Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
This office action is in response to the claim amendments filed June 06, 2019 and further in response to an electronic/telephonic communication with Applicant’s representative Stephan Filipek on April 30, 2021 (“Electronic Communication”).
Claims 3, 7 and 8 have been canceled.
Claims 1, 2, 4-6 and 9-16 are pending.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in the Electronic Communication with Applicant’s representative Stephan Filipek on April 30, 2021.
Please replace all prior version of the claims with the attached amended claims, wherein,
Claims 3, 7 and 8 have been canceled.
Claims 1, 2, 4-6 and 9-16 are pending.

The amended claims:
1. 	(Amended)	A secure on mobile device user authentication method, comprising:
receiving, by a mobile application running on a mobile device processor operating in a rich execution environment (REE) of a consumer mobile device, an on-behalf-of (OBO) user authentication request from an entity during a transaction, the OBO user authentication request comprising authentication criteria required by the entity;
transmitting, by the mobile application running on the mobile device processor via an authenticator application programming interface (API) operating in the REE to at least one biometric sensor of the mobile device operating in a trusted execution environment (TEE), a biometric data capture request in accordance with the authentication criteria; 
determining, by the authenticator API via an access control mechanism running on the mobile device processor, that the mobile application is authorized to utilize the authenticator API; 
prompting, by the mobile device processor, the user of the consumer mobile device to provide at least one form of biometric data to the at least one biometric sensor in accordance with predetermined business rules of the entity;
determining, by the mobile device processor, that the at least one form of biometric data provided by the user matches locally stored biometric data;
receiving, by a trusted authenticator application running on the mobile device processor and operating in the TEE
validating, by the trusted authenticator application operating in the TEE, the user authentication response by authenticating the at least one biometric sensor; 
signing, by the trusted authenticator application, the validated user authentication response; 
transmitting, by the trusted authenticator application to the authenticator API operating in the REE, the signed and validated user authentication response;
receiving, by the mobile application [[via]] from the authenticator API, the signed and validated user authentication response; 

transmitting, by the mobile application to the entity, the signed and validated user authentication response message.

2.	(Amended)	The method of claim 1, further comprising, subsequent to prompting the user to provide at least one form of biometric data:
capturing, by the at least one biometric sensor of the mobile device, biometric data provided by the user of the consumer mobile device;
comparing, by the at least one biometric sensor of the mobile device, the captured biometric data of the user to predetermined biometric data stored on the at least one biometric sensor of the consumer mobile device; 
determining, by the at least one biometric sensor, that the captured biometric data matches the stored biometric data; and 
transmitting, by the at least one biometric sensor of the mobile device to the authenticator API, an indication that a match occurred

3.	(canceled) 

4.	(Previously Presented)	The method of claim 1, wherein the authentication criteria comprises obtaining at least two different forms of biometric data from the user utilizing at least two different biometric sensors.

5.	(Previously Presented)	The method of claim 1, wherein the authentication criteria is based on a type of transaction being conducted by the user.

6.	(original)	The method of claim 1, wherein the entity comprises one of an access control server, an issuer financial institution computer, and a payment network. 

7.-8.	(canceled) 

9.	(Amended)	The method of claim 1, wherein the at least one biometric sensor operates in the REE of the consumer mobile device, and further comprising, prior to receiving the signed and validated user authentication response: 
transmitting, by the at least one biometric sensor to a matching application operating in the trusted execution environment (TEE) of the consumer mobile device, captured biometric data of the user of the consumer mobile device; 
comparing, by the matching application, the captured biometric user data to at least one biometric template associated with the user that is stored in a biometric storage portion of the TEE;
determining, by the matching application, that the captured biometric user data matches the at least one biometric template;
transmitting, by the matching application to a trusted authenticator application operating in the TEE, a user authentication response
validating, by the trusted authenticator application operating in the TEE, the user authentication response from the at least on biometric sensor by authenticating the biometric sensor; 
signing, by the trusted authenticator application, the validated user authentication response; and
transmitting, by the trusted authenticator application, the signed and validated user authentication response to the authenticator API operating in the REE of the consumer mobile device.

10.	(Amended)	The method of claim 1, wherein the at least one biometric sensor and a biometric storage portion operate in a rich execution environment (REE) of the consumer mobile device, and wherein the biometric storage portion stores encrypted user biometric templates, and further comprising, prior to receiving the user authentication response: 
capturing and encrypting, by the at least one biometric sensor, biometric data provided by the user of the consumer mobile device; 
transmitting, by the at least one biometric sensor to a matching application operating in a trusted execution environment (TEE) of the consumer mobile device, the captured and encrypted biometric data of the user; 
decrypting, by the matching application, the captured and encrypted biometric data of the user;
obtaining, by the matching application, at least one encrypted biometric template associated with the user that is stored in the biometric storage portion of the REE;
decrypting, by the matching application, the at least one encrypted biometric template;
comparing, by the matching application, the captured and decrypted biometric user data to the decrypted at least one biometric template;
transmitting, by the matching application to a trusted authenticator application operating in the TEE, a user authentication response when the captured and decrypted biometric user data matches the decrypted at least one biometric template; 
validating, by the trusted authenticator application operating in the TEE, the user authentication response from the at least on biometric sensor by authenticating the biometric sensor; 
signing, by the trusted authenticator application, the validated user authentication response; and
transmitting, by the trusted authenticator application, the validated and signed user authentication response to the authenticator API operating in the REE of the consumer mobile device.

11.	(original)	 The method of claim 10, wherein transmitting the captured biometric user data further comprises utilizing a secure authenticated channel between the at least one biometric sensor and the matching application operating in the TEE.

12. 	(Previously Presented)	 The method of claim 1, wherein the entity is a token issuer and the at least one biometric sensor operates in a trusted execution environment (TEE) of the consumer mobile device, and further comprising, prior to receiving the user authentication response: 
validating, by a trusted authenticator application operating in the TEE, the user authentication response from the at least on biometric sensor by authenticating the biometric sensor; 
signing, by the trusted authenticator application, the validated user authentication response; 
instructing, by the trusted authenticator application, a token vault to release at least one payment token to satisfy payment for a transaction; and
transmitting, by the trusted authenticator application, the signed user authentication response to the mobile application via the authenticator API operating in the REE of the consumer mobile device. 

13.	(original)	 The method of claim 12, further comprising instructing, by the trusted authenticator application, the token vault operating in the TEE to release at least one payment tokens to satisfy payment for one of a card not present (CNP) transaction or for a face-to-face (F2F) transaction.

14.	(original)	 The method of claim 12, further comprising transmitting, by the authenticator API via the mobile application, the user authentication response to the token issuer.  

15. 	(Proposed Changes)	 A transaction system comprising:
at least one issuer financial institution (FI) computer;  
a plurality of entity computers; and
a consumer mobile device configured for communicating with the at least one issuer FI computer and the plurality of entity computers and for providing a secure on mobile device user authentication method comprising: 
a mobile device processor; 
at least one storage device; 
receive and transmit circuitry; and
at least one biometric sensor; 
wherein the consumer mobile device further comprises a mobile application, an authenticator application programming interface (API), [[and]] an access control mechanism operating in a rich execution environment (REE), and a trusted authenticator application operating in a trusted execution environment (TEE) running on the mobile device processor;
and wherein the at least one storage device comprises instructions configured to cause the mobile device processor to: 
receive an on-behalf-of (OBO) user authentication request from an entity during a transaction via the mobile application, the OBO user authentication request comprising authentication criteria required by the entity;
transmit a biometric data capture request, via the authenticator application programming interface (API) to the at least one biometric sensor in accordance with the authentication criteria; 
determine, by the authenticator API via the access control mechanism, that the mobile application is authorized to utilize the authenticator API; 
prompt the user of the consumer mobile device to provide at least one form of biometric data to the at least one biometric sensor in accordance with predetermined business rules of the entity;
determine that the at least one form of biometric data provided by the user matches locally stored biometric data;
receive, by the trusted authenticator application, [[the]] a user authentication response
validate, by the trusted authenticator application, the user authentication response by authenticating the at least one biometric sensor; 
sign, by the trusted authenticator application, the validated user authentication response; 
transmit, by the trusted authenticator application to the authenticator API, the signed and validated user authentication response;
receive, via the authenticator API, the signed and validated user authentication response; 

transmit the signed and validated 

16.	(original)	 The system of claim 15, further comprising at least one token issuer computer configured to communicate with the consumer mobile device.

Allowable Subject Matter
Claims 1, 2, 4-6 and 9-16 are allowed.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claims 1 and 10 are directed to a secure, on-mobile device user authentication process which enhances and/or speeds up transaction processing because the user authentication processing is handled by the consumer's mobile device instead of by, for example, a remote server associated with an issuer financial institution. Claim 1 is representative of independent claims 1 and 10, and includes the elements of receiving, by a mobile application running on a mobile device processor operating in a rich execution environment (REE) of a consumer mobile device, an on-behalf-of (OBO) user authentication request from an entity during a transaction, the OBO user authentication request comprising authentication criteria and then transmitting... via an authenticator application programming interface (API) operating in the REE to at least one biometric sensor of the mobile device, a biometric data capture request in accordance with the authentication criteria. 
“A secure on mobile device user authentication method, comprising:
receiving, by a mobile application running on a mobile device processor operating in a rich execution environment (REE) of a consumer mobile device, an on-behalf-of (OBO) user authentication request from an entity during a transaction, the OBO user authentication request comprising authentication criteria required by the entity;
transmitting, by the mobile application running on the mobile device processor via an authenticator application programming interface (API) operating in the REE to at least one biometric sensor of the mobile device operating in a trusted execution environment (TEE), a biometric data capture request in accordance with the authentication criteria; 
determining, by the authenticator API via an access control mechanism running on the mobile device processor, that the mobile application is authorized to utilize the authenticator API; 
prompting, by the mobile device processor, the user of the consumer mobile device to provide at least one form of biometric data to the at least one biometric sensor in accordance with predetermined business rules of the entity;
determining, by the mobile device processor, that the at least one form of biometric data provided by the user matches locally stored biometric data;
receiving, by a trusted authenticator application running on the mobile device processor and operating in the TEE, a user authentication response; 
validating, by the trusted authenticator application operating in the TEE, the user authentication response by authenticating the at least one biometric sensor; 
signing, by the trusted authenticator application, the validated user authentication response;
transmitting, by the trusted authenticator application to the authenticator API operating in the REE, the signed and validated user authentication response;
receiving, by the mobile application from the authenticator API, the signed and validated user authentication response; and
transmitting, by the mobile application to the entity, the signed and validated user authentication response message”.

The prior art of record:
Mahaffey et al. (US 20140189808 A1) (“Mahaffey”)
Upendra Mardikar (US 20130198086 A1) (“Mardikar”)
James Dene Dimmick (US 20140164254 A1) (“Dimmick”)
David M. T. Ting (US 20020174348 A1) (“Ting”)
Kirovski et al. (US 20100058064 A1) (“Kirovski”)

Mahaffey generally discloses a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device coupled to the client computer over a wireless communications link (see abstract).
Mahaffey further discloses, “The requesting client operated by the user to access a target server or other interface may be implemented in one of several forms. Generally it includes an authentication or authorization UI for use as a primary authentication/authorization mechanism or interacting with a service's existing mechanisms. For example, it may be implemented via Browser plug-in, Javascript SDK, in a mobile app, or it may enroll if authentication or authorization require enrollment (e.g. server needs knowledge of an account). Some services may require this, where in other cases, server provides open API where any service can request authentication or authorization without a user needing to enroll. The system determines if a user is enrolled in a given service with the server. It may do this by retrieving enrollment information from server (e.g. supply hostname or identifier of site as an HTTP referrer or explicitly) or service; looking for presence of a session or authentication cookie; examining the content of user interface for indication that user is logged in; storing a list of enrolled services locally, which may be synced with server periodically. In some configurations, all users may be automatically enrolled, so no determination is necessary. For example, for a bank, if a user's requesting client is authenticated with the server, the bank's site can request that the requesting client authorize an action, the server pushing to the user's authorizing client confirming the authorization with user input. In this case, there was no credential enrollment required” (see paragraphs [0044]-[0048]).

Mardikar discloses, a client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key (see abstract). 
Mardikar further discloses, “Embodiments of the present disclosure relate to systems and methods for making secure financial transactions over a network. A user may use a client device, for example a personal electronic device, to make a payment from a Service Provider to a merchant/vendor or other payee. The device may include at least two separate secure elements (SEs), one dedicated to running various Service Provider applications (App SE) and another dedicated to providing security for the applications and financial transactions (Crypto SE). The device may include a biometric sensor for providing biometric information to the Crypto SE to provide transactional security for transactions conducted from the device. The device may provide other means of authentication for non-repudiation of a transaction, including a secure payment mode, in which security information or personal identifier number (PIN) may be securely tunneled directly to the Crypto SE, without otherwise being stored or captured on the device or elsewhere. A trusted service manager (TSM) may enable secure SMS communication between and among the user device, the MNO and the Service Providers. The device may be capable of near field communication (NFC) and may be capable of making secure financial transactions at an NFC point of sale (POS)” (see paragraphs [0019] and [0067-0070).

Dimmick discloses, embodiments of the invention can combine card not present transaction processing with PIN verification. A merchant or a consumer can initiate transactions using any suitable transaction initiation channel. One aspect of the invention helps facilitate payment card authentication across multiple wallet providers/merchants using an encrypted card PIN and a digital certificate. One aspect of the invention can incorporate the use of different transaction networks to perform authentication and authorization processing (see abstract).
Dimmick further discloses, “Embodiments of the invention can combine card not present (CNP) transaction processing with PIN (Personal Identification Number) verification. This approach involves a payment account issuer receiving a payment account number during a card-not-present transaction along with a corresponding PIN (or other identifier) that is more typically used at a POS (Point-of-Sale) or an ATM (Automated Teller Machine) terminal. A consumer can provide the PIN or another identifier (e.g., biometrics) on their registered mobile device for authentication. In some embodiments, the issuer can authenticate and authorize the transaction in one combined step. In some embodiments, the PIN may be encrypted and this can ensure that the overall payment system from the mobile device to the financial system performs the transaction in a secured manner. One embodiment of the invention can incorporate the use of different transaction networks to perform authentication and authorization processing” (see paragraphs [0023] and [0045]).

Ting discloses, in one aspect, the invention relates to generating a trusted communication channel with a client. An agent module is provided at the client along with a task set including one or more tasks. One or more client components needed to complete each of the tasks of the task set is determined, and it is further determined whether each of the needed client components is trustworthy. An equivalent component for components determined to be untrustworthy may be provide (see abstract).
Ting further discloses, “When the client agent 148 determines (step 250) that all of the needed components 152 have been verified, the agent module 148 retrieves (step 255) a candidate set of biometric data from the user 170 using the trustworthy components 156. To begin retrieving (step 255), the agent module 148, for example, can check for known devices 160 in communication with the client 112, for example on the PCMCIA, USB and/or parallel port. For even greater security the agent module 148 can verify the identity and serial number of the input device 160 to ensure the device 160 is valid. Once the input device 160 is validated, the agent module can employ a graphical user interface ("GUI") to assist the user 170 during the retrieval (step 255) of the candidate set of biometric data. For example, the agent module 148 can display a graphic image of an icon and/or trademark representing the manufacturer of the agent module 148 and/or the administrator of the system 100. The GUI guides the user 170 through the retrieval process (step 255). For example to provide the user 170 with a visual feedback on proper position of the finger on the sensor, an approximate core location of the scanned print is computed and used to generate positioning hints such as "move up" or "move down." The agent module 148 initiates the scan for fingerprint images from the input device 160 using the trustworthy components 156” (see paragraph [0040]).

Kirovski discloses, a user working on a client computer is allowed to remotely login to a server over a computer network. A first secure connection is established between the client and the server. Communications with a trusted device which is in the user's control is established via a communication channel between the trusted device and the client, where this channel is not part of the network. A second secure connection is established between the trusted device and the server through the client, where this second secure connection is tunneled within the first secure connection. The user remotely logs into the server over the second secure connection using the trusted device” (see abstract).
Kirovski further discloses, “the user 102 chooses to remotely login to the user account on the secure server 100 using the trusted device 110 (process action 206), the distrusted client's web browser 106 is then paired to the trusted device (process actions 208 and 210). The particular manner in which the client's browser 106 is paired to the trusted device 110 will be described hereafter. It is assumed that the client 104 and its browser 106 are previously unknown to the trusted device 110 (i.e., the client/browser have never been paired). A second secure connection 122 is then established between the trusted device 110 and the server 100 through the client 104, where this second secure connection is tunneled within the first secure connection 120 (process actions 212, 214 and 216) using a conventional tunneling protocol. In tested embodiments of the LA techniques described herein, the aforementioned SSL protocol was employed to implement the second secure connection 122. Alternate embodiments are also possible which employ other suitable protocols to implement the second secure connection 122 such as the aforementioned TLS protocol and the like. The particular manner in which the second secure connection 122 is established will be described hereafter” (see paragraphs [0036]-[0037]).

The references Mahaffey, Mardikar, Dimmick, Ting and Kirovski disclose as previously discussed.

The cited references, alone or in combination, do not teach at least:
receiving, by a mobile application running on a mobile device processor operating in a rich execution environment (REE) of a consumer mobile device, an on-behalf-of (OBO) user authentication request from an entity during a transaction, the OBO user authentication request comprising authentication criteria required by the entity;
transmitting, by the mobile application running on the mobile device processor via an authenticator application programming interface (API) operating in the REE to at least one biometric sensor of the mobile device operating in a trusted execution environment (TEE), a biometric data capture request in accordance with the authentication criteria; 
determining, by the authenticator API via an access control mechanism running on the mobile device processor, that the mobile application is authorized to utilize the authenticator API; 
prompting, by the mobile device processor, the user of the consumer mobile device to provide at least one form of biometric data to the at least one biometric sensor in accordance with predetermined business rules of the entity;
determining, by the mobile device processor, that the at least one form of biometric data provided by the user matches locally stored biometric data;
receiving, by a trusted authenticator application running on the mobile device processor and operating in the TEE, a user authentication response; 
validating, by the trusted authenticator application operating in the TEE, the user authentication response by authenticating the at least one biometric sensor; 
signing, by the trusted authenticator application, the validated user authentication response;
transmitting, by the trusted authenticator application to the authenticator API operating in the REE, the signed and validated user authentication response;
receiving, by the mobile application from the authenticator API, the signed and validated user authentication response; and
transmitting, by the mobile application to the entity, the signed and validated user authentication response message.

Therefore, the claims of the instant application are not obvious over Mahaffey, Mardikar, Dimmick, Ting and Kirovski for the reasons given above. See also Applicant’s argument filed on September 24, 2020 and June 06, 2019 for additional reasons for allowance.

Yet even if the missing claimed elements were found in a reasonable number of references, a person of ordinary skill in the art would not have been motivated to include these elements in Mahaffey because Mahaffey is not concerned about running mobile application and authenticator application on separate environments, for example, rich execution environment (REE) of a consumer mobile device and trusted execution environment (TEE) of the consumer mobile device. Mahaffey further is not concerned about receiving, by a trusted authenticator application running on the mobile device processor and operating in the TEE; determining, by the mobile device processor, that the at least one form of biometric data provided by the user matches locally stored biometric data; validating, by the trusted authenticator application operating in the TEE, the user authentication response by authenticating the at least one biometric sensor and signing, by the trusted authenticator application, the validated user authentication response.

Additionally, the combination of Mahaffey, Mardikar, Dimmick, Ting and Kirovski clearly destroys the intent and purpose of Mahaffey taken alone and/or in view of Mardikar, Dimmick, Ting and Kirovski, use of, for example, authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer. The requesting client operated by the user to access a target server or other interface may be implemented in one of several forms. Generally it includes an authentication or authorization UI for use as a primary authentication/authorization mechanism or interacting with a service's existing mechanisms. Accordingly, the present invention is distinguishable over Mahaffey taken alone and/or in view of Mardikar, Dimmick, Ting and Kirovski for this reason as well.

Therefore, the limitations lacking in the prior art, in combination with the other limitations clearly claimed for patent, are novel and unobvious.

Foreign prior art and NPL search was conducted however no relevant prior art was found.

Accordingly, dependent claims 2, 4-6, 9-14 and 16 incorporates allowable subject matter through their dependency and hence allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHED ALI/ Examiner, Art Unit 3685
/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685