “wherein the biometric scanner is embedded thereto”)
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of wherein the biometric scanner is embedded in the POS device (or “wherein the biometric scanner is embedded thereto”), as taught/suggested by White, to modify (or “further modify”) the method of Finn, as modified, because this would lead to the predictable results of because this would lead to the predictable results of a more flexible method, which includes options to accommodate merchants’ POS system arrangement preferences.

Claim(s) 26-27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finn (US Patent Application Publication 20080201769) in view of Schwach (US Patent Application Publication 20160352520), as applied to claim 21 above, and further in view of Chandrasekaran (US Patent Application Publication 20160323274).

As per claim 26, Finn, as modified, teaches the method of claim 21, further comprising the steps of: 
[…];
obtaining biometric data of the user from a biometric scanner in data communication with the device (Finn ¶ 20 – “POS terminal 210 may also be configured with one or more biometric scanners, such as a fingerprint scanner 216, a retina scanner 218, or a voiceprint scanner 219…A biometric scan…may be used for authorizing access to system 200”);
generating, at the device, at least one further personalized data key based on the obtained biometric data of the user (Schwach “[0007]…method for securing data that improves on known methods may include receiving a first image of a biometric identifier of a user, converting the first image into a first key…receiving a second image of a biometric identifier, converting the second image into a second key.” and Schwach Abstract – “a biometric identifier (e.g., retina, fingerprint, etc.)”);
 […].
Finn, as modified, doesn’t teach/suggest
modifying the decrypted data file by updating part of the personal information using the device;
for each of the at least one generated further personalized data key, generating at least one encrypted data file by encrypting the decrypted 
and sending the at least one encrypted data file to the storage device.
However, Chandrasekaran, in an analogous art of improving user security for updates to user account information (Par 2), teaches/suggests the concept(s) of:
modifying the decrypted data file by updating part of the personal information using the device ( 232, a user and/or merchant POS device operator being able to edit user account information that is displayed at a merchant's POS device display. Also see  233) and 
sending the at least one encrypted data file to the storage device ("[0233] In block 1595, account management system 160 receives the updated user 101 account data from the merchant POS device 130 and associates the updated user 101 account data with the user 101 account.").
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of modifying the decrypted data file by updating part of the personal information using the device, and sending the at least one encrypted data file to the storage device, as taught/suggested by Chandrasekaran, to modify (or “further modify”) the method of Finn, as modified, because this would lead to the predictable results of a more convenient and secure system that allows for immediate updating, at the POS terminal, of account information, such as contact information, that might be subject to updating (Chandrasekaran Pars. 2 and 8).
Finn, as modified, doesn’t teach/suggest 
for each of the at least one generated further personalized data key, 
However, Schwach, teaches/suggests the concept(s) of:
for each of the at least one generated further personalized data key, generating at least one encrypted data file by encrypting the decrypted data file using the respective generated further personalized data key (¶ 7 – “receiving a first image of a biometric identifier of a user, converting the first image into a first key”)
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of for each of the at least one generated further personalized data key, generating at least one encrypted data file by encrypting the decrypted data file using the respective generated further personalized data key, as taught/suggested by Schwach and Chandrasekaran, to modify (or “further modify”) the method of Finn, as modified, because this would lead to the predictable results of a more convenient and secure system that allows for updating, at the POS terminal, of account information, while re-encrypting the information that was updated.

	As per claim 27, Finn, as modified, teaches the method of claim 26, 
wherein the step of obtaining biometric data from the user comprises obtaining fingerprint data relating to at least one fingerprint corresponding to a respective at least one finger of the user (Schwach “[0007]…method for securing data that improves on known methods may Schwach Abstract – “a biometric identifier (e.g., retina, fingerprint, etc.)”.), and 
wherein each of the at least one generated further personalized data key is associated with the fingerprint data related to a respective fingerprint of the at least one fingerprint (Schwach “[0007]…method for securing data that improves on known methods may include receiving a first image of a biometric identifier of a user, converting the first image into a first key…receiving a second image of a biometric identifier, converting the second image into a second key.” and Schwach Abstract – “a biometric identifier (e.g., retina, fingerprint, etc.)”). 

Claim(s) 34 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finn (US Patent Application Publication 20080201769) in view of Schwach (US Patent Application Publication 20160352520), as applied to claim 22, and further in view of Mont (US Patent Application Publication 20030056108).

As per claim 34, Finn, as modified, teaches the method of claim 22, 
wherein when said at least one encrypted data file is retrieved and decrypted at the POS device (Finn,  “[0024] Once the identity of the consumer and all the data entered by the consumer is verified, the consumer may be registered with system 200, and may access his or her Schwach. Furthermore, it would naturally following, given the modification, that information that is encrypted must be decrypted in order to be displayed at the POS).
Finn, as modified, doesn’t teach/suggest
said at least one data file is removed from the storage device and replaced with at least one new altered encrypted data file generated on the POS device
However, Mont, in an analogous art of a method and apparatus that allows renewal of encoded data in a long-term storage (Abstract), teaches/suggests the concept(s) of:
said at least one data file is removed from the storage device and replaced with at least one new altered encrypted data file generated on the POS device (Abstract, FIG. 3 and Pars. 2-3 and 41-49, renewing stored encrypted data by decrypting the originally stored data and re-encrypting the data, e.g., using a new secret or encryption mechanism, and replacing the originally encrypted data in storage with the newly encrypted data)
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to apply the known concept(s) of said at least one data file is removed from the storage device and replaced with at least Mont, to modify (or “further modify”) the method of Finn, as modified, because this would lead to the predictable results of a more secured method that allows for the possibility of updated stored encrypted data by, e.g., using a more powerful encryption mechanism (Mont Par 2).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL S MERCADO whose telephone number is (408)918-7537.  The examiner can normally be reached on Mon-Fri 8am-5pm (Eastern Time).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/Gabriel Mercado/Examiner, Art Unit 3685                     


/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685