Remarks
Claims 1-15 are pending.  
Claims 6-14 are withdrawn from consideration.  
Claims 1-5 and 15 are rejected below.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The claims include subject matter that is outside the scope of the claims.  For example, claim 1 is directed to a method of controlling a personal information authentication server, but then defines subject matter outside the scope of this method, such as functionality performed by clients and biometric information authentication servers.  All subject matter that is not part of the method of controlling a personal information authentication system has no patentable weight.  

Election/Restrictions
Claims 6-14 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected species, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 12/23/2021.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3 and 5 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 3 recites the limitation "the certificates held by the target client or the personal information authentication server".  There is insufficient antecedent basis for this limitation in the claim.
Claim 5 recites the limitation "the certificates held by the biometric information authentication server or the personal information authentication server".  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 15 is directed 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kim (U.S. Patent Application Publication 2020/0387907) in view of Boneh (U.S. Patent Application Publication 2004/0015725).
Regarding Claim 1,
Kim discloses a method of controlling a personal information authentication server in an authentication system, wherein the authentication system includes a biometric information authentication server that stores biometric information for registration acquired from each 
Connecting with the target client before performing a biometric information authentication procedure (Exemplary Citations: for example, Abstract, Paragraphs 33-43, 50-55, 63-79, and associated figures; connecting with client/device, for example\);
Acquiring the biometric information for authentication from the target client after the mutual reliability with the target client is confirmed (Exemplary Citations: for example, Abstract, Paragraphs 33-43, 50-55, 63-79, and associated figures; reading biometric, converting to digital, etc., as examples);
Connecting with the biometric information authentication server (Exemplary Citations: for example, Abstract, Paragraphs 33-43, 50-55, 63-79, and associated figures; connecting to authentication server, for example);
Providing the biometric information for authentication to the biometric information authentication server such that the biometric information authentication procedure is performed on the biometric 
Acquiring a personal information protection key from the biometric authentication server for releasing protection of personal information corresponding to the target client among the pieces of stored personal information when the authentication is completed in the biometric information authentication procedure (Exemplary Citations: for example, Abstract, Paragraphs 33-43, 50-55, 63-79, and associated figures; getting biometric authentication session key, for example); and
Decrypting the personal information using the personal information protection key or authenticating a right to use such that the personal information is confirmed by a server or a device in which the mutual reliability with the personal information authentication server is confirmed (Exemplary Citations: for example, Abstract, Paragraphs 33-43, 50-55, 63-79, and associated figures; accessing data, account information, payment information, getting token, performing a payment transaction, or the like, based on the key, for example);
But does not explicitly disclose that connecting comprises confirming mutual reliability.  
Boneh, however, discloses that connecting comprises confirming mutual reliability (Exemplary Citations: for example, Abstract, Paragraphs 
Confirming mutual reliability with the target client (Exemplary Citations: for example, Abstract, Paragraphs 29, 31-33, 35-44, 47-57, and associated figures); and
Confirming mutual reliability with the biometric information authentication server (Exemplary Citations: for example, Abstract, Paragraphs 29, 31-33, 35-44, 47-57, and associated figures).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the secure session techniques of Boneh into the authentication and payment system of Kim in order to allow communications to be secure, to use a well-known and widely-used session security technique, to ensure authentication of all communicating entities, and/or to increase security in the system.  
Regarding Claim 15,
Claim 15 is a medium claim that corresponds to method claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Kim as modified by Boneh discloses the method of claim 1, in addition, Kim as modified by Boneh discloses that confirming mutual reliability with the target client before performing the biometric information 
Regarding Claim 3,
Kim as modified by Boneh discloses the method of claim 2, in addition, Boneh discloses when reliability of the target client or the personal information authentication server is not confirmed, at least one of the certificates held by the target client or the personal information authentication server is updated (Exemplary Citations: for example, Abstract, Paragraphs 29, 31-33, 35-45, 47-57, and associated figures; issuing/generating proxy-server and proxy-client certificates, for example).  
Regarding Claim 4,
Kim as modified by Boneh discloses the method of claim 1, in addition, Kim as modified by Boneh discloses that confirming mutual reliability with the biometric information authentication server is performed before the biometric information authentication procedure is performed, and is performed by exchanging of certificates with the biometric information authentication server (Kim: Exemplary Citations: for example, Abstract, Paragraphs 33-43, 50-55, 63-79, and associated figures; and Boneh: Exemplary Citations: for example, Abstract, Paragraphs 29, 31-33, 
Regarding Claim 5,
Kim as modified by Boneh discloses the method of claim 3, in addition, Boneh discloses when reliability of the biometric information authentication server or the personal information authentication server is not confirmed, at least one of the certificates held by the biometric information authentication server or the personal information authentication server is updated (Exemplary Citations: for example, Abstract, Paragraphs 29, 31-33, 35-45, 47-57, and associated figures; issuing/generating proxy-server and proxy-client certificates, for example).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432