DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-10 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
32.	Claims 1-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Guajardo Merchan, et al. [US 20110191837] in view of Walsh, et al. [US 20150318994].
As per claim 1:	Guajardo Merchan, et al. teach a method of user authentication which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more processors, the method comprising: 
acquiring authentication information including biometric information of a user; [Guajardo Merchan: 0009; a method of authenticating a device and a user comprising receiving a user input, generating a first key from the user input, e.g. biometic (0015)]
generating a random string and a helper string from the biometric information [Guajardo Merchan: 0037; fuzzy extractor requires two basic primitives, includes secondly privacy amplification or randomness extraction, which guarantees an output is uniformly distributed random variable. In order to implement those two primitives, helper data W is generated during the enrollment or registration phase. During the key reconstruction or authentication phase, the key is reconstructed based on a noisy measurement Ri and the helper data W. More examples of random and helper string - 0016, 0033, 0040-0042] **using a generate algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
generating a secret value that corresponds to the authentication information; [Guajardo Merchan: 0044] 
generating a private key and a public key using the secret value and the random string; and [Guajardo Merchan: 0041; helper data can be chosen randomly from code words of an error correcting code. The helper data is derived from both an error correcting code and from a string derived from a biometric measurement of the user. The “secret value” is explained where the individual user, user Uj runs GenBio on his/her biometric (such as a fingerprint) and obtains Kuj, where this value is XORED with Wi to produce Wi,uj - 0044. Secret value and key - 0063-0066] 
transmitting the public key to an authentication server. [Guajardo Merchan: 0066; sends public key to service provider. The authentication server can be given the broadest interpretation as service provider or a system that performs authentication per se]
Guajardo Merchan, et al. generating a first random string using the first biometric information and a pre-generated helper string of a user authentication technique based on fuzzy extraction [Guajardo Merchan: 0037, 0040]. Guajardo Merchan discusses a PUF such that when challenge with Ci produces a response Ri, which is written as Ri.rarw.PUF(Ci), a GenPUF algorithm which upon getting a PUF response Ri outputs (Ki,Wi), with (Ki,Wi).rarw.GenPUF(Ri), a RepPUF algorithm which upon getting a PUF response Ri' and helper data Wi outputs the key Ki if Ri and Ri' are sufficiently close, with Ki.rarw.RepPUF(Ri',Wi), a GenBio algorithm which upon getting a biometric measurement BMu from user U outputs (Ku,Wu), with (Ku,Wu).rarw.GenBio(BMu), and a RepBio algorithm which upon getting a biometric measurement BMu from user U and helper data Wu outputs the key Ku if BMu and BMu' are sufficiently close, Ku.rarw.RepBio(BMu',Wu). Clearly, the algorithms GenPUF, GenBio, RepPUF, and RepBio can be implemented on the device but do not have to. They could be implemented on a second device [Guajardo Merchan: 0042]. Thus, Guajardo Merchan suggests various generate algorithms for authentication technique based on fuzzy extraction. However, Spalka did not clearly “using a generate algorithm of a user authentication technique based on fuzzy extraction”.
Walsh discloses a secure sketch SS for input string O, where ECC is a binary (n, k, 2i+1) error correcting code of length n capable of correcting t errors and V←{0, 1}.sup.k is a k-bit value, may be defined as SS(O; V)=O⊕ECC(V). This definition can be used to build a Gen algorithm, which outputs a set custom-characterV,Pcustom-
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Guajardo Merchan to teach “using a generate algorithm of a user authentication technique based on fuzzy extraction”, for reasons to ensure recovering the same value or returning a constant value.
Claim 2:  Guajardo Merchan: 0044, 0068; discuss the method of claim 1, further comprising: deleting the private key and the random string; and storing the secret value and the helper string. 
As per claim 3:	Guajardo Merchan, et al. teach a method of user authentication which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more programs, the method comprising: 
receiving a challenge value from an authentication server; [Guajardo Merchan: 0042]
acquiring first biometric information of a user; [Guajardo Merchan: 0009; a method of authenticating a device and a user comprising receiving a user input, generating a first key from the user input, e.g. biometic (0015)] 
generating a first random string using the first biometric information and a pre-generated helper string [Guajardo Merchan: 0037; fuzzy extractor requires two basic primitives, includes secondly privacy amplification or randomness extraction, which guarantees an output is uniformly distributed random variable. In order to implement those two primitives, helper data W is generated during the enrollment or registration phase. During the key reconstruction or authentication phase, the key is reconstructed based on a noisy measurement Ri and the helper data W. More examples of random and helper string - 0016, 0033, 0040-0042] **using a restore algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
performing authentication of the first biometric information; [Guajardo Merchan: 0044]
when the authentication is successful, generating a private key using the first random string and a pre-generated secret value that corresponds to the first biometric information; [Guajardo Merchan: 0041; helper data can be chosen randomly from code words of an error correcting code. The helper data is derived from both an error correcting code and from a string derived from a biometric measurement of the user. The “pre-generated secret value” is explained where the individual user, user Uj runs GenBio on his/her biometric (such as a fingerprint) and obtains Kuj, where this value is XORED with Wi to produce Wi,uj - 0044. Secret value and key - 0063-0066]
generating a digital signature for the challenge value using the private key; and [Guajardo Merchan: 0048, 0056]
transmitting the digital signature to the authentication server. [Guajardo Merchan: 0066; sends signature to service provider. The authentication server can be given the broadest interpretation (BRI) as service provider or a system that performs authentication per se]
Guajardo Merchan, et al. generating a first random string using the first biometric information and a pre-generated helper string of a user authentication technique based on fuzzy extraction [Guajardo Merchan: 0037, 0040]. Guajardo Merchan discusses a PUF such that when challenge with Ci produces a response Ri, which is written as Ri.rarw.PUF(Ci), a GenPUF algorithm which upon getting a PUF response Ri outputs (Ki,Wi), with (Ki,Wi).rarw.GenPUF(Ri), a RepPUF algorithm which upon getting a PUF response Ri' and helper data Wi outputs the key Ki if Ri and Ri' are sufficiently close, with Ki.rarw.RepPUF(Ri',Wi), a GenBio algorithm which upon getting a biometric measurement BMu from user U outputs (Ku,Wu), with (Ku,Wu).rarw.GenBio(BMu), and a RepBio algorithm which upon getting a biometric measurement BMu from user U and helper data Wu outputs the key Ku if BMu and BMu' are sufficiently close, Ku.rarw.RepBio(BMu',Wu). Clearly, the algorithms GenPUF, GenBio, RepPUF, and RepBio can be implemented on the device but do not have to. They could be implemented on a second device [Guajardo Merchan: 0042]. Thus, Guajardo Merchan suggests various generate algorithms for authentication technique based on fuzzy 
Walsh discloses a Rep algorithm can be defined such that, on input O′ within a maximum Hamming distance t of O, the original value V may be recovered. Rep(O′, P), where D is the decoding scheme for the binary (n, k, 2t+1) error-correcting code ECC and O′ is an input. This definition can then be used to build a Rep algorithm that allows a PUF output. O′ that differs from the original output O by at most t to reproduce output V such that Rep(O′)=V using the helper string. Gen and Rep algorithms such as these may be used in PUF-based protocols to ensure that the same value V is recovered so long as the PUF outputs O, O′ differ by at, most t bits [Walsh: 0016]. As such, the “restore algorithm” can broadly be the Rep algorithm. Walsh also include the example of biometric authentication, where means such as a fuzzy extractor may preferably be employed to ensure that the biometric reliably returns a constant value. For example, a constant value custom-character.sub.i for the metadata may be chosen and linked to an associated public helper data value custom-character [Walsh: 0060]. Thus, Walsh obviously suggests user authentication technique based on fuzzy extraction. Motivation for “using a restore algorithm of a user authentication technique based on fuzzy extraction”, is to ensure that the same value is recovered and reliably returns a constant value.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Guajardo Merchan to teach “using a restore algorithm of a user authentication technique based on fuzzy 
Claim 4:  Guajardo Merchan: 0044, 0063-0066; discuss the method of claim 3, wherein the authentication server stores a public key of the user, which is previously generated using the secret value and a second random string generated from second biometric information of the user that is used when the helper string is generated. 
Claim 5:  Guajardo Merchan: 0047-0048; discuss the method of claim 4, further comprising receiving, from the authentication server, an authentication result based on a result of verifying the digital signature using the public key.
As per claim 6:	Guajardo Merchan, et al. teach an apparatus for user authentication, the apparatus comprising: 
one or more processors; and [Guajardo Merchan: 0033]
a memory storing one or more programs to be executed by the one or more processors [Guajardo Merchan: 0044], wherein the one or more programs comprise: 
a command for acquiring authentication information including biometric information of a user; [Guajardo Merchan: 0009; a method of authenticating a device and a user comprising receiving a user input, generating a first key from the user input, e.g. biometic (0015)] 
a command for generating a random string and a helper string from the biometric information [Guajardo Merchan: 0037; fuzzy extractor requires two basic primitives, includes secondly privacy amplification or randomness extraction, which guarantees an output is uniformly distributed random variable. In order to implement those two primitives, helper data W is generated during the enrollment or registration phase. During the key reconstruction or authentication phase, the key is reconstructed based on a noisy measurement Ri and the helper data W. More examples of random and helper string - 0016, 0033, 0040-0042] **using a generate algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
a command for generating a secret value that corresponds to the authentication information; [Guajardo Merchan: 0044] 
a command for generating a private key and a public key using the secret value and the random string; and [Guajardo Merchan: 0041; helper data can be chosen randomly from code words of an error correcting code. The helper data is derived from both an error correcting code and from a string derived from a biometric measurement of the user. The “secret value” is explained where the individual user, user Uj runs GenBio on his/her biometric (such as a fingerprint) and obtains Kuj, where this value is XORED with Wi to produce Wi,uj - 0044. Secret value and key - 0063-0066]
a command for transmitting the public key to an authentication server. [Guajardo Merchan: 0066; sends public key to service provider. The authentication server can be given the broadest interpretation (BRI) as service provider or a system that performs authentication per se]
Guajardo Merchan, et al. generating a first random string using the first biometric information and a pre-generated helper string of a user authentication technique based on fuzzy extraction [Guajardo Merchan: 0037, 0040]. Guajardo Merchan discusses a PUF such that when challenge with Ci produces a response Ri, which is written as Ri.rarw.PUF(Ci), a GenPUF algorithm which upon getting a PUF response Ri outputs (Ki,Wi), with (Ki,Wi).rarw.GenPUF(Ri), a RepPUF algorithm which upon getting a PUF response Ri' and helper data Wi outputs the key Ki if Ri and Ri' are sufficiently close, with Ki.rarw.RepPUF(Ri',Wi), a GenBio algorithm which upon getting a biometric 
Walsh discloses a secure sketch SS for input string O, where ECC is a binary (n, k, 2i+1) error correcting code of length n capable of correcting t errors and V←{0, 1}.sup.k is a k-bit value, may be defined as SS(O; V)=O⊕ECC(V). This definition can be used to build a Gen algorithm, which outputs a set custom-characterV,Pcustom-character, where V is the value to be reconstructed and P is a helper string that is used to recover V [Walsh: 0015].  As such, the “generate algorithm” refers as Gen algorithm. Gen and Rep algorithms such as these may be used in PUF-based protocols to ensure that the same value V is recovered so long as the PUF outputs O, O′ differ by at, most t bits [Walsh: 0016]. Walsh also include the example of biometric authentication, where means such as a fuzzy extractor may preferably be employed to ensure that the biometric reliably returns a constant value. For example, a constant value custom-character.sub.i for the metadata may be chosen and linked to an associated public helper data value custom-character [Walsh: 0016]. Thus, Walsh obviously suggests user authentication technique based on fuzzy extraction. Motivation for “using a 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Guajardo Merchan to teach “using a generate algorithm of a user authentication technique based on fuzzy extraction”, for reasons to ensure recovering the same value or returning a constant value.
Claim 7:  Guajardo Merchan: 0044, 0068; discuss the apparatus of claim 6, wherein the one or more programs further comprise: a command for deleting the private key and the random string; and a command for storing the secret value and the helper string.
As per claim 8:	Guajardo Merchan, et al. teach an apparatus for user authentication, the apparatus comprising: 
one or more processors; and [Guajardo Merchan: 0033]
a memory storing one or more programs to be executed by the one or more processors [Guajardo Merchan: 0044], wherein the one or more programs comprise: 
a command for receiving a challenge value from an authentication server; [Guajardo Merchan: 0042]
a command for acquiring first biometric information of a user; [Guajardo Merchan: 0009; a method of authenticating a device and a user comprising receiving a user input, generating a first key from the user input, e.g. biometic (0015)] 
a command for generating a first random string using the first biometric information and a pre-generated helper string [Guajardo Merchan: 0037; fuzzy extractor requires two basic primitives, includes secondly privacy amplification or randomness extraction, which guarantees an output is uniformly distributed random variable. In order to implement those two primitives, helper data W is generated during the enrollment or registration phase. During the key reconstruction or authentication phase, the key is reconstructed based on a noisy measurement Ri and the helper data W. More examples of random and helper string - 0016, 0033, 0040-0042] **using a restore algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
a command for performing authentication of the first biometric information; [Guajardo Merchan: 0044] 
a command for, when the authentication is successful, generating a private key using the first random string and a pre-generated secret value that corresponds to the first biometric information; [Guajardo Merchan: 0041; helper data can be chosen randomly from code words of an error correcting code. The helper data is derived from both an error correcting code and from a string derived from a biometric measurement of the user. The “pre-generated secret value” is explained where the individual user, user Uj runs GenBio on his/her biometric (such as a fingerprint) and obtains Kuj, where this value is XORED with Wi to produce Wi,uj - 0044. Secret value and key - 0063-0066]
a command for generating a digital signature for the challenge value using the private key; and [Guajardo Merchan: 0048, 0056]
a command for transmitting the digital signature to the authentication server. [Guajardo Merchan: 0066; sends signature to service provider. The authentication server can be given the broadest interpretation (BRI) as service provider or a system that performs authentication per se]

Walsh discloses a Rep algorithm can be defined such that, on input O′ within a maximum Hamming distance t of O, the original value V may be recovered. Rep(O′, P), where D is the decoding scheme for the binary (n, k, 2t+1) error-correcting code ECC and O′ is an input. This definition can then be used to build a Rep algorithm that allows a PUF output. O′ that differs from the original output O by at most t to reproduce output V such that Rep(O′)=V using the helper string. Gen and Rep algorithms such as these 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Guajardo Merchan to teach “using a restore algorithm of a user authentication technique based on fuzzy extraction”, for reason to ensure the same value is recovered and reliably returns a constant value.
Claim 10:  Guajardo Merchan: 0047-0048; discuss the apparatus of claim 9, wherein the one or more programs further include a command for receiving, from the authentication server, an authentication result based on a result of verifying the digital signature using the public key.

Response to Arguments
3.	Applicant’s arguments with respect to claim(s) 1-10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435