DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. 	Applicant's arguments filed 08/16/2021 have been fully considered but they are not persuasive. 

A – Applicant Argues: On pages 13-15 of remarks the applicant respectfully submits that Sheets and Cha does not disclose or suggest, “receiving (receive) a registration digital artifact for a user and a biometric device, the user and the biometric device being registered on a computing device used by the user; registering (register) a mobile device that supports Public Key Infrastructure (PKI) as a roaming authenticator, the mobile device being different from the computing device and registered or tied to information related to the user; and provisioning (provision) the user and the mobile device with roaming authentication as recited in claims 1, 14, and 18 as amended.”
A – The Examiner respectfully disagrees: Applicant is reminded that claims must be given their broadest reasonable interpretation. Sheets teaches: receiving (receive) a registration digital artifact for a user and a biometric device, the user and the biometric device being registered on a computing device used by the user; registering (register) a mobile device that supports Public Key Infrastructure (PKI) as a roaming authenticator, the mobile device being different from the computing device and registered or tied to information related to the user” ( Sheets, [0083], the user registers a voice biometric on the consumer device 110 by, for example, initially repeating a certain pass phrase (e.g., voice recognition biometric) into the phone to establish a first reference biometric (e.g., first biometric data). [0088], In further embodiments, the consumer device 110 can send the biometric digital artifact, consumer device verification method (CDVM), and authorization request to the terminal 120. [0053], The interconnected network 160 may comprise one or more of a local area network, a wide area network, a metropolitan area network (MAN), an intranet, the Internet, a Public Land Mobile Network (PLMN), a telephone network, such as the Public Switched Telephone Network (PSTN) or a cellular telephone network (e.g., wireless Global System for Mobile Communications (GSM), wireless Code Division Multiple Access (CDMA), etc.), a VoIP network with mobile and/or fixed locations, a wireline network, or a combination of networks.).  Cha teaches: “and provisioning Cha, [0119], OpenID may provide a relaxed role for the Operator, providing trust in the OpenID Provider (OP) to Relying Parties (RPs) with minimum effort and risk. OpenID may work with pre-existing authentication methods and therefore the Operator may support authentication procedures to the OP using his own AAA and pre-provisioned AKA credentials in the UICC or other authentication methods including but not limited to PKI, pre-shared keys, SIP-Digest credentials, TLS etc. [0266], The entity E2 must be running at the DNS address which is part of the OpenID identifier, Discovery service is via public internet and can be lightweight. Entity E2 can be co-located with entity E1 from (R-4), in a common physical entity providing both functions. E2 can be separate from E1, in which case, the discovery process provides an entry point for options for roaming devices using OpenID).  Therefore Sheets in view of Cha still meets the scope of the limitation as currently claimed. 


Claim Rejections - 35 USC § 103
3. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:






4. Claims 1, 7, 9, 10, 11, 14, 18 and 20 are rejected under 35 U.S.C 103 as being unpatentable over Sheets (US 20130290136 A1) in view of Cha (US 2012/0072979 A1).

5. Regarding Claim 1, Sheets discloses, a method for avoidance of user re-registration, the method comprising: registering a user and a biometric device on a computing device (Sheets, ¶[0003], Biometric authentication may require long processing times due to having to accurately match the user biometric data against a database of the user's registered biometric data.); sending a registration digital artifact for the user and the biometric device to an authentication server (Sheets, ¶[0088], In further embodiments, the consumer device 110 can send the biometric digital artifact, consumer device verification method (CDVM), and authorization request to the terminal 120 (FIG. 1) instead of directly sending the biometric digital artifact to the payment processing network); registering a mobile device configured to support Public Key Infrastructure (PKI) as a Sheets, ¶[0105], The date attribute of the user fraud profile 350 indicates the date at which a user initiated a payment transaction with the consumer device 110 (FIG. 1). In this example, the first recorded date (Jan. 4, 2012) indicates the first payment transaction initiated by the user after registering with the consumer device 110. Each subsequent date represents a subsequent payment transaction initiated by the user.); 
Sheets does not explicitly disclose the following limitations that Cha teaches:
and provisioning the user and the mobile device with roaming authentication, the roaming authentication being accessed through the mobile device and configured to provide the user and the mobile device access to computing devices in which the user and the mobile device have not previously been used for authentication (Cha, ¶[0358], In one example embodiment a communications device may be connected to a network. The device may hold credentials, which may be stored securely on the device or a smart card such as a UICC and which are used to enable authentication of the device to the network. In order to provide secure access to the device and the network services that may be accessed only by the user, a biometric scanner may be included on the device to provide a full three-factor authentication mechanism which combines a biometric with something the user knows, such as a pin or password, and something which the user has, such as a security token generator fob.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a roaming authentication for the user and mobile device to compute between the two devices where the user and mobile device have not been used for.

6. Regarding Claim 7, Sheets and Cha disclose, the method of claim 1, further comprising:48Patent Application Attorney Docket No. 1018656-001017provisioning the user and the biometric device with a two-factor authentication (2FA), the two-factor authentication including the biometric device as a first authenticator, and a second authenticator (Sheets, ¶[0006], The vulnerability of password-based protection schemes has led to the rise of multi-factor authentication methods that incorporate or combine alternative proofs of identity, such as biometric methods (e.g., fingerprints) or possession based methods (e.g., security tokens). While effective, such methods can add considerable cost and complexity to applications and are not generally available or utilized for typical consumer-oriented software applications.).  

7. Regarding Claim 9, Sheets and Cha disclose, 
Sheets does not explicitly disclose the following limitations that Cha teaches:
the method of claim 8, wherein the 2FA authentication is a smartcard certificate (Cha, ¶[0060], SSO protocols, such as local mobile OpenID, is a concept that allows a locally located module or entity to perform identity authentication/assertion functions as part of an SSO or identity management protocol, such as the OpenID protocol. The locally located module may be a smartcard, a SIM, a UICC, a Java card, a smartcard Web server (SCWS) enabled Smartcard, wireless device such as a smart phone, or the like.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a smart card that is authenticated by 2FA to enhance security.

8. Regarding Claim 10, Sheets and Cha disclose, the method of claim 8, wherein the second authentication factor is a fingerprint, personal identification number (PIN), or password (Sheets, ¶[0046], In some embodiments, the user biometric data may include fingerprint data, retinal scan data, digital photograph data (e.g., facial recognition data), DNA data, palm print data, hand geometry data, iris recognition data, or other similar biometric identifier that would be appreciated by one of ordinary skill in the art with the benefit of this disclosure.).  

9. Regarding Claim 11, Sheets and Cha disclose, the method of claim 1, further comprising: authenticating the user on one or more of the computing devices in which the user and the biometric device has not previously been registered (Sheets, ¶[0077],  In another example, a user's biometric voice sample may not be spoken in the same tone each and every time. In some embodiments, if the payment user is initiating a payment transaction for the first time, there may not be a previously stored valid biometric digital artifact and as such, the first received biometric digital artifact may be considered valid and used for purposes of comparison for future received biometric digital artifacts.).  

10. Regarding Claim 14, Sheets discloses, a non-transitory computer readable medium storing computer readable program code executed by a processor for a process for avoidance of user re-registration, the process comprising: registering a user and a biometric device on a computing device (Sheets, ¶[0003], Biometric authentication may require long processing times due to having to accurately match the user biometric data against a database of the user's registered biometric data.); sending a registration digital artifact for the user and the biometric device to an authentication server (Sheets, ¶[0088], In further embodiments, the consumer device 110 can send the biometric digital artifact, consumer device verification method (CDVM), and authorization request to the terminal 120 (FIG. 1) instead of directly sending the biometric digital artifact to the payment processing network); registering a mobile device configured to support Public Key Infrastructure (PKI) as a roaming authenticator, the mobile device being registered or tied to information related to the user (Sheets, ¶[0105], The date attribute of the user fraud profile 350 indicates the date at which a user initiated a payment transaction with the consumer device 110 (FIG. 1). In this example, the first recorded date (Jan. 4, 2012) indicates the first payment transaction initiated by the user after registering with the consumer device 110. Each subsequent date represents a subsequent payment transaction initiated by the user.);
and provisioning the user and the mobile device with roaming authentication, the roaming authentication being accessed through the mobile device and configured to provide the user and the mobile device access to computing devices in which the user and the mobile device have not previously been used for authentication (Cha, ¶[0358], In one example embodiment a communications device may be connected to a network. The device may hold credentials, which may be stored securely on the device or a smart card such as a UICC and which are used to enable authentication of the device to the network. In order to provide secure access to the device and the network services that may be accessed only by the user, a biometric scanner may be included on the device to provide a full three-factor authentication mechanism which combines a biometric with something the user knows, such as a pin or password, and something which the user has, such as a security token generator fob.).  

11. 	Regarding Claim 18, Sheets, discloses, a system for avoidance of user re-registration, the system comprising: an authentication server having a processor configured to: register a user and a biometric device (Sheets, ¶[0003], Biometric authentication may require long processing times due to having to accurately match the user biometric data against a database of the user's registered biometric data.); registering a mobile device configured to support Public Key Infrastructure (PKI) as a roaming authenticator, the mobile device being registered or tied to information related to the user ((Sheets, ¶[0105], The date attribute of the user fraud profile 350 indicates the date at which a user initiated a payment transaction with the consumer device 110 (FIG. 1). In this example, the first recorded date (Jan. 4, 2012) indicates the first payment transaction initiated by the user after registering with the consumer device 110. Each subsequent date represents a subsequent payment transaction initiated by the user.); 
and provision the user and the mobile device with roaming authentication, the roaming authentication being accessed through the mobile device and configured to provide the user and the mobile device access to computing devices in which the user and the mobile device have not previously been used for authentication (Cha, ¶[0358], In one example embodiment a communications device may be connected to a network. The device may hold credentials, which may be stored securely on the device or a smart card such as a UICC and which are used to enable authentication of the device to the network. In order to provide secure access to the device and the network services that may be accessed only by the user, a biometric scanner may be included on the device to provide a full three-factor authentication mechanism which combines a biometric with something the user knows, such as a pin or password, and something which the user has, such as a security token generator fob.).  


12. Regarding Claim 20, Sheets and Chas disclose, the system of claim 19, wherein the user has a two-factor authentication (2FA), the two-factor authentication being the biometric device as a first authenticator, and a second authenticator, which is received by the mobile device (Sheets, ¶[0006], The vulnerability of password-based protection schemes has led to the rise of multi-factor authentication methods that incorporate or combine alternative proofs of identity, such as biometric methods (e.g., fingerprints) or possession based methods (e.g., security tokens). While effective, such methods can add considerable cost and complexity to applications and are not generally available or utilized for typical consumer-oriented software applications.).  

13. Claims 2 and 15 are rejected under 35 U.S.C 103 as being unpatentable over Sheets (US 20130290136 A1) and Cha (US 2012/0072979 A1) in view of Blanke, US 9455979 B2. 

14. Regarding Claim 2, Sheets, Cha and Blanke disclose, the method of claim 1, further comprising: initiating registration of the roaming authentication for the user and the biometric device by sending a message with a code to the computing device upon receipt of the registration digital artifact for the user and the biometric device on the authentication server (Sheets, ¶[0008], One embodiment of the invention discloses a computer-implemented method for authenticating a user at a server computer, comprising: receiving payment information and a biometric digital artifact, wherein the biometric digital artifact is generated by a consumer device and comprises information regarding a type of biometric data. ¶[0026], An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code); receiving the message with the code from the authentication server on the computing device (Sheets, ¶[0027], An “authorization response message” may be an electronic message reply to an authorization request message generated by an issuing financial institution or a payment processing network); 
Sheets and Cha does not explicitly disclose the following limitations that Blanke teaches:
and registering a roaming Public Key Infrastructure (PKI) credential hosted on the authentication server on the computing device (Blanke, Col. 9 lines 3-8, To avoid those problems, one embodiment of the invention illustrated in FIG. 5 uses self-signed certificates from a decentralized public key infrastructure (PKI) to sign authentication requests from the relying party's 502's authentication servers 520 and corresponding origin identifier (e.g., the “RPNAME” identifier)).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to
Register a PKI that is hosted on the server of the computing device that will improve security features.

15. Regarding Claim 15, Sheets, Cha and Blanke disclose, the computer readable medium of claim 14, further comprising: initiating registration of the roaming authentication for the user and the biometric device by sending a message with a code to the computing device upon receipt of the registration digital artifact for the user and the biometric device on the authentication server (Sheets, ¶[0008], One embodiment of the invention discloses a computer-implemented method for authenticating a user at a server computer, comprising: receiving payment information and a biometric digital artifact, wherein the biometric digital artifact is generated by a consumer device and comprises information regarding a type of biometric data. ¶[0026], An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code); receiving the message with the code from the authentication server on the computing device (Sheets, ¶[0027], An “authorization response message” may be an electronic message reply to an authorization request message generated by an issuing financial institution or a payment processing network); and registering a roaming Public Key Infrastructure (PKI) credential hosted on the authentication server on the computing device (Blanke, Col. 9 lines 3-8, To avoid those problems, one embodiment of the invention illustrated in FIG. 5 uses self-signed certificates from a decentralized public key infrastructure (PKI) to sign authentication requests from the relying party's 502's authentication servers 520 and corresponding origin identifier (e.g., the “RPNAME” identifier)).  

16. Claims 3, 6, 8, 12, and 16 are rejected under 35 U.S.C 103 as being unpatentable over Sheets(US 20130290136 A1) and Cha(US 2012/0072979 A1) in view of Blanke(US 9455979 B2) further in view of Golombek( WO 2014105263 A1). 

17. Regarding Claim 3, Sheets, Cha, Blanke and Golombek disclose, 
Sheets, Cha, and Blanke does not explicitly disclose the following limitations that Golombek teaches:
the method of claim 2, wherein the registering of the PKI credential hosted on the authentication server on the computing device comprises: initiating a solution specific application hosted on the mobile device (Golombek, ¶[00124], in one embodiment, the authorizing client can be used to automatically fill-in credentials and data to the target client from saved data by the authentication server pushing a request into the authorizing client mobile device. In this case, the mobile device only needs to display a one-click login button. For this embodiment, the response-challenge routine could include a step in which the user must to accept a challenge on their mobile device after clicking a login screen or command on the target server website. This type of solution is useful when the target device is locked and user needs to login, or a service (e.g. a website with a login form) is attempted to be accessed via the requesting client); entering the code from the message received by the computing device into the solution specific application (Golombek, ¶[0082], a client may specify a phone number, which is called by the server. The receiver must then confirm by entering a code or sequence over the phone line previously associated with the user's account. Similarly a text or e-mail can be sent to the user for which an appropriate response must be provided. A hardware key could also be used as a mechanism to respond to a challenge. A hardware identifier of the client can be used to determine the identity of the client (e.g., IMEI, IMSI, UDID, MAC address, serial number or other unique ID associated with the client device.);  47Patent ApplicationAttorney Docket No. 1018656-001017sending a RESTful message from the mobile client to a main registration client hosted on the computing device (Golombek, ¶[00135], the mobile application directly requests for server to authenticate a user on a device, such as by the application sending an HTTP request to server.); relaying the RESTful message received from the main registration client hosted on the mobile device to the authentication server (Golombek, ¶[00135], the mobile application directly requests for server to authenticate a user on a device, such as by the application sending an HTTP request to server. The request may specify device identification information (e.g. IMSI, IMEI, android ID, UDID, account information, response to a cryptographic challenge), application identification information, or a variety of other types of information specified above. The server the authorizes request, as described above. If the request is authorized, the server returns account or authentication information to known trusted place.); and starting a registration process for the user and the biometric device on the authentication server (Golombek, ¶[0045], The user enters authentication information in a login or registration process, information is captured and the user is enrolled in that service on the server. For this the system can be configured to detect entry of authentication information in a login or registration process through form detection and analysis components).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to initiate a solution that the host on the mobile device authenticates the server and by entering a message that is received by the computing device that will start a registration process for the user and biometric device.

18. Regarding Claim 6, Sheets, Cha, Blanke and Golombek disclose, 
Sheets, Cha, and Blanke does not explicitly disclose the following limitations that Golombek teaches:
the method of claim 5, further comprising: verifying the signed PKI Credential (challenge), the Public key, and the attestation on the authentication server (Golombek, ¶[0047], When the user clicks the button, the client sends a request (e.g. HTTP) to server with information provided by the service. In an example implementation, the system can follow the OAuth standard. The request may contain information provided by service: an address (e.g. URL) where the authorized request can return information to the server, parameters indicating what type of authorization to perform to verify user consent (e.g. need voice, picture, biometric, parental or administrator authorization), or parameters indicating what type of information service requests to know about user.); and linking the Public Key as a roaming PKI Credential in a plurality of biometric registration database entries (Golombek, ¶[0068], the authorizing client sends the results to the authentication server. This may be done in one of several methods, such as the client authenticates using any of methods described herein (e.g., relay of known credential, hardware ID digitally signing response using client's private key, where public key known to server) and provides result data over SSL/TLS to the server.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the signed PKI credential and the confirmation on the authentication server by linking the public key as a roaming PKI by using biometric to register the database.

19. Regarding Claim 8, Sheets, Cha, Blanke and Golombek disclose, 
Sheets, Cha, and Blanke does not explicitly disclose the following limitations that Golombek teaches:
the method of claim 7, wherein the provisioning of the 2FA comprises: sending a request for the user and the biometric device to the authentication registration server to two-factor authentication (2FA) (Golombek, ¶[0006], The vulnerability of password-based protection schemes has led to the rise of multi-factor authentication methods that incorporate or combine alternative proofs of identity, such as biometric methods (e.g., fingerprints) or possession based methods (e.g., security tokens).); confirming that the user and the biometric device have roaming authentication (Golombek, ¶[0088], the user either confirms or denies the request through appropriate user interface input. An action may be required to confirm the request, such as pressing a command button, entering a code, voice command, biometric input, or other similar input means. The client may provide trusted information as part of the user confirmation in order to prove the legitimacy of the server. Such trusted data can be predefined, generated by the server upon user enrollment, stored in a user account, derived from context data, or retrieved from a service that has knowledge of the user. ); sending a message to the solution specific main registration client on the computing device with a code (Golombek, ¶[0082], a client may specify a phone number, which is called by the server. The receiver must then confirm by entering a code or sequence over the phone line previously associated with the user's account. Similarly a text or e-mail can be sent to the user for which an appropriate response must be provided. A hardware key could also be used as a mechanism to respond to a challenge. A hardware identifier of the client can be used to determine the identity of the client (e.g., IMEI, IMSI, UDID, MAC address, serial number or other unique ID associated with the client device.); starting the solution specific application on the mobile device and entering the code received from the authentication registration server received by the computing device, which was received from the authentication registration server (Golombek, ¶[0129], a variation of multiple authorizing client device implementation includes a request forwarding or keychain scenario. In this case, multiple authorizing devices are not required for login, but instead, authorization delegation is performed by forwarding requests to access a device keychain to a secondary mobile keychain for authentication. For example, if a user is using a guest phone or device, this solution allows the system to forward a login request to the user's phone. In this case, a keychain is tied to a device, with one keychain per machine and/or one keychain per phone. Alternatively, a shared keychain may be used. This makes it relatively easy to share credentials); send the mobile device sending a RESTful message from the mobile device to the solution specific main registration client on the computing device (Golombek, ¶[00135], the mobile application directly requests for server to authenticate a user on a device, such as by the application sending an HTTP request to server. The request may specify device identification information (e.g. IMSI, IMEI, android ID, UDID, account information, response to a cryptographic challenge), application identification information, or a variety of other types of information specified above. The server the authorizes request, as described above. If the request is authorized, the server returns account or authentication information to known trusted place.); 
Sheets and Cha does not explicitly disclose the following limitations that Blanke teaches:
determining if the code sent by mobile application matches the code received from the authentication registration server (Blanke, Col. 4, 29-37, As illustrated, the Interface 102 may also provide secure access to a secure storage device 120 on the client 100 which stores information related to each of the authentication devices 110-112 such as a device identification code, user identification code, user enrollment data (e.g., Scanned fingerprint or other biometric data) protected by the authentication device, and keys wrapped by the authentication device used to perform the secure authentication techniques described herein); 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to determine the code sent by an application will match the registration code that is received from the authentication server.
generating an encrypted user assertion on the mobile device by prompting the user to unlock a secure container on the mobile device by with a second authentication factor (Golombek, ¶[0054], If the requesting client has decryption keys, it may not store credentials locally, so that when server authorizes request to login or create account, the server sends encrypted information to the client, which is decrypted by its keys. In this case, only the client can decrypt them with a key it has (e.g. locally generated, derived from a user password (e.g. using PBKDF2), stored on the client or a hardware token associated with the client). Alternatively, the client may locally cache all credential information and request from server returns a decryption key for a given service's credentials); sending the encrypted user assertion from the mobile device to the computing device and relaying the encrypted user assertion from the computing device to the authentication server (Golombek, ¶[0097], the validation request from the authentication server may cause the authorizing client to simply return its own phone number and the authentication server can then verify that this is a correct response. Any other appropriate data string or data object can also be used. Thus, for method 371, the decision block 379 is performed by the authentication server prior to sending the encrypted credentials to the requesting client, act 384.); and processing the encrypted user assertion on the authentication server to provide the user with 2FA authentication (Golombek, ¶[0072], the authentication server uses context information to perform authorization of the requesting client and/or the user. The authorization may take into consideration information provided by the client, e.g., provided as part of requesting client's request content, requested by server from requesting client or another client determined by server as a result of processing information from a client (e.g. geo-ip, mobile network operator location lookup), retrieved from another server or service, associated with the account and stored at server.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to send request for users and the biometric device to authenticate a 2FA confirming that the authentication sends a message, receives authentication and generates an encrypted user assertion all to the computing device to enhance security within the registration for the biometrics.

20. Regarding Claim 12, Sheets, Cha, Blanke and Golombek disclose, 
Sheets, Cha and Blanke does not explicitly disclose the following limitations that Golombek teaches:
the method of claim 11, wherein the one or more of the computing devices in which the user and the biometric device has not previously been registered is a multi-function printer, the method further comprising: sending a print job to the multi-function printer; and printing the print job on the multi-function printer (Golombek, ¶[0003], Computers in the network are either clients or servers, where a server is selectively shares its resources and a client initiates contact with a server in order to use the resource. Such resources typically include application programs, data, printers, storage devices, input/output devices, and the like. In the Internet environment, clients and servers exchange messages according to a request-response messaging exchange in which the client sends a request, and the server returns a response in accordance with a defined communications protocol that operates in the application layer of the TCP/IP (Transmission Control Protocol/Internet Protocol) model.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a function printer that is capable of sending and printing the print job.

21. Regarding Claim 16, Sheets, Cha, Blanke and Golombek disclose, the computer readable medium of claim 15, wherein the registering of the PKI credential hosted on the authentication server on the computing device comprises: initiating a solution specific application hosted on the mobile device (Golombek, ¶[00124], in one embodiment, the authorizing client can be used to automatically fill-in credentials and data to the target client from saved data by the authentication server pushing a request into the authorizing client mobile device. In this case, the mobile device only needs to display a one-click login button. For this embodiment, the response-challenge routine could include a step in which the user must to accept a challenge on their mobile device after clicking a login screen or command on the target server website. This type of solution is useful when the target device is locked and user needs to login, or a service (e.g. a website with a login form) is attempted to be accessed via the requesting client); entering the code from the message received by the computing device into the solution specific application (Golombek, ¶[0082], a client may specify a phone number, which is called by the server. The receiver must then confirm by entering a code or sequence over the phone line previously associated with the user's account. Similarly a text or e-mail can be sent to the user for which an appropriate response must be provided. A hardware key could also be used as a mechanism to respond to a challenge. A hardware identifier of the client can be used to determine the identity of the client (e.g., IMEI, IMSI, UDID, MAC address, serial number or other unique ID associated with the client device.); sending a RESTful message from the mobile client to a main registration client hosted on the computing device (Golombek, ¶[00135], the mobile application directly requests for server to authenticate a user on a device, such as by the application sending an HTTP request to server.); relaying the RESTful message received from the main registration client hosted on the mobile device to the authentication server (Golombek, ¶[00135], the mobile application directly requests for server to authenticate a user on a device, such as by the application sending an HTTP request to server. The request may specify device identification information (e.g. IMSI, IMEI, android ID, UDID, account information, response to a cryptographic challenge), application identification information, or a variety of other types of information specified above. The server the authorizes request, as described above. If the request is authorized, the server returns account or authentication information to known trusted place.); and starting a registration process for the user and the biometric device on the authentication server (Golombek, ¶[0045], The user enters authentication information in a login or registration process, information is captured and the user is enrolled in that service on the server. For this the system can be configured to detect entry of authentication information in a login or registration process through form detection and analysis components).

22. Claims 4, 5 and 17 are rejected under 35 U.S.C 103 as being unpatentable over Sheets(US 20130290136 A1) and Cha(US 2012/0072979 A1) in view of Dundas(US 9780950 B1)

23. Regarding Claim 4, Sheets, Cha and Dundas discloses, 
Sheets and Cha does not explicitly disclose the following limitations that Dundas teaches:
the method of claim 3, further comprising: creating a PKI Credential (challenge) on the authentication server (Dundas, Col. 4 lines 7-11, Embodiments are directed to a method and system for authentication of PKI credentials by use of a one time password (OTP). PKI (public key infrastructure) credentials can include a user's public key certificate and corresponding private key.); sending the created PKI Credential (challenge) to the computing device (Dundas, Col. 2 lines 32-39, The method may also include validating the one time password received from the client device based on the user ID and the credential ID. Upon validating the one time password, the method can also include sending a response to the client device, and the response includes at least one of an authorization to access a private key stored on the client device or at least a portion of the private key.); and forwarding the created PKI Credential (challenge) from the computing device to the mobile device (Dundas, Col. 4, lines 9-16, PKI (public key infrastructure) credentials can include a user's public key certificate and corresponding private key. Accordingly to some aspects of the present disclosure, at least a portion of the PKI credentials is stored on a client device in a secured fashion, and additional protection of the PKI credentials is provided using an additional computing device referred to herein as a registered device.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention
To create PKI credentials on the authentication server that will allow the PKI credentials to send and forward to the computing and mobile device.

24. Regarding Claim 5, Sheets, Cha and Dundas discloses, 
Kato does not explicitly disclose the following limitations that Nagai teaches: 
the method of claim 4, further comprising: generating a Key Pair and signing the created PKI Credential (challenge) on the mobile device (Dundas, Col. 4, lines 50-56, Together with a local PIN, this system simulates Smartcard functionality and provides the benefits of a Smartcard with access to PKI functions (e.g., decrypting incoming messages and signing outgoing messages) without some of the detriments of physical Smartcards, such as cost and logistical challenges. Here, users provide two factor authentication credentials, via both a user login and the OTP, to get the encryption and signing capabilities associated with PKI technology without the inventory, material, shipping, logistics and trade compliance costs associated with Smartcards.); sending a Public Key and an attestation Certificate to the computing device in an encrypted message from the mobile device (Dundas, Col. 1 lines 41-48, This challenge verifies that the card is in possession of and can successfully use the corresponding private key. The private key can then be used to decrypt incoming messages and for signing outgoing messages. The public key can then be used to encrypt incoming messages and validate the signatures of outgoing messages. Accordingly, Smartcards allow access to signing and encryption that other two factor authentication solutions may not provide.)); and relaying the encrypted message from the computing device to the authentication server, wherein the relay encrypted message includes the signed PKI Credential (challenge), the Public Key, and the attestation (Dundas, Col. 4 lines 47-56, Together with a local PIN, this system simulates Smartcard functionality and provides the benefits of a Smartcard with access to PKI functions (e.g., decrypting incoming messages and signing outgoing messages) without some of the detriments of physical Smartcards, such as cost and logistical challenges. Here, users provide two factor authentication credentials, via both a user login and the OTP, to get the encryption and signing capabilities associated with PKI technology without the inventory, material, shipping, logistics and trade compliance costs associated with Smartcards).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to generate a Key Pair and to sign the PKI credential on the mobile device and by sending the PKI and a attestation certificate that will encrypt the message from the mobile device wherein the encrypted device relays a message that include the signed PKI to enhance security features.

25. Regarding Claim 17, Sheets, Cha, and Dundas discloses, the computer readable medium of claim 16, further comprising: creating a PKI Credential (challenge) on the authentication server (Dundas, Col. 4 lines 7-11, Embodiments are directed to a method and system for authentication of PKI credentials by use of a one time password (OTP). PKI (public key infrastructure) credentials can include a user's public key certificate and corresponding private key.); sending the created PKI Credential (challenge) to the computing device (Dundas, Col. 2 lines 32-39, The method may also include validating the one time password received from the client device based on the user ID and the credential ID. Upon validating the one time password, the method can also include sending a response to the client device, and the response includes at least one of an authorization to access a private key stored on the client device or at least a portion of the private key.); forwarding the created PKI Credential (challenge) from the computing device to the mobile device (Dundas, Col. 4, lines 9-16, PKI (public key infrastructure) credentials can include a user's public key certificate and corresponding private key. Accordingly to some aspects of the present disclosure, at least a portion of the PKI credentials is stored on a client device in a secured fashion, and additional protection of the PKI credentials is provided using an additional computing device referred to herein as a registered device.); generating a Key Pair and signing the created PKI Credential (challenge) on the mobile device (Dundas, Col. 4, lines 50-56, Together with a local PIN, this system simulates Smartcard functionality and provides the benefits of a Smartcard with access to PKI functions (e.g., decrypting incoming messages and signing outgoing messages) without some of the detriments of physical Smartcards, such as cost and logistical challenges. Here, users provide two factor authentication credentials, via both a user login and the OTP, to get the encryption and signing capabilities associated with PKI technology without the inventory, material, shipping, logistics and trade compliance costs associated with Smartcards.);  51Patent ApplicationAttorney Docket No. 1018656-001017sending a Public Key and an attestation Certificate to the computing device in an encrypted message from the mobile device (Dundas, Col. 1 lines 41-48, This challenge verifies that the card is in possession of and can successfully use the corresponding private key. The private key can then be used to decrypt incoming messages and for signing outgoing messages. The public key can then be used to encrypt incoming messages and validate the signatures of outgoing messages. Accordingly, Smartcards allow access to signing and encryption that other two factor authentication solutions may not provide.)); relaying the encrypted message from the computing device to the authentication server, wherein the relay encrypted message includes the signed PKI Credential (challenge), the Public Key, and the attestation; verifying the signed PKI Credential (challenge), the Public key, and the attestation on the authentication server (Dundas, Col. 4 lines 47-56, Together with a local PIN, this system simulates Smartcard functionality and provides the benefits of a Smartcard with access to PKI functions (e.g., decrypting incoming messages and signing outgoing messages) without some of the detriments of physical Smartcards, such as cost and logistical challenges. Here, users provide two factor authentication credentials, via both a user login and the OTP, to get the encryption and signing capabilities associated with PKI technology without the inventory, material, shipping, logistics and trade compliance costs associated with Smartcards); and linking the Public Key as a roaming PKI Credential in a plurality of biometric registration database entries (Dundas, Col. 5-6 lines, 61-67 and lines 1-5, the OTP can be provided to the user via the registered device 180, which has been registered to the user and this registration (e.g., a credential ID of the registered device) is stored at the authentication server. In particular, in one embodiment, the registered device 180 may include a PIN receiver 182 (a user interface (UI) or a UI element) that can receive a PIN from the user, e.g., from the user's recollection. For example, the registered device could be a mobile phone with an application for receiving a PIN.).  

26. Claims 13 and 19 are rejected under 35 U.S.C 103 as being unpatentable over Sheets(US 20130290136 A1) and Cha(US 2012/0072979 A1) in view of McBride(US 2014/0108801 A1)  

27. Regarding Claim 13, Sheets, Cha and McBride disclose, 
Sheets and Cha does not explicitly disclose the following limitations that McBride teaches:
the method of claim 1, wherein the biometric device is a wearable biometric device configured to measure electrical activity of a heartbeat of the user (McBride, ¶[0047], The type of user-selected data items being exchanged by the host could include: E-mail messages, events, meeting notifications, address entries, journal entries, personal alerts, alarms, warnings, stock quotes, news bulletins, bank account transactions, field service updates, stock trades, heart-monitoring information, vending machine stock levels, meter reading data, GPS data, etc., but could, alternatively, include any other type of message that is transmitted to the host system 25, or that the host system 25 acquires through the use of intelligent agents, such as data that is received after the host system 25 initiates a search of a database or a website or a bulletin board.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a biometric device that is wearable and configured to measure a user’s heartbeat rate.

28. Regarding Claim 19, Sheets, Cha and McBride disclose, the system of claim 18, further comprising: the biometric device, the biometric device being a wearable biometric device configured to measure electrical activity of a heartbeat of the user, and wherein the mobile device has a roaming PKI Credential, which links the mobile device in a plurality of biometric registration databases for roaming authentication of the user and biometric device (McBride, ¶[0047], The type of user-selected data items being exchanged by the host could include: E-mail messages, events, meeting notifications, address entries, journal entries, personal alerts, alarms, warnings, stock quotes, news bulletins, bank account transactions, field service updates, stock trades, heart-monitoring information, vending machine stock levels, meter reading data, GPS data, etc., but could, alternatively, include any other type of message that is transmitted to the host system 25, or that the host system 25 acquires through the use of intelligent agents, such as data that is received after the host system 25 initiates a search of a database or a website or a bulletin board.). 

Conclusion
29.	 THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433