DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 06/10/2020.



Claim Interpretation(f)
The following is a quotation of 35 U.S.C. 112(f): 

(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 

An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims 15/18/19, in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 

(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites 
Claims 15 and 18-19 are  limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a data transfer device to receive…, read…, encrypt…, store…” in claims 19-20 and 22-26.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


 			Claim Rejections – 35 USC § 101 

35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim 1/8/15 recites determining, during an authentication process, whether to authenticate a user based upon the encrypted authentication data. 
The limitation of determining, during an authentication process, whether to authenticate a user based upon the encrypted authentication data, covers performance of the limitation in the mind but not for the recitation of spherical computer/device. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the language, “determining” in the context of this claim encompasses the user manually collecting the data point of the biometric and authenticating a user based on the biometric print. Similarly, the limitation of the determined the user  is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind  and moreover absence of the special device and application for collecting the biometric data and analyze the biometric using the special application and device. A claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim does not recites any special application and device to make any practical application.  The  steps are in the claims  is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, there is not any additional element that integrates the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the absence of the  additional element of using amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component ( processor/ memory /means for) cannot provide an inventive concept. The claim is not patent eligible.

  	As per claims 2-7, 9-14 and 16-20, those claims are rejected based on the same rational set forth the claims 1 and 8 and 15 respectively.



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

 	As per claims 1/8/15, this claim recite the phrase a) receiving a first set of data points  representing a biometric characteristic or a password ;b) selecting an encryption parameter of an encryption function using the first set of data points; c) receiving authentication data for authenticating a user.
                 The step c) has the authentication data, is the authentication data is the equivalent to the biometric to authenticate user. The step a) and b) requires the data points of biometric characteristics. There is not any uses of the biometric for authenticating determination. It seems the steps are missing of converting the data points of biometric characteristics to the authentication data.
  Moreover, b)  selecting an encryption parameter of an encryption function using the first set of data points, is the b) limitation referring to selecting the data point to generate the encryption key or the data points is encrypting by the encryption parameter.  Thus, there would be some missing steps. Thus, this claim is indefinite. 
 	As per claims 2-7, 9-14,  and 16-20, those claims are rejected based on the same rational set forth the independents claims respectively.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3 and 8-10 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Cheng et al US 2018/0205548 in view of Pall US 2015/0067801.

 	As per claim 1, Cheng disclose a computing device for authenticating a user using encrypted authentication data without using the unencrypted authentication data, the computing device comprising: 
 	 a hardware processor (par 0059 one processor 40 is used); 
 a memory, storing instructions, which when executed by the hardware processor, causes the hardware processor to perform operations comprising ( par 0060 0060, the device further comprises an input apparatus 42 and an output apparatus 43. The processors 40, memory 41, input apparatus 42 and output apparatus 43 of the device): 
receiving a first set of data points representing a biometric characteristic or a password (par 0031 In step S120, fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric ); 
selecting an encryption parameter of an encryption function using the first set of data points (par 0031 the initial fingerprint feature information is encrypted to obtain a random feature secret key wherein the selecting the secret key, i.e. an encryption parameter of an encryption function to use initial fingerprint feature information, i.e. set of data points biometric and 0033 The encrypting the initial fingerprint feature information to obtain the random feature secret key); 
encrypting, using the encryption function and the encryption parameter, the authentication data to create the encrypted authentication (par 0039 In step S130, the raw data, i.e. authentication data, to be encoded is encrypted through the random feature secret key, i.e. using the encryption function and the encryption parameter  to generate an information code image). 

determining, during an authentication process, whether to authenticate a user based upon the encrypted authentication data ( par 0023 passing an anti-counterfeit authentication for the user based on the encrypting the initial fingerprint feature information to obtain a random feature secret key and encrypting the initial fingerprint feature information to obtain a random feature secret key, the random feature secret key comprising a first sub secret key and a second sub secret key and the first sub secret key is encoded into a micro-texture image while the second sub secret key is embedded in an encryption program; encrypting, through the random feature secret key, the raw data to be encoded to generate an information code image, the information code image comprising the micro-texture image; passing an anti-counterfeit authentication when an image sensor succeeds in integrating the first sub secret key , i.e. the encrypted authentication data and the second sub secret key, i.e. the encrypted authentication data to generate the random feature secret key).
Cheng does not explicitly disclose receiving authentication data for authenticating a user; determining, during an authentication process, whether to authenticate a user based upon the encrypted authentication data.
 However, Pall discloses 
receiving authentication data for authenticating a user (par 0021In block 410, the communications device associates the received strong authentication credentials,i.e. authentication data, with the biometric template); 
 determining, during an authentication process, whether to authenticate a user based upon the encrypted authentication data (par  0013 Upon receiving the user's biometric, the communications device associates the received biometric to the user's strong authentication credentials, and locally stores the strong authentication credentials and the biometric and  0023 the communications device checks to determine if there is a local copy (e.g., a record) of the biometric template  and upon determining a match, retrieve from the authentication table the strong authentication credentials, i.e. authentication data, that correspond to the matched biometric template).  

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, because doing so would authenticate the user based on the strong authentication(par 0023 ).
 
As per claim 2, Cheng in view of Pall disclose the computing device of claim 1, Pall discloses wherein the authentication data is a second password (par 0021In block 410, the communications device associates the received strong authentication credentials, i.e. authentication data is the second password received from the user data, with the biometric template).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, because doing so would authenticate the user based on the strong authentication(par 0023 ).
 
 	As per claim 3, Cheng in view of Pall disclose the computing device of claim 1, Cheng discloses wherein the authentication data is a second set of data points representing a second biometric characteristic of the user ( par 0023 passing an anti-counterfeit authentication for the user based on the encrypting the initial fingerprint feature information to obtain a random feature secret key and encrypting the initial fingerprint feature information to obtain a random feature secret key, the random feature secret key comprising a first sub secret key and a second sub secret key and the first sub secret key is encoded into a micro-texture image while the second sub secret key is embedded in an encryption program; encrypting, through the random feature secret key, the raw data to be encoded to generate an information code image, the information code image comprising the micro-texture image; passing an anti-counterfeit authentication when an image sensor succeeds in integrating the first sub secret key , i.e. the encrypted authentication data and the second sub secret key, i.e. a second biometric characteristic of the user to generate the random feature secret key).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, because doing so would authenticate the user based on the strong authentication(par 0023 ).

  	  As per claims 8, this claim is rejected based on the same rational set forth the clam 1.
  	As per claim 9, this claim is rejected based on the same rational set forth the clam 2.
 	 As per claim 10, this claim is rejected based on the same rational set forth the clam 3.
  	 As per claims 15, this claim is rejected based on the same rational set forth the clam 1.
 	As per claim 16, this claim is rejected based on the same rational set forth the clam 2.
 	 As per claim 17, this claim is rejected based on the same rational set forth the clam 3.

Claims 4 -5  and 11-12 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Cheng et al US 2018/0205548 in view of Pall US 2015/0067801 in view of Hirano et al US 2013/0318351.

 	As per claim 4, Cheng in view of Pall disclose the computing device of claim 1, the combination fails disclose wherein the operations of determining, during the authentication process, whether to authenticate the user based upon the encrypted authentication data comprises: identifying encrypted challenge data; and authenticating the user based upon a match between the encrypted challenge data and the encrypted authentication data.  
 	However, Hirano disclose wherein the operations of determining, during the authentication process, whether to authenticate the user based upon the encrypted authentication data ( fig.10, par 0139 the encrypted data,i.e. the encrypted authentication data embedding unit 217 embeds the encrypted biometric information into the first challenge.)comprises: identifying encrypted challenge data ( par 0192 a biometric information extraction, i.e. identifying, step S705, a feature vector generation step S706, a first response generation step S707 0196] In the first challenge acquisition step S704, the first challenge receiving unit 211 of the certification apparatus 101 receives the first challenge transmitted by the authentication apparatus 102 in the first challenge notification step S703, using the input device 912. [0197] In the biometric information extraction step S705, the biometric information extraction unit 213 of the certification apparatus 101 extracts the biometric information of the user, using the input device 912. 
 ,); and authenticating the user based upon a match between the encrypted challenge data and the encrypted authentication data (par 0192 an authentication determination step S720 and par 0202 In the encrypted biometric information extraction step S710, the encrypted data extraction unit 305 of the authentication apparatus 102 extracts from the random number storage unit 322 the random numbers generated by the random number generation unit 303 in the first challenge generation step S701, removes the random numbers from the first response, and then extracts the encrypted feature vector C', using the processing device 911).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, based on the teaching of challenge of the encrypted biometric data of Hirano, because doing so would analyzes the biometric degree to determine the feature vector for authentication is valid or not to identify the user (par 0156).

 	As per claim 5, Cheng in view of Pall disclose the computing device of claim 4, the combination fails to disclose wherein the operations further comprise:
 	 receiving a second set of data points representing a biometric characteristic, or a password entered during the authentication process; selecting a second encryption parameter of the encryption function using the second set of data points; receiving second authentication data for authenticating the user during the authentication process; and encrypting, using the encryption function and the second encryption parameter, the second authentication data to create the encrypted challenge data.  
 However, Hirano disclose receiving a second set of data points representing a biometric characteristic, or a password entered during the authentication process (fig.10, par 0192 a second challenge notification step S714, second challenge notification step S714, ); 
selecting a second encryption parameter of the encryption function using the second set of data points (par 0204 Using the processing device 911, the encrypted random number generation unit 304 of the authentication apparatus 102 reads the public key pk, i.e. a second encryption parameter from the public key storage unit 302 and generates the second challenge (encrypted random similarity degree),);
 receiving second authentication data for authenticating the user during the authentication process (0210] In the second response acquisition step S718, the second response receiving unit 341 of the authentication apparatus 102 receives the second response, i.e. second authentication data, transmitted by the decryption apparatus 103 in the second response notification step S717 ); and 
encrypting, using the encryption function and the second encryption parameter, the second authentication data to create the encrypted challenge data (par 0236  The second challenge is data obtained by further encrypting data, i.e. encrypted challenge data,  encrypted with the public key of the decryption apparatus 103 using the key of the authentication apparatus 102).  
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, based on the teaching of challenge of the encrypted biometric data of Hirano, because doing so would analyzes the biometric degree to determine the feature vector for authentication is valid or not to identify the user (par 0156).
As per claim 11, this claim is rejected based on the same rational set forth the clam 4.
As per claim 12, this claim is rejected based on the same rational set forth the clam 5.
As per claim 18, this claim is rejected based on the same rational set forth the clam 4.
As per claim 19, this claim is rejected based on the same rational set forth the clam 5.


Claims 6-7 and 13-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cheng et al US 2018/0205548 in view of Pall US 2015/0067801 in view of Bhattacharyyar et al US 10/862883.
 	As per claim 6, Cheng in view of Pall discloses the computing device of claim 1,  the combination does not discloses wherein the encryption function is a McEliece encryption function, and wherein the encryption parameter comprises one or more of a coding algorithm, a generator matrix, a scrambler matrix, a permutation matrix, or an error vector.  
 	However, Bhattachayyar discloses wherein the encryption function is a McEliece encryption function, and wherein the encryption parameter comprises one or more of a coding algorithm, a generator matrix, a scrambler matrix, a permutation matrix, or an error vector (fig.4, col 10, lines 35-40 the RSA encryption algorithm (PKCS #1), the Cramer-Shoup cryptosystem, the YAK authenticated key agreement protocol, the NTRUEncrypt cryptosystem, the McEliece cryptosystem , i.e. scrambler matrix  ).  
 	 Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, based on the McEliece cryptosystem for fingerprint of Bhattacharyya, because doing so would digital signature schemes to authenticate user.


 	As per claim 7, Cheng in view of Pall discloses the computing device of claim 1,  the combination fails to disclose wherein the encryption function is a Rivest-Shamir-Adleman (RSA) encryption function, and wherein the encryption parameter comprises a key.  
 	However, Bhattacharyya disclose wherein the encryption function is a Rivest-Shamir-Adleman (RSA) encryption function, and wherein the encryption parameter comprises a key (fig.4, col 10, lines 35-40 the RSA encryption algorithm (PKCS #1), the Cramer-Shoup).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of deriving the secret key using fingerprint data are collected by analogue acquisition to obtain, i.e. receiving, initial fingerprint feature information, i.e. set of data points biometric of Cheng, based on the teaching of received strong authentication credentials of Pall, based on the McEliece cryptosystem for fingerprint of Bhattacharyya, because doing so would digital signature schemes to authenticate user.


As per claim 13, this claim is rejected based on the same rational set forth the clam 6.

As per claim 14, this claim is rejected based on the same rational set forth the clam 7.

As per claim 20, this claim is rejected based on the same rational set forth the clam 6.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Huang et al US7623659 discloses claim 6 component for generating a biometric feature based on sensing a portion of the body of a user, a first biometric feature being generated at a first time for establishing a biometric key pair, a second biometric feature being generated at a second time that is after the first time for authenticating; a component for sending and receiving message data over a network; and a component for encrypting and decrypting message data, the component for encrypting and decrypting message data being configured to generate one or more cryptographic keys based on a predetermined key generating algorithm, the component for encrypting and decrypting being configured to generate a client public key and a client private key associated with a client device identifier, the component for encrypting and decrypting being configured to generate a biometric public key and a biometric private key associated with the first user biometric feature, the component for encrypting and decrypting encrypting a hash of a first message data using the biometric private key when the first biometric feature matches the second biometric feature, wherein the first message data is encrypted with the client public key and contains a random token data from a server, the encrypted hash being appended to the first message data to form an authenticated first message data, the authenticated first message data being encrypted by a server public key to form an encrypted authenticated first message data, the encrypted authenticated first message data being sent over the network by the component for sending and receiving message data.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495