DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 8 and 15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claims 1, 8 and 15 each have two instances of the recitation ‘an external system’.  It is unclear if these are two different external systems or the same external system. 

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims  1-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Bolle et al. (US Pub. 20040019570 A1).

Bolle discloses the following limitations:

1. A computer-implemented method of authenticating biometric inputs on a client device, comprising: 
receiving, on the client device, at least one first biometric input from a user (para. 110- The system then acquires 1480 one or more samples of the biometric signal from the user,);
receiving, on the client device, at least one code from an external system (para. 110- a particular distortion transformation is chosen 1470 for the user and stored in a database 1400. An external agency could supply some randomly generated distortion, or the user could type something like a password which would be hashed to generate an index by which a distortion would be selected. The ID-to-distortion database 1400 could be a remote computer connected to a network or, for greater privacy, a smartcard retained by the user); 
generating, with the client device, a first biometric code based at least partially on the at least one first biometric input and the at least one code (para. 110, para. 82- the biometrics is distorted with transformation 310 to obtain a cancelable biometric 320. Signal processing for feature extraction 330 is then used to obtain a template 340. As described previously, this template is a compact machine representation which is used for matching purposes.); 
storing the first biometric code on the client device (para. 110- and stores the distorted signals 1494 (or some statistical digest of them) in a second database 1460; claim 1- performed in a computer); 
receiving, on the client device, at least one second biometric input from the user; receiving, on the client device, the at least one code from an external system (para. 111-  a similar process is used during transaction authentication. First, in step 1510 the user supplies his alleged identification to the system. The system uses this to lookup up the appropriate distortion 1520 from database 1400 (as registered during enrollment). Then a biometric inputs signal is requested and acquired 1530 and the specified distortion 1540 is applied);
generating, with the client device, a second biometric code based at least partially on the at least one second biometric input and the at least one code (para. 111-  a similar process is used during transaction authentication. First, in step 1510 the user supplies his alleged identification to the system. The system uses this to lookup up the appropriate distortion 1520 from database 1400 (as registered during enrollment). Then a biometric inputs signal is requested and acquired 1530 and the specified distortion 1540 is applied; para. 82); and
authenticating the user by comparing, with the client device, the first biometric code stored on the client device with the second biometric code.(para. 112- The distorted biometrics is verified against the recorded biometrics for the person either internally or by requesting an authentication server in step 1602. If the result of the verification is positive, in step 1603 the authorization is granted in step 1603)

2. The computer-implemented method of claim 1, further comprising initiating, with the client device, a transaction in response to authenticating the user. (para. 113- In either case, after verifying the distorted biometrics against the record for user ID.sub.1, authorization server 1702 sends a match acknowledgment to 1704, the server of the financial institute. The finance server examines the response from the authentication server, the transaction request and user ID.sub.2 to decide if it can safely approve the transaction. It then communicates to the merchant either an approval or rejection notice for the transaction)

3. The computer-implemented method of claim 2, wherein the transaction comprises a payment transaction, and wherein initiating the transaction comprises: generating, with the client device, a transaction message; and communicating the transaction message to a transaction processing system. (para. 113- In either case, after verifying the distorted biometrics against the record for user ID.sub.1, authorization server 1702 sends a match acknowledgment to 1704, the server of the financial institute. The finance server examines the response from the authentication server, the transaction request and user ID.sub.2 to decide if it can safely approve the transaction. It then communicates to the merchant either an approval or rejection notice for the transaction)

4. The computer-implemented method of claim 2, wherein the transaction comprises granting access to a facility, and wherein initiating the transaction comprises communicating an access signal to an electronic access device at the facility, the access signal configured to cause the electronic access device to unlock. (para. 118- Other functions that can be authenticated and/or authorized by the invention include: providing a service, executing a contract, closing a sale, submitting a bid, submitting an account number (an authorization, an identification, and/or a reservation request), making a purchase, providing a quote, allowing an access to a physical structure)

5. The computer-implemented method of claim 2, wherein the transaction comprises granting access to a system, and wherein initiating the transaction comprises at least one of the following: communicating an access signal to a server, communicating an access signal to a local computer, communicating user credentials to a server, communicating user credentials to a local computer, communicating an access signal to an electronic access device, or any combination thereof.(para. 118- allowing an access to a physical structure, allowing an access to a financial account, providing an authority to manipulate a financial account, providing an access to a database, providing access to information, making a request for a privilege, making a request for a network service, providing an offer for a network service, facilitating an auction, and authorizing an enrollment.; para. 113- after verifying the distorted biometrics against the record for user ID.sub.1, authorization server 1702 sends a match acknowledgment to 1704, the server of the financial institute. The finance server examines the response from the authentication server, the transaction request and user ID.sub.2 to decide if it can safely approve the transaction. It then communicates to the merchant either an approval or rejection notice for the transaction)

6. The computer-implemented method of claim 1, wherein the first biometric code is generated by hashing the at least one first biometric input with the at least one code, and wherein the second biometric code is generated by hashing the at least one second biometric input with the at least one code. (claim 1- at least one of the transformations comprising one or more non-invertible functions; para. 70- If the distortion is constructed to be noninvertible then the original biometric can never be derived from the cancelable biometric, thus ensuring extra privacy for the user; Note- hashing is a well-known type of non-invertible functions.)

7. The computer-implemented method of claim 1, wherein the user is associated with a unique identifier, and wherein the at least one code is selected from a plurality of codes based at least partially on the unique identifier. (para. 111- First, in step 1510 the user supplies his alleged identification to the system. The system uses this to lookup up the appropriate distortion 1520 from database 1400 (as registered during enrollment). Then a biometric inputs signal is requested and acquired 1530 and the specified distortion 1540 is applied)

Regarding claims 8-14, they are rejected as applied to claims 1-7 because a corresponding system would have been necessitated to carry forth the method steps of claim 1-7.  The applied prior art also discloses the corresponding architecture.  

Regarding claim 15, it merely recites a computer program that when executed, performs the functional steps of method claim 1, and thus, rejected for the same rationale.

/WILLIAM A CORUM JR/Examiner, Art Unit 2433              

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433