Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the claims filed 5/30/2019.  Claims 1-25 are pending.  Claims 1 (a machine) and 15 (a machine) are independent.

Response to Arguments
Applicant's arguments filed on 11/24/2021 have been fully considered but they are not persuasive. 
On page 10 of the remarks, Applicant asserts that the claims “require two separate concatenations of biometric information with non-biometric information”.  
Specifically, Applicant states:
“Kanza however remains wholly silent on a second concatenation.”

Applicant’s remarks are not persuasive.  
Kanza explicitly discloses that the verifier performs a second concatenation to verify the information sent by the user device:
(“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60.)
Note that UB is the users biometric, see Kanza ¶ 63
 

On page 12 Applicant asserts that the fuzzy matching of “Dodis is generally irrelevant to the present concept, as the biometric inputs are not extracted for direct comparison.  The ability to authenticate non-matching biometrics in the present invention comes from the combination of the biometrics with static user information.”

Examiner notes that Applicant’s specification explicitly contemplates fuzzy extraction, the subject matter of Dodis, on pages 34-35 of the specification.  To the extent that Applicant’s fuzzy matching may differ from that disclosed in Dodis, such is not required or implied by the claims. 

Note that the mapping of claim 2 has been updated to reflect Applicant’s amendments.  Claim 3 is now rejected in view of Kim et al., US 2016/0048669 (filed 2014-12), in view of Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008).
This is because claim 3 has been amended to recite: “wherein when the second biometric information and the fourth biometric information fail to match but a difference thereof falls within a predetermined threshold range…”
As mapped, to Kanza, the second/fourth biometric information are stated to be hashes.  Hashes are generally purposed to be randomly unique for any distinct inputs.  As such, hashes could not be matches within a threshold range.  Kim discloses matching biometric concatenations within threshold ranges and is now cited for the limitations of claim 3.

In summary, Applicant’s remarks with respect to claims 1 and 15 are not persuasive.  And the amendment to claim 3 has overcome the Kanza reference.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al., US 2016/0048669 (filed 2014-12), in view of Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008).
As to claim 3 (which includes claim 1) Kim discloses a machine comprising:
a communication circuit; (“The device may transmit the authorization data to an authentication device of the computer security system.” Kim ¶ 13. See also Kim ¶ 194)
a biometric sensor; and (“the mobile device 102. The mobile device 102 may include smart eyewear. The mobile device 102 may be coupled to or include a microphone 1202, an iris scan sensor 1208, or both. During operation, the user 106 may provide the biometric data 170 (e.g., an iris scan) by placing an eye near the iris scan sensor 1208.” Kim ¶ 187. See also Kim ¶ 190)

obtain first biometric information of a user by using the biometric sensor; (“The method 1400 includes finger printing/iris scanning, at 1402. For example, the authorization data generator 110 may receive first biometric data 1470 (e.g., a finger print scan and/or an iris scan) in a first format (e.g., image data).” Kim ¶ 199)
generate second biometric information for authenticating the user, based on concatenation (“the authorization data generator 110 may interleave or concatenate the second biometric data 1472 and the image audio 1408 to generate the biometric data 170.” Kim ¶ 203) of the first biometric information and unique information corresponding to the user; (“receive the second biometric data 1472 (e.g., a speech signal, a voice print, etc.) in a second format (e.g., audio data)” Kim ¶ 200) and 
transmit the second biometric information to an authentication server through the communication circuit for authentication, (“The authorization data generator 110 may transmit the authorization data 178 via the transceiver 142 to the authentication device 104, as described with reference to FIG. 1.” Kim ¶ 204)
wherein a third biometric information, (“The method 1400 includes finger printing/iris scanning, at 1402. For example, the authorization data generator 110 may receive first biometric data 1470 (e.g., a finger print scan and/or an iris scan) in a first format (e.g., image data).” Kim ¶ 199) …, is concatenated (“the authorization data generator 110 may interleave or concatenate the second biometric data 1472 and the image audio 1408 to generate the biometric data 170.” Kim ¶ 203) with the unique information corresponding to the user to generate fourth biometric information that is enrollment data (e.g., received during an enrollment phase) to determine a confidence score.” Kim ¶ 205.  The fourth biometric data being enrollment data received prior to the second biometric information) 
wherein the transmitted second biometric information is authenticated by the authentication server via comparison against the fourth biometric information (“the authentication device 104 may compare the authorization data 178 (e.g., received during an authentication phase) to enrollment data (e.g., received during an enrollment phase) to determine a confidence score.” Kim ¶ 205.)
wherein a first concatenation of the first biometric information with the unique information … from a second concatenation of the third biometric information with the unique information, (“the authorization data generator 110 may interleave or concatenate the second biometric data 1472 and the image audio 1408 to generate the biometric data 170.” Kim ¶ 203. See also Kim ¶ 205.)
wherein the first concatenation is transformed to generate the second biometric information, and the second concatenation is transformed to generate the fourth biometric information, and  (“the authorization data generator 110 may interleave or concatenate the second biometric data 1472 and the image audio 1408 to generate the biometric data 170.” Kim ¶ 203. The data generated for enrollment and authentication per Kim ¶ 205)
wherein when the second biometric information and the fourth biometric information fail to match but a difference thereof falls within a predetermined threshold 

Kim does not disclose:
different from the first biometric information 
is different

Dodis discloses:
different from the first biometric information 
is different
 (“R extracted from w can be used as a key in a cryptographic application but unlike traditional keys, need not be stored (because it can be recovered from any w ′ that is close to w)…. Because different biometric information has different error patterns, we do not assume any particular notion of closeness between w ′ and w. Rather, in defining our primitives, we simply assume that w comes from some metric space, and that w ′ is no more than a certain distance from w in that space.” Dodis pp. 3-4)

.


Claims 1, 2, 6, 11, 15-17, 20, and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), and Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008).

As to claims 1 and 15 Kanza discloses a machine comprising:
 a communication circuit; (“one or more of the transceivers of the communications component 1318 may be configured to communicate using Global System for Mobile communications (“GSM”), Code-Division Multiple Access (“CDMA”) ONE, CDMA2000, Long-Term Evolution (“LTE”), and various other 2G, 2.5G, 3G, 4G, 5G, and greater generation technology standards” Kanza ¶ 131)
…
a processor operatively connected with the communication circuit and the …, configured to: (see Kanza Figure 13)
 …; 
generate second biometric information for authenticating the user, based on concatenation of the first biometric information and unique information corresponding to the user; and (“The user ID 108 can be created, in part, from a biometric user ID (ub), generated from biometric input as described above. The user ID 108 can be created, in part, from a device ID (did). The device ID can be or can include a media access control (“MAC”) address of the user device 102, an international mobile subscriber identity (“MR”) associated with a subscriber identity module (“SIM”) of the user device 102, and/or an international mobile equipment identity (“MEI”). The user ID 108 can be created, in part, from a session ID (sid) 600 (best shown in FIG. 6) received from the localized corroborator system 106. The user ID 108 can be created as a message digest uid=h(ub∥did∥sid), using the public cryptographic hash function h 114. A verifier, such as the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60)
transmit the second biometric information to an authentication server (“the method 400 proceeds to operation 412, where the user device 102 sends the user ID 108 and the proof ID 110 to the verifier 130.” Kanza ¶ 53) through the communication circuit (see Kanza Figures 1 and 13), for authentication. (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and ∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60.  Ub being a user biometric. See Kanza ¶ 63.)
wherein a third biometric information, …, is concatenated with the unique information corresponding to the user to generate fourth biometric information that is stored by the authentication server, and (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60. Also Kanza ¶ 63. Where h(ub∥did∥sid) is the second biometric information and “h on the concatenation of these IDs” is the fourth biometric information.  The “h on the concatenation of these IDs” being stored at least for the validity test)
wherein the transmitted second biometric information is authenticated by the authentication server via comparison against the fourth biometric information. (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60. Where h(ub∥did∥sid) is the second biometric information and “h on the concatenation of these IDs” is the fourth biometric information.)

Kanza does not explicitly disclose:
a biometric sensor; and 
(claim 15) receive a request for execution of a function that requires biometric authentication of a user; 

different from the first biometric information


Wagner discloses:
a biometric sensor; and (see below)
(claim 15) receive a request for execution of a function that requires biometric authentication of a user; (“An access device 110 may be configured to manage access to a particular resource. Upon receiving a request from a user 104 to access that resource, the access device 110 may be configured to obtain a biometric sample from that user 104… the biometric template 118 or an encrypted version of the biometric template 118 may then be transmitted to the service provider computer 106 for authentication.” Wagner ¶ 54)
by using the biometric sensor
(“the user device 102 may be a mobile device (e.g., a smart phone). In some embodiments, biometric information for (e.g., an image of) the user 104 may be captured using a camera of the user device 102 and transmitted to a service provider computer 106 for processing…. the user device 102 may obtain the biometric sample from the user and generate a biometric template 112 from that biometric sample. The biometric template 112 may then be encrypted (e.g., using an encryption key specific to the user device 102) and transmitted to the service provider computer 106. In some embodiments, the user device 102 may 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza with Wagner by including a biometric sensor to obtain the biometric of Kanza.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza with Wagner in order to allow the obtainment of the biometrics of Kanza, thereby allowing the system of Kanza to obtain and utilize said obtained biometric. 

Kanza in view of Wanger does not disclose:
different from the first biometric information

Dodis discloses:
different from the first biometric information
 (“R extracted from w can be used as a key in a cryptographic application but unlike traditional keys, need not be stored (because it can be recovered from any w ′ that is close to w)…. Because different biometric information has different error patterns, we do not assume any particular notion of closeness between w ′ and w. Rather, in defining our primitives, we simply assume that w comes from some metric space, and that w ′ is no more than a certain distance from w in that space.” Dodis pp. 3-4)




As to claims 2 and 16, Kanza in view of Wagner discloses the machines of claims 1 and 15 and further discloses:
Wherein a first concatenation of the first biometric with the unique information is different (“Because different biometric information has different error patterns, we do not assume any particular notion of closeness between w ′ and w. Rather, in defining our primitives, we simply assume that w comes from some metric space, and that w ′ is no more than a certain distance from w in that space.” Dodis pp. 3-4) from a second concatenation of the third biometric information with the unique information, (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60. Where h(ub∥did∥sid) is the second biometric information and “h on the concatenation of these IDs” is the fourth biometric information.)
Wherein the first concatenation is transformed to generate the second biometric information, and the second concatenation is transformed to generate the fourth biometric information, and (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60. The concatenation itself being a transformation, but also the hash is a transformation.)
Wherein the second biometric information and the fourth biometric information match, and the second biometric information is authenticated by the authentication server. (“The verifier 130 can test that the user ID 108 is created from the session ID 600, the biometric ID of the user 104, and the device ID.” Kanza ¶ 63)

Kanza does not disclose: 
wherein the third biometric information is obtained at another electronic device.

Wagner further discloses:
wherein the third biometric information is obtained at another electronic device. (The access device receives the biometric after the user device registers the biometric. “The authentication template can be encrypted (the second encrypted biometric template) by the ATM, possibly using data encryption keys derived alongside the ATM's PIN encipherment keys, and sent to the remote server computer. The remote server computer can receive the authentication template and decrypt the authentication template and perform a privacy-preserving comparison between that template and the enciphered enrollment templates (first encrypted biometric templates of the user and other users) from each of the consumer devices that are on the server's list of devices that are proximate to that ATM.” Wagner ¶ 104)



As to claims 6 and 20, Kanza in view of Wagner discloses the machine of claims 1 and 15 and further discloses: 
wherein the processor is further configured to obtain the unique information by using information related to a subscriber identity module installed at the electronic device. (“the user identifier includes a hash of a concatenation of the biometric, the device identifier, and the session identifier. The device identifier can be, for example, a MAC address, an IMSI associated with a SIM installed in the user device, or an IMEI.”  Kanza ¶ 146).

As to claims 11 and 21, Kanza in view of Wagner discloses the machines of claims 1 and 15 and further discloses: 
to generate the second biometric information, the processor is further configured to: concatenate the first biometric information and the unique information at a specified concatenation ratio (“the verifier 130 shown in FIG. 1, who is given the values ub, did, ∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60.  The “ratio” being all of the ub, did, and sid); and generate the second biometric information by performing one-way transform with respect to the concatenated information. (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60. H is a hash, see Kanza ¶ 48)

As to claim 17, Kanza in view of Wagner discloses the machine of claim 15 and further discloses:
wherein the processor is further configured to, in response to the request for execution of the function being received, transmit a signal requesting a service from the authentication server necessary for execution of the function to the authentication server, (“An access device 110 may be configured to manage access to a particular resource. Upon receiving a request from a user 104 to access that resource, the access device 110 may be configured to obtain a biometric sample from that user 104… the biometric template 118 or an encrypted version of the biometric template 118 may then be transmitted to the service provider computer 106 for authentication.” Wagner ¶ 54) and wherein the signal requesting the service necessary for execution of the function includes account information of the user. (“The user ID 108 can be created, in part, from a biometric user ID (ub), generated from biometric input as described above. The user ID 108 can be created, in part, from a device ID (did). The device ID can be or can include a media access control (“MAC”) address of the user device 102, an international mobile subscriber identity (“MR”) associated with a subscriber identity module (“SIM”) of the user device 102, and/or an international mobile equipment identity (“MEI”). The user ID 108 can be created, in part, from a session ID (sid) 600 (best shown in FIG. 6) received from the localized corroborator system 106. The user ID 108 can be created as a message digest uid=h(ub∥did∥sid), using the public cryptographic hash function h 114. A verifier, such as the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60)


Claims 4-5, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008), and Steinberg et al., US 2010/0231727 (filed 2009-09).
As to claims 4 and 19, Kanza in view of Wagner and Dodis discloses the machines of claims 1 and 15 and further discloses: 
wherein, to obtain the first biometric information, the processor is further configured to: 
receive an input of biometric information from the user through the biometric sensor; and (“the user device 102 may be a mobile device (e.g., a smart phone). In some embodiments, biometric information for (e.g., an image of) the user 104 may be captured using a camera of the user device 102 and transmitted to a service provider computer 106 for processing…. the user device 102 may obtain the biometric sample 

Kanza in view of Wagner and Dodis does not disclose:
obtain the first biometric information by applying calibration information corresponding to the biometric sensor to the biometric information. 

Steinberg discloses:
obtain the first biometric information by applying calibration information corresponding to the biometric sensor to the biometric information.  (“Values of extracted parameters relating to the optical system including the lens assembly may be embedded within the lens system, wherein by "embedded" it is meant that the information is stored or contained in whatever form within or on or in connection with the lens assembly. This embedded information may preferably be within a Flash or EEPROM memory chip.” Steinberg ¶ 66. “FIG. 8 which describes the workflow of correcting and detecting the dust images based on a lens lookup table and a dust map. If a dust map exists (1120) the system will load the dust map (1130). Otherwise, a new dust map needs to be created as described in FIG. 2 (200). The lens calibration is then loaded (1140). Such map can exist in the software, or as part of the lens memory, or in 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with Steinberg by utilizing a corrective dust map calibration to correct the digital images of Kanza in view of Wagner and Dodis.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner with Steinberg in order to correct imaging imperfections in the camera to render better biometric image samples of the user.  


As to claim 5, Kanza in view of Wagner, Dodis and Steinberg discloses the machine of claim 4 and further discloses: 
further comprising a memory, wherein the processor is further configured to: 
receive the calibration information corresponding to the biometric sensor from an external electronic device, based at least on information regarding the biometric sensor or the electronic device; or 
obtain the calibration information from the memory, based at least on the information regarding the biometric sensor or the electronic device. (“FIG. 8 which describes the workflow of correcting and detecting the dust images based on a lens lookup table and a dust map. If a dust map exists (1120) the system will load the dust map (1130). Otherwise, a new dust map needs to be created as described in FIG. 2 (200). The lens calibration is then loaded (1140). Such map can exist in the software, or as part of the lens memory, or in the camera. Together with the dust map, a specific manifestation of the dust for the specific camera, lens combination is created (1160). This is the dust map that will be used to remove dust specs (400) from an image (404) that was captured using the specific lens on the specific camera.” Steinberg ¶ 40).


Claims 7-8, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008), and Wood et al., US 2004/0210771 (filed 1999-08).
As to claim 7, Kanza in view of Wagner and Dodis discloses the machine of claim 1 and further discloses: 
wherein the processor is further configured to obtain the unique information (“The user ID 108 can be created, in part, from a biometric user ID (ub), generated from biometric input as described above. … The user ID 108 can be created, in part, from a session ID (sid) 600 (best shown in FIG. 6) received from the localized corroborator system 106.” Kanza ¶ 60) … using at least one sensor of the electronic device. (“the user device 102 may be a mobile device (e.g., a smart phone). In some embodiments, biometric information for (e.g., an image of) the user 104 may be captured using a 

Kanza in view of Wagner and Dodis does not disclose:
based on information obtained by

Wood discloses:
based on information obtained by
(“session tokens are employed to facilitate session continuity and to allow the security architecture to associate prior authentication of login credentials with an incoming access request.” Wood ¶ 45. “login component 120 supplies browser 170 with a login page (e.g., HTML) that prompts the user for an application specific user ID and a choice of authentication schemes. Interactions with browser 170 depend on the set of credential types that, if authenticated, would be sufficient to meet the trust level requirement for access to the requested resource.” Wood ¶ 54. See also Wood ¶¶ 61-62, subsequent requests can trigger additional authentications: “subsequent access requests (e.g., access request 1A) include a previously assigned session token.”)



As to claim 8, Kanza in view of Wagner and Dodis discloses the machine of claim 1 and further discloses:
wherein the processor is further configured to obtain the unique information (“The user ID 108 can be created, in part, from a biometric user ID (ub), generated from biometric input as described above. … The user ID 108 can be created, in part, from a session ID (sid) 600 (best shown in FIG. 6) received from the localized corroborator system 106.” Kanza ¶ 60) … image information related to the user. (“the user device 102 may be a mobile device (e.g., a smart phone). In some embodiments, biometric information for (e.g., an image of) the user 104 may be captured using a camera of the user device 102 and transmitted to a service provider computer 106 for processing…. the user device 102 may obtain the biometric sample from the user and generate a 

Kanza in view of Wagner and Dodis does not disclose:
by using

Wood discloses
	By using
(“session tokens are employed to facilitate session continuity and to allow the security architecture to associate prior authentication of login credentials with an incoming access request.” Wood ¶ 45. “login component 120 supplies browser 170 with a login page (e.g., HTML) that prompts the user for an application specific user ID and a choice of authentication schemes. Interactions with browser 170 depend on the set of credential types that, if authenticated, would be sufficient to meet the trust level requirement for access to the requested resource.” Wood ¶ 54. See also Wood ¶¶ 61-62, subsequent requests can trigger additional authentications: “subsequent access requests (e.g., access request 1A) include a previously assigned session token.”)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with Wood by 

As to claim 18, Kanza in view of Wagner and Dodis discloses the machine of claim 15 but does not disclose:
wherein the processor is further configured to, after transmitting the signal requesting the service necessary for execution of the function, receive, from the authentication server, 
a signal indicating that biometric authentication is required to be performed before the service is provided. 

Wood further discloses:
wherein the processor is further configured to, after transmitting the signal requesting the service necessary for execution of the function, receive, from the authentication server, (“Depending on the information resource to which access is requested, previously obtained and authenticated login credentials may be insufficient 
a signal indicating that biometric authentication is required to be performed before the service is provided. (“session tokens are employed to facilitate session continuity and to allow the security architecture to associate prior authentication of login credentials with an incoming access request.” Wood ¶ 45. “login component 120 supplies browser 170 with a login page (e.g., HTML) that prompts the user for an application specific user ID and a choice of authentication schemes. Interactions with browser 170 depend on the set of credential types that, if authenticated, would be sufficient to meet the trust level requirement for access to the requested resource.” Wood ¶ 54.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with Wood by utilizing the multiple levels of authentication of Wood that each yield a session ID, thereby generating unique information (session ID) based on the biometric authentications of Kanza in view of Wagner (authentication).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner and Dodis with Wood in order to allow low security sessions that may be upgraded by further authentication credentials so as to avoid burdening the user with authentications (Wood ¶ 10) and preventing the . 


Claims 9-10 and 24-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008), Wood et al., US 2004/0210771 (filed 1999-08) and Hochrieser et al., US 2019/0050546 (filed 2017-08).
As to claim 9, Kanza in view of Wagner, Dodis and Wood discloses the machine of claim 8 and further discloses:
receive the unique information corresponding to the user from the verification server. (session tokens indicate the level of authentication of a client “subsequent access requests (e.g., access request 1A) include a previously assigned session token…. Depending on the information resource to which access is requested, previously obtained and authenticated login credentials may be insufficient for the trust level requirement associated with requested access 1A.” Wood ¶¶ 61-62. See also Wood ¶ 54)

Kanza in view of Wagner, Dodis and Wood does not disclose:
wherein the image information related to the user is generated from an image of a physical object photographed using a camera, 

transmit the first biometric information and the image information related to the user to a verification server; and 

Hochrieser discloses:
wherein the image information related to the user is generated from an image of a physical object photographed using a camera, (see Hochrieser Figs. 6B and 13B)
the image information including biometric information of the user (see Hochrieser Figs. 6B and 13B), and wherein the processor is further configured to: 
transmit the first biometric information and the image information related to the user (“The device receives (1318), from an image capturing device 200, captured image data (e.g., an image frame 600, as illustrated in FIG. 6A) that includes a first facial image 602 and an image of a document 300 that includes a second facial image 302. The first facial image 602 and the image of the document 300 that includes the second facial image 302 are included a single image frame 600.” Hochrieser ¶ 78) to a verification server; and (“In accordance with a determination that the first facial image 602 and the second facial image 302 meet the matching criteria, the device transmits (1342) authorization information to the image capturing device 200.” Hochrieser ¶ 100)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner, Dodis and Wood with Hochrieser by utilizing the drivers license facial matching of Hochrieser as an initial 

As to claim 10, Kanza in view of Wagner, Dodis, Wood, and Hochrieser discloses the machine of claim 9 and further discloses:
as part of receiving the unique information, (Wood ¶¶ 61-62, subsequent requests can trigger additional authentications: “subsequent access requests (e.g., access request 1A) include a previously assigned session token.”) the processor is further configured to receive a message indicating that the first biometric information corresponds to the image information related to the user. (“In accordance with a determination that the first facial image 602 and the second facial image 302 meet the matching criteria, the device transmits (1342) authorization information to the image capturing device 200.” Hochrieser ¶ 100. Successful authentication yields the token of Wood.)

As to claim 24, Kanza in view of Wagner, and Dodis discloses the machine of claim 15 but does not disclose:

wherein the image information related to the user is generated from an image of a physical object photographed using a camera, the image information including biometric information of the user, and wherein the processor is further configured to: 
transmit the first biometric information and the image information related to the user to a verification server; and 
receive the unique information corresponding to the user from the verification server.

Wood discloses: 
receive the unique information corresponding to the user from the verification server. (session tokens indicate the level of authentication of a client “subsequent access requests (e.g., access request 1A) include a previously assigned session token…. Depending on the information resource to which access is requested, previously obtained and authenticated login credentials may be insufficient for the trust level requirement associated with requested access 1A.” Wood ¶¶ 61-62. See also Wood ¶ 54)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with Wood by utilizing the multiple levels of authentication of Wood that each yield a session ID, thereby generating unique information (session ID) based on the biometric 

Kanza in view of Wagner, Dodis and Wood does not disclose:
wherein the processor is further configured to obtain the unique information by using image information related to the user, 
wherein the image information related to the user is generated from an image of a physical object photographed using a camera, the image information including biometric information of the user, and wherein the processor is further configured to: 
transmit the first biometric information and the image information related to the user to a verification server; and 

Hochrieser discloses:
wherein the image information related to the user is generated from an image of a physical object photographed using a camera, (see Hochrieser Figs. 6B and 13B)
the image information including biometric information of the user (see Hochrieser Figs. 6B and 13B), and wherein the processor is further configured to: 


A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner, Dodis and Wood with Hochrieser by utilizing the drivers license facial matching of Hochrieser as an initial authentication in the system of Kanza in view of Wagner, Dodis and Wood.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to perform the authentication of Hochrieser as the initial authentication of Kanza in view of Wagner, Dodis and Wood in order to determine that the authenticating user has associated documentation and is known to the system, Hochrieser ¶ 99. Thereby increasing the difficulty of spoofing a user’s identity during authentication.

As to claim 25, Kanza in view of Wagner, Dodis, Wood, and Hochrieser discloses the machine of claim 24 and further discloses:
a previously assigned session token.”) the processor is further configured to receive a message indicating that the first biometric information corresponds to the image information related to the user. (“In accordance with a determination that the first facial image 602 and the second facial image 302 meet the matching criteria, the device transmits (1342) authorization information to the image capturing device 200.” Hochrieser ¶ 100. Successful authentication yields the token of Wood.)


Claims 12-13 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008), and LaFever et al., US 2015/0128285 (filed 2014-10).

As to claim 12, Kanza in view of Wagner and Dodis discloses the machine of claim 1 and but does not disclose:
wherein the processor is further configured to determine the specified concatenation ratio based on a user input for setting a characteristic of biometric authentication.


wherein the processor is further configured to determine the specified concatenation ratio (splitting or masking reduces the amount of data, thereby changing the ‘ratio’: “When collected or stored, sensitive data may be “disassociated” from its subject…. Sensitive data may be split into several pieces, by data type, and transmitted and/or stored separately… Obscuring: data values and data type indicators may also be replaced with DDIDs.” LaFever ¶ 210.  LaFever ¶ 315 noting biometric data.) based on a user input for setting a characteristic of biometric authentication. (“Dynamic Anonymity may also improve upon existing frameworks by using privacy/anonymity level determinations to prevent inappropriate use of data, which is obscured and only analyzed, whether from inside or outside a Circle of Trust, in a manner consistent with each Data Subject's specified privacy/anonymity levels.” ¶ 150. See also ¶ 144)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with LaFever by providing for a user specified anonymity whereby collected data is split or obscured (LaFever ¶ 210).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner and Dodis with LaFever in order to provide privacy and anonymity enhancing techniques that allow users to control the level of disclosure of their personal data.

As to claim 13, Kanza in view of Wagner, Dodis and LaFever discloses the machine of claim 12 and further discloses:

related to biometric authentication. (“Dynamic Anonymity may also improve upon existing frameworks by using privacy/anonymity level determinations to prevent inappropriate use of data, which is obscured and only analyzed, whether from inside or outside a Circle of Trust, in a manner consistent with each Data Subject's specified privacy/anonymity levels.” ¶ 150. See also ¶ 144. biometric LaFever ¶ 315).

Kanza in view of Wagner, Dodis and LaFever does not disclose:
wherein the processor is further configured to determine the specified concatenation ratio based on a category, a content, and/or a pre-set security level of a function

LaFever further discloses:
wherein the processor is further configured to determine the specified concatenation ratio based on a category, a content, and/or a pre-set security level of a function
(“FIG. 1K illustrates exemplary categories for the level of consent/involvement required by the Data Subject for certain calculated Anonymity Measurement Scores, in accordance with one embodiment of the invention. These categorizations are given for illustration purposes only and demonstrate the fact that certain aggregated scores may apply different categories of treatment. For example, … Category C data may be used without requiring consent of the Data Subject. Other schemes may be employed to meet the needs of a particular implementation.” LaFever ¶ 444)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Kanza in view of Wagner, Dodis and LaFever with LaFever by providing for a user specified anonymity whereby collected data is split or obscured (LaFever ¶ 210).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner, Dodis and LaFever with LaFever in order to provide privacy and anonymity enhancing techniques that allow users to control the level of disclosure of their personal data.

As to claim 22, Kanza in view of Wagner and Dodis discloses the machine of claim 21 but does not further disclose:
wherein the processor is further configured to: determine the specified concatenation ratio based on an attribute of a communication network currently connected with the electronic device.

LaFever discloses:
wherein the processor is further configured to: determine the specified concatenation ratio (splitting or masking reduces the amount of data, thereby changing the ‘ratio’: “When collected or stored, sensitive data may be “disassociated” from its subject…. Sensitive data may be split into several pieces, by data type, and transmitted and/or stored separately… Obscuring: data values and data type indicators may also be replaced with DDIDs.” LaFever ¶ 210.  LaFever ¶ 315 noting biometric data.) based on 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with LaFever by providing for a user specified anonymity whereby collected data is split or obscured (LaFever ¶ 210).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner and Dodis with LaFever in order to provide privacy and anonymity enhancing techniques that allow users to control the level of disclosure of their personal data.


Claims 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008), and Jorgensen, US 2010/0313018 (filed 2010-12).
As to claim 14, Kanza in view of Wagner and Dodis discloses the machine of claim 1 and but does not disclose:


Jorgensen discloses: 
wherein the processor is further configured to obtain the unique information by using information related to an IP address of the electronic device.
(“The computer can be authenticated using information provided during registration of the computer for use with the service. The information may include IP-address of the computer, MAC-address, network port to use with the service etc.” Jorgensen ¶ 14).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Kanza in view of Wagner and Dodis with Jorgensen by substituting the MAC address authentication (Kanza ¶ 60) with the IP-address authentication of Jorgensen.  It would have been obvious to a person of ordinary skill to substitute the MAC-address authentication of Kanza with the IP-address authentication of Jorgensen as a simple substitution of one known element for another to obtain predictable results, MPEP 2143.  The IP-address being a known element with a known function in the art and the substitution of MAC-address for IP-address resulting in a predictable result of an IP-address based verification. 

Claims 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanza, US 2018/0316653 (filed 2017-04), in view of Wagner et al., US 2020/0267144 (priority date of 2017-11), Dodis et al., “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (published 2008), Wood et al., US 2004/0210771 (filed 1999-08) and LaFever et al., US 2015/0128285 (filed 2014-10).
As to claim 23, Kanza in view of Wagner and Dodis discloses the machine of claim 15 and further discloses: 
…
based on the received information, concatenate the first biometric information and the unique information at the concatenation ratio “the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60.  The “ratio” being all of the ub, did, and sid) …; and 
generate the second biometric information by performing one-way transform with respect to the concatenated information. (“the verifier 130 shown in FIG. 1, who is given the values ub, did, sid, and h(ub∥did∥sid) can test the validity of ub, did, sid by applying h on the concatenation of these IDs.” Kanza ¶ 60. H is a hash, see Kanza ¶ 48).

Kanza in view of Wagner and Dodis does not disclose: 
receive information regarding a concatenation ratio corresponding to the function from the authentication server; 
corresponding to the function

Wood discloses

corresponding to the function
(“login component 120 supplies browser 170 with a login page (e.g., HTML) that prompts the user for an application specific user ID and a choice of authentication schemes. Interactions with browser 170 depend on the set of credential types that, if authenticated, would be sufficient to meet the trust level requirement for access to the requested resource.” Wood ¶ 54. See also Wood ¶¶ 61-62)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Kanza in view of Wagner and Dodis with Wood by utilizing the multiple levels of authentication of Wood that each yield a session ID, thereby generating unique information (session ID) based on the biometric authentications of Kanza in view of Wagner (authentication) and Dodis.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner and Dodis with Wood in order to allow low security sessions that may be upgraded by further authentication credentials so as to avoid burdening the user with authentications (Wood ¶ 10) and preventing the use of secure credentials for non-sensitive tasks, which makes said secure credentials harder to compromise. 

Kanza in view of Wagner, Dodis and Wood does not disclose:
A concatenation ratio

LaFever discloses:
A concatenation ratio (splitting or masking reduces the amount of data, thereby changing the ‘ratio’: “When collected or stored, sensitive data may be “disassociated” from its subject…. Sensitive data may be split into several pieces, by data type, and transmitted and/or stored separately… Obscuring: data values and data type indicators may also be replaced with DDIDs.” LaFever ¶ 210.  LaFever ¶ 315 noting biometric data.)

A person of ordinary skill in the art before the art before the effective filing date of the claimed invention would have modified Kanza in view of Wagner, Dodis and Wood with LaFever by instructing the client device as to the authentication factors required and the level of anonymity that is acceptable (Wood ¶ 54 and LaFever ¶ 210).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Kanza in view of Wagner, Dodis and Wood with LaFever in order to provide privacy and anonymity enhancing techniques that allow users to control the level of disclosure of their personal data within the authentication requirements provided by Wood. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:

Thatte et al., US 2018/0108020, discloses decrypting secret information using a fuzzy biometric extractor.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/Examiner, Art Unit 2492