DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 24 November 2021 has been entered.
 Response to Amendment
Applicant’s amendment filed 19 October 2021 amends claims 5-7 and 9. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “In para. [0031] and [0039] Ignatchenko particularly mentions private keys 214 and 237 which are private encryption keys …and public key 124 which is a public decryption key…and a public decryption key for decrypting private encryption key 214…However, Ignatchenko fails to mention any public encryption keys.” In response, Applicant has failed to fully considered 
Therefore, as modified, the public keys of Kon, which can be utilized for encryption and decryption, would be stored in a separate database from the private keys, which can also be utilized for encryption and decryption.
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant argues, “…Ignatchenko fails to teach that a private encryption key and a public encryption key (i.e. different types of encryption keys from different key pairs) are centrally stored in separate securely accessible key directories for each of the private encryption key and a public encryption key.” In response, the claims do not require that the private encryption key and the public encryption key are from different key pairs. Instead, a single public private key pair can read on the public encryption key, public decryption key, private encryption key, and private decryption key. In cryptography, an asymmetric key pair such as a public/private key pair can be utilized for encryption purposes and digital signature purposes. When utilized for encryption purposes, the public key will be utilized to encrypt plaintext such that the resulting ciphertext can only be decrypting using the corresponding private key. That same private key can be utilized to create digital signatures such that the generated digital signature can be verified using the corresponding public key. This public key would be the same public key used for encryption. There is no claimed requirement for different key pairs.
Ignatchenko discloses the storage of public keys and private keys in a central server ([0017] & [0031]) such that the public keys and private keys are stored in separate databases within the central server ([0031]: central server has database 237 storing key 237 which may be the private key & [0039]: public key stored in another database). Therefore, Ignatchenko clearly discloses separate storage directories for each of the public keys and private keys as claimed.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 5-8 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “confidential data decryption unit” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The claimed “unit” language represents a general replacement for the means language. Additionally, the specification has not clearly linked any particular structure, material, or acts from the specification to the claimed “confidential data decryption unit”. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181
	Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4-10, 12, 16, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kon, U.S. Publication No. 2002/0026427, in view of Freeman, U.S. Publication No. 2004/0162984, and further in view of Ignatchenko, U.S. Publication No. 2014/0270814. Referring to claims 1, 4, 16, Kon discloses an authentication system that utilizes identification certificates (IDC) that include the digital signature of the identification authority ([0468] & [0621]: digital signature created by encrypting data such as a hash using a private key; digital signature reads on the claimed first data) such that the digital signature is decrypted using the public key in order to verify the certificate ([0621] & [0629]), which meets the limitation of a [physical] security item comprising a security certificate comprising first data that has been encrypted using a private encryption key, the encrypted first data being operable to be decrypted using a public decryption key associated with the private encryption key in order to authenticate the security certificate. The IDC additionally included templates that are encrypted using a public key such that the encrypted templates can be decrypted using the corresponding private key ([0629]: templates would read on the claimed second data), which meets the limitation of wherein the security certificate further comprises second data that has been encrypted using a public encryption key, the encrypted second data being operable to be decrypted using a private decryption key associated with the public encryption key. 
Kon discloses that the IDC includes encrypted templates ([0629]) and that the templates could include passport information ([0223]). Kon does not disclose that the IDC could be included as a visual image in a passport/visa. Freeman discloses the inclusion of identification certificate information in a passport as a two-dimensional barcode ([0015]-[0016]: IDC of Kon includes the signature and the templates. Therefore, application of Kon’s IDC as a barcode would result in a barcode that included the IDC signature and templates; passport would read on the claimed physical security item), which meets the limitation of a physical security item, wherein each of the encrypted first data and the second data is applied on the security item in the form of a visual image, wherein the security certificate forms part of a travel visa, wherein the visual image comprises a barcode. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the IDC of Kon to have been included in a passport, in the manner suggested by Kon, in order to provide personal authentication without compromising the integrity of the data or security of proper identification as suggested by Freeman ([0019]-[0020]).
Kon discloses an authentication system wherein the personal identification certificate authority (IDA) creates a person identification certificate (IDC) ([0621]) by encrypting data with the private key of the IDA ([0621] & [0556]). Public keys are registered and stored at a certificate authority such that the public keys can be acquired from the certificate authority ([0531]). Kon does not disclose that the private keys are centrally stored along with the public keys. Ignatchenko discloses the storage of public keys and private keys in a central server ([0017] & [0031]) such that the public keys and private keys are stored in separate databases within the central server ([0031]: central server has database 237 storing key 237 which may be the private key & [0039]: public key stored in another database), which meets the limitation of wherein the private encryption key and the public encryption key are centrally stored in separate securely accessible key directories. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the private keys of Kon to have been stored at the certificate authority along with the public keys, in the manner described in Ignatchenko, in order to provide a central mechanism that verifies that system devices are authorized as suggested by Ignatchenko ([0038]).
Referring to claim 5, Kon discloses an authentication system that utilizes identification certificates (IDC) that include the digital signature of the identification authority ([0468] & [0621]: digital signature created by encrypting data such as a hash using a private key; digital signature reads on the claimed first data) such that the digital signature is decrypted using the public key in order to verify the certificate ([0621] & [0629]), which meets the limitation of a [physical] security item comprising a security certificate comprising first data that has been encrypted using a private encryption key, the encrypted first data being operable to be decrypted using a public decryption key associated with the private encryption key in order to authenticate the security certificate. The IDC additionally included templates that are encrypted using a public key such that the encrypted templates can be decrypted using the corresponding private key ([0629]: templates would read on the claimed second data), which meets the limitation of wherein the security certificate further comprises second data that has been encrypted using a public encryption key, the encrypted second data being operable to be decrypted using a private decryption key associated with the public encryption key. Kon discloses an authentication system wherein the personal identification certificate authority (IDA) creates a person identification certificate (IDC) ([0621]) by encrypting data with the private key of the IDA ([0621] & [0556]). Public keys are registered and stored at a certificate authority such that the public keys can be acquired from the certificate authority ([0531]) where the public key is part of a key pair that includes the public key and a corresponding private key ([0168]), which meets the limitation of a public decryption key directory configured to allow an authorized user to access the public decryption key associated with the private encryption key. The digital signatures are verifiable using the public key ([0527]: digital signatures are creating by encrypting using the private key and verifiable by decrypting using the corresponding public key), which meets the limitation of wherein the encrypted first data is decrypted using the accessed public decryption key associated with the private encryption key. IDC template information is encrypted using a public key ([0227] & [0229] & [0231] & [0249]). The encrypted template can only be decrypted using the private key that corresponds to the public key used to encrypt the template ([0305] & [0309] & [0311]), which meets the limitation of a confidential data decryption unit configured to receive, from an authorized user, the encrypted second data and to decrypt the received data using the private decryption key associated with the public encryption key. Private keys are stored securely on their corresponding devices ([0335]), which meets the limitation of the private decryption key being stored on a private decryption key directory configured to allow the authorized user to access the private encryption key associated with the public encryption key.
Kon discloses that the IDC includes encrypted templates ([0629]) and that the templates could include passport information ([0223]). Kon does not disclose that the IDC could be included as a visual image in a passport/visa. Freeman discloses the inclusion of identification certificate information in a passport as a two-dimensional barcode ([0015]-[0016]: IDC of Kon includes the signature and the templates. Therefore, application of Kon’s IDC as a barcode would result in a barcode that included the IDC signature and templates; passport would read on the claimed physical security item), which meets the limitation of a physical security item, wherein each of the encrypted first data and the second data is applied on the security item in the form of a visual image. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the IDC of Kon to have been included in a passport, in the manner suggested by Kon, in order to provide personal authentication without compromising the integrity of the data or security of proper identification as suggested by Freeman ([0019]-[0020]).
Kon discloses an authentication system wherein the personal identification certificate authority (IDA) creates a person identification certificate (IDC) ([0621]) by encrypting data with the private key of the IDA ([0621] & [0556]). Public keys are registered and stored at a certificate authority such that the public keys can be acquired from the certificate authority ([0531]). Kon does not disclose that the private keys are centrally stored along with the public keys. Ignatchenko discloses the storage of public keys and private keys in a central server ([0017] & [0031]) such that the public keys and private keys are stored in separate databases within the central server ([0031]: central server has database 237 storing key 237 which may be the private key & [0039]: public key stored in another database), which meets the limitation of wherein the private encryption key and the public encryption key are centrally stored in separate securely accessible key directories. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the private keys of Kon to have been stored at the certificate authority along with the public keys, in the manner described in Ignatchenko, in order to provide a central mechanism that verifies that system devices are authorized as suggested by Ignatchenko ([0038]).
Referring to claim 6, Kon discloses that the signature from the IDC is verified using the public key to check whether or not the IDC has been tampered with ([0621]: such a verification reads on the claimed determined whether or not the encrypted data has been successfully decrypted using the accessed public decryption key because signature verification involves decryption using a public key and comparison of the decrypted value with an expected value to determine whether or not tampering has occurred), which meets the limitation of wherein the system is configured to determine whether or not the encrypted first data has been successfully decrypted using the accessed public decryption key. 
Referring to claim 7, Kon discloses that the signature from the IDC is verified using the public key to check whether or not the IDC has been tampered with ([0621]: not tampered with would indicate that the IDC is authentic and tampered with would indicate that the IDC is not authentic), which meets the limitation of wherein the system is configured to indicate that the security certificate is authentic if the encrypted first data is successfully decrypted and/or is configured to indicate that the security certificate is not authentic if the security certificate is not successfully decrypted.
Referring to claim 8, Kon discloses an authentication system wherein the personal identification certificate authority (IDA) creates a person identification certificate (IDC) ([0621]) by encrypting data with the private key of the IDA ([0621] & [0556]). Public keys are registered and stored at a certificate authority such that the public keys can be acquired from the certificate authority ([0531]). Kon does not disclose that the private keys are centrally stored along with the public keys. Ignatchenko discloses the storage of public keys and private keys in a central server ([0017] & [0031]) such that the public keys and private keys are stored in separate databases within the central server ([0031]: central server has database 237 storing key 237 which may be the private key & [0039]: public key stored in another database), which meets the limitation of wherein the public decryption key directory comprises a database containing at least one public decryption key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the private keys of Kon to have been stored at the certificate authority along with the public keys, in the manner described in Ignatchenko, in order to provide a central mechanism that verifies that system devices are authorized as suggested by Ignatchenko ([0038]).
Referring to claims 9, 12, Kon discloses an authentication system that utilizes identification certificates (IDC) that include the digital signature of the identification authority ([0468] & [0621]: digital signature created by encrypting data such as a hash using a private key; digital signature reads on the claimed first data) such that the digital signature is decrypted using the public key in order to verify the certificate ([0621] & [0629]), which meets the limitation of a [physical] security item comprising a security certificate comprising first data that has been encrypted using a private encryption key, the encrypted first data being operable to be decrypted using a public decryption key associated with the private encryption key in order to authenticate the security certificate. The IDC additionally included templates that are encrypted using a public key such that the encrypted templates can be decrypted using the corresponding private key ([0629]: templates would read on the claimed second data), which meets the limitation of wherein the security certificate further comprises second data that has been encrypted using a public encryption key, the encrypted second data being operable to be decrypted using a private decryption key associated with the public encryption key. Kon discloses an authentication system that utilizes identification certificates (IDC) that include the digital signature of the identification authority ([0468] & [0621]: digital signature creating by encrypting data such as a hash using a private key) and templates that are encrypted using a private key such that the encrypted templates can be decrypted using the corresponding public key ([0629]) and encrypted templates ([0629]), which meets the limitation of collecting the encrypted first and second data stored on the security certificate. The IDC is transmitted from the IDA to a user device for verification of the IDC ([0303]) such that the digital signature is decrypted using the public key in order to verify the certificate ([0621] & [0629]) and the encrypted templates can be decrypted using the corresponding public key ([0629]), which meets of decrypting the encrypted first and second data using the public decryption key associated with the private encryption key and the private decryption key associated with the public encryption key respectively. The template decrypted using the private key is compared with known data in order to verify the certificate ([0305]: verification concluded as OK or NG) and IDC signatures are verified using the public key to check whether the IDC has been tampered with ([0346] & [0621]: not tampered with would indicate that the IDC is authentic and tampered with would indicate that the IDC is not authentic), which meets the limitation of determine the success or failure of the attempted decryption of the encrypted first and second data, wherein a successful decryption of the encrypted first and second data authenticates the security certificate.
Kon discloses that the IDC includes encrypted templates ([0629]) and that the templates could include passport information ([0223]). Kon does not disclose that the IDC could be included as a visual image in a passport/visa. Freeman discloses the inclusion of identification certificate information in a passport as a two-dimensional barcode ([0015]-[0016]: IDC of Kon includes the signature and the templates. Therefore, application of Kon’s IDC as a barcode would result in a barcode that included the IDC signature and templates; passport would read on the claimed physical security item), which meets the limitation of a physical security item, wherein each of the encrypted first data and the second data is applied on the security item in the form of a visual image, wherein the security certificate forms part of a travel visa, wherein the visual image comprises a barcode. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the IDC of Kon to have been included in a passport, in the manner suggested by Kon, in order to provide personal authentication without compromising the integrity of the data or security of proper identification as suggested by Freeman ([0019]-[0020]).
Kon discloses an authentication system wherein the personal identification certificate authority (IDA) creates a person identification certificate (IDC) ([0621]) by encrypting data with the private key of the IDA ([0621] & [0556]). Public keys are registered and stored at a certificate authority such that the public keys can be acquired from the certificate authority ([0531]). Kon does not disclose that the private keys are centrally stored along with the public keys. Ignatchenko discloses the storage of public keys and private keys in a central server ([0017] & [0031]) such that the public keys and private keys are stored in separate databases within the central server ([0031]: central server has database 237 storing key 237 which may be the private key & [0039]: public key stored in another database), which meets the limitation of wherein the private encryption key and the public encryption key are centrally stored in separate securely accessible key directories. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the private keys of Kon to have been stored at the certificate authority along with the public keys, in the manner described in Ignatchenko, in order to provide a central mechanism that verifies that system devices are authorized as suggested by Ignatchenko ([0038]).
Referring to claim 10, Kon discloses that the public keys are registered and stored at a certificate authority such that the public keys can be acquired from the certificate authority ([0531]) where the public key is part of a key pair that includes the public key and a corresponding private key ([0168]) and the private keys are stored securely on their corresponding devices ([0335]), which meets the limitation of retrieving the public decryption key associated with the private encryption key from a public decryption key directory and the private decryption key associated with the public encryption key from a private decryption key directory.
Referring to claim 19, Kon discloses that the IDC can include multiple templates that include different identification data ([0305]). The templates can be encrypted using the different public keys ([0227]: public key of the user & [0229]: public key of the service provider). 
While Kon does not explicitly specify that the multiple templates in a single IDC ([0305]) can be encrypted using different public keys, one of ordinary skill in the art would recognize that the system of Kon allows for the multiple templates in paragraph [0305] to be encrypted using different public keys as shown in paragraphs [0227] and [0229] such that the encrypted templates would be decryptable using the corresponding private keys ([0629]), which meets the limitation of wherein different parts of the second data have been encrypted using different public encryption keys allowing different parties to access different parts of the second data using corresponding different private decryption keys associated with corresponding public encryption keys of the different public encryption keys. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the multiple templates of the IDC in Kon to have been encrypted using different public keys because Kon suggests that utilization of different public keys is one of a finite number of possible template encryption embodiments that could have been implemented by one of ordinary skill in the art with a reasonable expectation of success (Kon: [0225]-[0232]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437