DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Amendment
This action is in response to the communications and remarks filed on 2/1/2022. Claims 1-27 are presently pending for examination.

Response to Arguments
Applicant's arguments, see pages 8-9, filed 2/1/2022, regarding the double patenting rejections of Claims 1-23 have been fully considered and are persuasive. The rejection has been withdrawn in view of the Terminal Disclaimer filed on 11/5/2021.  However, a new ground of rejection has been made based on the references included in the IDS and the arguments presented in the Petition for Inter Parties Review documents.  

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject 

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-4, 8-9, 11-15, 19-20, and 22-27 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Johansson (US 8776214 B1) hereinafter referred to as Johansson in view of Owen et al., (US 7780080 B2) hereinafter referred to as Owen.
Regarding Claims 1, 12, and 23, Johansson discloses A device, comprising: a processor configured to: based at least in part on a request from a user to access an external resource, facilitate, using an interface, access of at least one record stored at least in part in a storage; [Column 2, lines 28-44, The client 103 may be configured to execute various applications such as a browser 121, an authentication manager 124, and/or other applications. The browser 121 may be executed in a client 103, for example, to access and render network pages, such as web pages, or other network content served up by the server 106 and/or other servers. The authentication manager 124 may be executed to manage usernames, passwords, private and public keys, certificates, and/or other security credentials. In some embodiments, the authentication manager 124 runs as a plug-in application to the browser 121. In other embodiments, the authentication manager 124 may be a standalone application that interfaces with the browser 121 and/or other applications  
wherein the at least one record is associated at least with the external resource, and wherein the at least one record comprises: a biometric template; and a credential comprising a cryptographic key; [Column 4, lines 59-67 & Column 5 lines 1-5, The portable data store 118 may be configured to store account data 163. The account data 163 may include, for example, security credentials used to access various network sites 140 or network pages 145, information regarding authentication endpoints 139, and/or other information. In various embodiments, the account data 163 may be a mirror of the account data 130. In other embodiments, the account data 163 may take the place of account data 130. The account data 163 may be stored in an encrypted format. To this end, the portable data store 118 may include a device (e.g., a fingerprint scanner or other biometric recognition device, a pin pad, etc.) used to authenticate a user in order to provide access to the data on the portable data store 118, such as account data 163] [Column 5, lines 17-34, For example, the user may provide to the authentication manager 124 existing security credentials such as, for example, usernames, passwords, security keys, certificates, and/or other security credentials along with identifying information for the network sites 140 and/or uniform resource locators (URLs) associated with the security credentials. The user may also configure a security credential such as, for example, a username, password, biometric identification, etc. for the authentication manager 124 so that the security credentials may be encrypted or otherwise protected from use or view on client 103 without the authorization of the user. The account information may be stored by the authentication manager 124 in account data 130 on the client 103 and/or at some other location. For example, the authentication manager 124 may back up the account information to account data 160 located on the remote data server 106, account data 163 located on in the portable data store 118, and/or another location]
in response to determining a match between a biometric input and the biometric template, retrieve, from the at least one record, the credential, wherein the biometric input corresponds to at least one of a fingerprint, a feature usable for facial recognition, a voiceprint, a feature usable for a retina scan, or a typing feature, and wherein the biometric input is received subsequent to presenting of a prompt; [Column 2, lines 28-36, The client 103 may be configured to execute various applications such as a browser 121, an authentication manager 124, and/or other applications. The browser 121 may be executed in a client 103, for example, to access and render network pages, such as web pages, or other network content served up by the server 106 and/or other servers. The authentication manager 124 may be executed to manage usernames, passwords, private and public keys, certificates, and/or other security credentials] [Figure 2, teaches a prompt for entering user authentication] [Column 5, lines 1-5, the portable data store 118 may include a device (e.g., a fingerprint scanner or other biometric recognition device, a pin pad, etc.) used to authenticate a user in order to provide access to the data on the portable data store 118, such as account data 163] [Column 8, lines 21-35, When a stored account exists for a network site 140, the authentication manager 124 determines whether to provide the security credentials to the network site 140. As a preliminary matter, the authentication manager 124 may require that the user be authenticated to the authentication manager 124 by way of a master security credential such as a password, presence of the portable data store 118 at the client 103, biometric identification, native operating system identification, or some other authentication. Responsive to authentication, the authentication manager 124 may decrypt the stored account data 130, 160, 163. In some embodiments, the authentication manager 124 may be given access to the stored account data 130, 160, 163 responsive to providing a master security credential. The authentication manager 124 then verifies the identity of the network site 140] [Column 9, line 63 – Column 10 line 4, Once a user selects the authentication button 218, the authentication manager 124 may fill in the username field 206 and the password field 209. The authentication manager 124 may also automatically submit the logon request by programmatically pressing the submit button 212. In some embodiments, the username field 206 and password field 209 may be prefilled automatically with the security credential upon verification of the identity of the network site 140] [Column 12, lines 50-53, The authentication manager 124 may send the account parameters to the network site 140 or wait for user input for approval. The control flow of the authentication manager 124 then stops]
establish a connection with the external resource; [Column 2, lines 28-44, The client 103 may be configured to execute various applications such as a browser 121, an authentication manager 124, and/or other applications. The browser 121 may be executed in a client 103, for example, to access and render network pages, such as web pages, or other network content served up by the server 106 and/or other servers. The authentication manager 124 may be executed to manage usernames, passwords, private and public keys, certificates, and/or other security credentials. In some embodiments, the authentication manager 124 runs as a plug-in application to the browser 121. In other embodiments, the authentication manager 124 may be a standalone application that interfaces with the browser 121 and/or other applications requiring management of authentication. The client 103 may be configured to execute applications beyond browser 121 and authentication manager 124 such as, for example, e-mail applications, instant message applications, and other applications] 
facilitate a login of the user to the external resource at least in part by transmitting, via the established connection, output based at least in part on the credential retrieved from the at least one record, and wherein the user is logged in to the external resource based at least in part on the output; [Column 12, lines 35-45, Next, in box 521, the authentication manager 124 determines whether an authentication endpoint 139 (FIG. 1) has been defined for the network page 145 or network site 140. This may involve examining, if they exist, configuration files 148, 157 (FIG. 1). If an authentication endpoint 139 has not been defined, the authentication manager 124 moves to box 524 and provides the account parameters, including security credentials, by form filling. The authentication manager 124 may send the account parameters to the network site 140 or may merely allow the user to submit the form. The control flow of the authentication manager 124 then stops] [Column 8, lines 21-35, When a stored account exists for a network site 140, the authentication manager 124 determines whether to provide the security credentials to the network site 140. As a preliminary matter, the authentication manager 124 may require that the user be authenticated to the authentication manager 124 by way of a master security credential such as a password, presence of the portable data store 118 at the client 103, biometric identification, native operating system identification, or some other authentication. Responsive to authentication, the authentication manager 124 may decrypt the stored account data 130, 160, 163. In some embodiments, the authentication manager 124 may be given access to the stored account data 130, 160, 163 responsive to providing a master security credential. The authentication manager 124 then verifies the identity of the network site 140] [Column 9, line 63 – Column 10 line 4, Once a user selects the authentication button 218, the authentication manager 124 may fill in the username field 206 and the password field 209. The authentication manager 124 may also automatically submit the logon request by programmatically pressing the submit button 212. In some embodiments, the username field 206 and password field 209 may be prefilled automatically with the security credential upon verification of the identity of the network site 140]
Johansson does not explicitly teach and facilitate wiping of at least a portion of the at least one record; and a memory coupled to the processor and configured to provide the processor with instructions.
Owen teaches and facilitate wiping of at least a portion of the at least one record; and a memory coupled to the processor and configured to provide the processor with instructions. [Column 27, lines 35-37, Once a user is granted access to the remote computer 55, he may also be permitted to access and modify electronic files stored by the remote computer 55] [Column 27, lines 56-66, In the case where the remote computer 55 is, for example, a corporate file server, the company can be given the ability to change permission settings that control which files on the corporate file server are accessible by the user. If at any time the company removes access privileges to a file from a user after he has stored the file on his portable device 10, then, in certain embodiments, the secure internet portal 70 can be configured to send a command to the user's portable device 10 to delete the file from the user's device 10 once the device 10 is again used to establish a connection with the secure internet portal 70] [Column 30, lines 21-39, In some embodiments, additional security procedures are implemented to protect the secrecy of the user's data on his old portable, biometrically-secured device 10. For example, in certain embodiments, each time the portable device 10 is communicatively coupled with a host computer 50, the unique identification code of the device 10 is transmitted to the secure internet portal 70. After being added to the banned list, the next time that the old device 10 is coupled to a host computer 50, the secure internet portal 70 can issue a "scorched earth" command to the old portable device 10, causing the processor 32 to erase the device's memory modules and/or otherwise disable the old device 10. Thus, despite the fact that the private information stored on the user's old device 10 is protected from being accessed by unauthorized individuals with the biometric authentication procedures and tamper-resistant features described herein, the scored earth command can add an additional degree of security in the case of loss or theft]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Owen with the disclosure of Johansson. The motivation or suggestion would have been to enhance the safety and security of the device.
Regarding Claims 2 and 13, Johansson discloses wherein the secure storage is connected to a sensor. [Column 4, line 59 – Column 5, line 8, The portable data store 118 may be configured to store account data 163. The account data 163 may include, for example, security credentials used to access various network sites 140 or network pages 145, information regarding authentication endpoints 139, and/or other information. In various embodiments, the account data 163 may be a mirror of the account data 130. In other embodiments, the account data 163 may take the place of account data 130. The account data 163 may be stored in an encrypted format. To this end, the portable data store 118 may include a device (e.g., a fingerprint scanner or other biometric recognition device, a pin pad, etc.) used to authenticate a user in order to provide access to the data on the portable data store 118, such as account data 163; or it may include hardware and/or software to permit a user to enter a password and/or decryption key in order to provide access to the data on the portable data store 118]
Regarding Claims 3 and 14, Johansson discloses wherein the sensor comprises at least one of a camera and a fingerprint reader. [Column 4, line 59 – Column 5, line 8, The portable data store 118 may be configured to store account data 163. The account data 163 may include, for example, security credentials used to access various network sites 140 or network pages 145, information regarding authentication endpoints 139, and/or other information. In various embodiments, the account data 163 may be a mirror of the account data 130. In other embodiments, the account data 163 may take the place of account data 130. The account data 163 may be stored in an encrypted format. To this end, the portable data store 118 may include a device (e.g., a fingerprint scanner or other biometric recognition device, a pin pad, etc.) used to authenticate a user in order to provide access to the data on the portable data store 118, such as account data 163; or it may include hardware and/or software to permit a user to enter a password and/or decryption key in order to provide access to the data on the portable data store 118]
Regarding Claims 4 and 15, Johansson discloses wherein at least some of the at least one record is stored in plaintext in the secure storage. [Column 8, lines 21-35, When a stored account exists for a network site 140, the authentication manager 124 determines whether to provide the security credentials to the network site 140. As a preliminary matter, the authentication manager 124 may require that the user be authenticated to the authentication manager 124 by way of a master security credential such as a password, presence of the portable data store 118 at the client 103, biometric identification, native operating system identification, or some other authentication. Responsive to authentication, the authentication manager 124 may decrypt the stored account data 130, 160, 163. In some embodiments, the authentication manager 124 may be given access to the stored account data 130, 160, 163 responsive to providing a master security credential. The authentication manager 124 then verifies the identity of the network site 140] [Column 10, lines 4-6, The security credentials may be shown as place holding characters or as plain text.]
Regarding Claims 8 and 19, Johansson does not explicitly teach wherein facilitating wiping of the at least portion of the at least one record comprises facilitating remote wiping of the at least portion of the at least one record.
Owen teaches wherein facilitating wiping of the at least portion of the at least one record comprises facilitating remote wiping of the at least portion of the at least one record. [Column 27, lines 56-66, In the case where the remote computer 55 is, for example, a corporate file server, the company can be given the ability to change permission settings that control which files on the corporate file server are accessible by the user. If at any time the company removes access privileges to a file from a user after he has stored the file on his portable device 10, then, in certain embodiments, the secure internet portal 70 can be configured to send a command to the user's portable device 10 to delete the file from the user's device 10 once the device 10 is again used to establish a connection with the secure internet portal 70] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Owen with the disclosure of Johansson. The motivation or suggestion would have been to enhance the safety and security of the device.
Regarding Claims 9 and 20, Johansson does not explicitly teach wherein the at least portion of the at least one record is automatically wiped based at least in part on a policy.
Owen teaches wherein the at least portion of the at least one record is automatically wiped based at least in part on a policy. [Column 27, lines 56-66, In the case where the remote computer 55 is, for example, a corporate file server, the company can be given the ability to change permission settings that control which files on the corporate file server are accessible by the user. If at any time the company removes access privileges to a file from a user after he has stored the file on his portable device 10, then, in certain embodiments, the secure internet portal 70 can be configured to send a command to the user's portable device 10 to delete the file from the user's device 10 once the device 10 is again used to establish a connection with the secure internet portal 70] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Owen with the disclosure of Johansson. The motivation or suggestion would have been to enhance the safety and security of the device.
Regarding Claims 11 and 22, Johansson discloses wherein the at least portion of the at least one record is backed up to a remote entity. [Column 8, lines 3-20, Account information stored in any of account data 130, 160, 163 may be manually or automatically copied by the authentication manager 124 to any other account data 130, 160, 163 so that the account information may be mirrored across any two or more of account data 130, 160, 163. For purposes of backup, the authentication manager 124 may be capable of rendering a list of the stored account information in account data 130, 160, 163 for viewing or printing. To facilitate viewing or printing, the authentication manager 124 may be configured to generate human readable or printable security credentials using an appropriate character set. Alternatively, the authentication manager 124 may encode security credentials in a printable form using an encoding approach such as, for example, UUencoding, BinHex, Multipurpose Internet Mail Extensions (MIME) encodings, Base64, and other encoding approaches]
Regarding Claims 24 and 26, Johansson discloses wherein the interface comprises a restricted interface. [Column 4, lines 59-67 & Column 5 lines 1-5, The portable data store 118 may be configured to store account data 163. The account data 163 may include, for example, security credentials used to access various network sites 140 or network pages 145, information regarding authentication endpoints 139, and/or other information. In various embodiments, the account data 163 may be a mirror of the account data 130. In other embodiments, the account data 163 may take the place of account data 130. The account data 163 may be stored in an encrypted format. To this end, the portable data store 118 may include a device (e.g., a fingerprint scanner or other biometric recognition device, a pin pad, etc.) used to authenticate a user in order to provide access to the data on the portable data store 118, such as account data 163]
Regarding Claims 25 and 27, Johansson discloses wherein the storage comprises a secure storage. [Column 4, lines 59-67 & Column 5 lines 1-5, The portable data store 118 may be configured to store account data 163. The account data 163 may include, for example, security credentials used to access various network sites 140 or network pages 145, information regarding authentication endpoints 139, and/or other information. In various embodiments, the account data 163 may be a mirror of the account data 130. In other embodiments, the account data 163 may take the place of account data 130. The account data 163 may be stored in an encrypted format. To this end, the portable data store 118 may include a device (e.g., a fingerprint scanner or other biometric recognition device, a pin pad, etc.) used to authenticate a user in order to provide access to the data on the portable data store 118, such as account data 163]

Claims 5-7 and 16-18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Johansson in view of Owen, as applied to Claims 1 and 12, respectively, above, and further in view of Shi (US 20090191846 A1) hereinafter referred to as Shi.
Regarding Claims 5 and 16, the combination of Johansson and Owen does not explicitly teach wherein the prompt comprises a prompt to provide biometric information, and wherein the prompt is visually presented.
Shi teaches wherein the prompt comprises a prompt to provide biometric information, and wherein the prompt is visually presented. [paragraph 0046, the access controller application 304 sends a request via the hardware/software architecture 300 and hardware/software architecture 200 to prompt the user to swipe a finger across biometric sensor 110, step 403. The prompt may be a visual prompt through the mobile device 130 display and/or an audio prompt via the mobile device's speaker. An image of the fingerprint is obtained and digitized via the biometric sensor 110 and the data forming the fingerprint template is received by the access controller application 304, step 404] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Shi with the disclosure of Johansson. The motivation or suggestion would have been “for securing mobile devices and the data stored on a smart card for use in mobile devices.” (paragraph 0001)
Regarding Claims 6 and 17, the combination of Johansson and Owen does not explicitly teach wherein the prompt comprises a prompt to provide biometric information, and wherein the prompt is aurally presented.
Shi teaches wherein the prompt comprises a prompt to provide biometric information, and wherein the prompt is aurally presented. [paragraph 0046, the access controller application 304 sends a request via the hardware/software architecture 300 and hardware/software architecture 200 to prompt the user to swipe a finger across biometric sensor 110, step 403. The prompt may be a visual prompt through the mobile device 130 display and/or an audio prompt via the mobile device's speaker. An image of the fingerprint is obtained and digitized via the biometric sensor 110 and the data forming the fingerprint template is received by the access controller application 304, step 404] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Shi with the disclosure of Johansson. The motivation or suggestion would have been “for securing mobile devices and the data stored on a smart card for use in mobile devices.” (paragraph 0001)
Regarding Claims 7 and 18, the combination of Johansson and Owen does not explicitly teach wherein the prompt is presented in response to a user failing to provide acceptable biometric information within a timeout period.
Shi teaches wherein the prompt is presented in response to a user failing to provide acceptable biometric information within a timeout period. [paragraph 0059, If the access timer equals zero time left (i.e., test 520="NO") or the access flag is set to FALSE, the access controller application attempts to authenticate the user by executing steps 502 through 507 (including additional attempts) as described above with reference to FIG. 5]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Shi with the disclosure of Johansson. The motivation or suggestion would have been “for securing mobile devices and the data stored on a smart card for use in mobile devices.” (paragraph 0001)

Allowable Subject Matter
Claims 10 and 21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
The following is an examiner’s statement of reasons for allowance:
Regarding Claims 10 and 21, none of the closest prior art of record explicitly teach nor suggest in detail, wherein the biometric template is wiped in response to determining that the biometric template has not been matched within a duration of time in view of other limitations of the intervening claims.
Thus the prior arts of record taking singly or in combination do not teach or suggest the above-stated limitations taking wholly in combination with all the elements of each independent claim.

Conclusion
Applicant's submission of an information disclosure statement under 37 CFR 1.97(c) with the fee set forth in 37 CFR 1.17(p) on 12/23/2021 prompted the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 609.04(b).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include  1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP;  2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ANDREW J STEINLE/Primary Examiner, Art Unit 2497