Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed action
Claims 1-9, 19-20 and 22-30 are pending and are being considered.
Claims 1 and 19-20 have been amended.

Response to 102/103 
Applicants argument filled on 12/21/2022 have been fully considered and are persuasive but are moot in view of new grounds of rejection. The argument do not apply to the current art being used. 

Claim Objections
Claims 1, 19 and 20 objected to because of the following informalities:
Claims 1, 19 and 20 recites “wherein one file of the second file and the third file is stored in a higher security application environment of the first application environments if the one file is a smaller file of the second file and the third file” it’s not clear that based on what criteria a file is considered “a smaller file” because one may consider a file size of 10 kb as a small file relative to a file size of 100 kb and for other 10 kb file size may be large relative to file size of 10 byte. Therefore the examiner suggest to clarify how small a file can be to be considered as a smaller file and stored in higher security environment. Appropriate correction is required.

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7, 9, 19, 20, 22-26 and 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over by Zuo (WO 2018/165811) in view of Chow et al (hereinafter Chow) (US 20160283731).
Regarding claim 1 Zuo teaches a method for data storage in a terminal that is implemented by the terminal, wherein the method comprises: (Zuo on [page 3 para 3-4] teaches the biometric template storage and verification method, the biometric identification device, and terminal);
generating a second file and a third file based on a first file, wherein the second file is based on first content in the first file, wherein the third file is based on second content in the first file, and wherein the first content is different than the second content (Zuo on [page 6 last para] teaches a biometric encryption template (i.e. first file) split into at M groups wherein M=2 using simple splitting algorithm or splitting first 10 kb (i.e. first content of first file) of the biometric template into a set of biometric data (i.e. second file) and split the remaining (i.e. second content of first file) biometric template as another set of template (i.e. third file). Further teaches after splitting the amount of data into each M group can be different from each other (i.e. first content different from second content). See also on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file));
 and storing the second file and the third file in different storage spaces of different application environments of first application environments of the terminal (Zuo [page 7 para 1-4] teaches the M group biometric encryption data is stored in the N storage are and at least on set of bio-metric encryption stored in each of the storage area. Further teaches M=2 (i.e. indicating two groups of data after splitting biometric encryption template) and M=N, where N is number of storage area and one set of biometric data is stored in each of the N storage area (i.e. in instant cased the biometric encryption data is divided into two subset each will be stored in each storage are of N storage). See on [page 7 last two para] teaches in a specific application, at least one of the N storage areas is a storage area of a chip-level security environment such as an SE (Secure Element). Since the chip-level security environment is a hardware-level security environment. One or more sets of biometric encryption template data in the M group biometric encryption template data may be stored in a storage area of the chip level security environment, and the remaining one is Group or groups of biometric encryption template data with large data volume are stored in software-level or semi-software-level security environments (i.e. different application environment) with large total storage capacity such as TEE (Trusted Execution Environment), TrustZone (trust zone), SGX (Software Guard Extensions), software protection extension instructions) or Rich OS (rich operating system). See on [page 11 step s506] teaches storing one set of biometric encryption template data in storage area of the SE security environment and another set of biometric encryption template data area of TEE);
wherein the first application environments comprise a rich execution environment (REE) and either or both of a trusted execution environment (TEE) and a secure element (SE) (Zuo on [page 7 last two para] teaches chip level security environment such as secure element SE, and software-level or semi-software-level security environments with large total storage capacity such as TEE (Trusted Execution Environment), TrustZone (trust zone), SGX (Software Guard Extensions), software protection extension instructions) or Rich OS (rich operating system) (i.e. Rich Execution Environment REE)).
wherein a security of the SE is higher than a security of the TEE and wherein the security of the TEE is higher than a security of the REE (Zuo on [page 7 last two para] teaches chip-level security environment such as an SE (Secure Element). Since the chip-level security environment is a hardware-level security environment, the possibility of successful attack is extremely low, and its data security protection, etc. The level is higher than the software-level and semi-software-level security environment (i.e. SE security is higher than TEE). Furthermore its well know that Trusted execution environment TEE is more secure than Rich OS environment (REE)).
	Although Zou teaches storing files in a secure element when file size is less than 10 KB (Zou on [page 12 para 1-2]), but fails to explicitly teach and wherein one file of the second file and the third file is stored in a higher security application environment of the first application environments if the one file is a smaller file of the second file and the third file, however Chow from analogous art teaches wherein one file of the second file and the third file is stored in a higher security application environment of the first application environments if the one file is a smaller file of the second file and the third file (Chow on [0163] teaches generate, using a trusted execution environment, a protected data enclave to store the data when the size of the database is less than a threshold size. See on [0054] teaches determines a size (e.g., in bytes) of the database 120 from which the data (e.g., records) may be requested. When the private information retrieval manager 246 determines that the size of the database 120 is equal to or less than a threshold size (e.g., equal to or less than a maximum amount of data that is protectable by one trusted processing unit. See on [0072] teaches if the size of the data 201 is not more than the threshold size storing the data in protected enclave).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chow into the teaching of Zuo by storing data in the SE when size is less than a threshold. One would be motivated to do so in order to securely store and retrieve data from protected environment (Chow on [0002]).

Regarding claim 19 Zuo teaches A terminal, comprising (Zou [page 3 1st para] teaches a terminal device);
(Zuo on [page 7 last two para] teaches chip level security environment such as secure element SE, and software-level or semi-software-level security environments with large total storage capacity such as TEE (Trusted Execution Environment), TrustZone (trust zone), SGX (Software Guard Extensions), software protection extension instructions) or Rich OS (rich operating system) (i.e. Rich Execution Environment REE). See on [page 7 last two para] teaches chip-level security environment such as an SE (Secure Element). Since the chip-level security environment is a hardware-level security environment, the possibility of successful attack is extremely low, and its data security protection, etc. The level is higher than the software-level and semi-software-level security environment (i.e. SE security is higher than TEE). Furthermore its well know that Trusted execution environment TEE is more secure than Rich OS environment (REE)).
a memory configured to store instructions (Zou [page 3 1st para] teaches a memory for storing instruction);
 and a processor coupled to the memory, wherein the instructions cause the processor to be configured to; (Zou on [page 13 2nd last para] teaches the terminal device may be computer mobile phone table etc. (i.e. having processor) being part of memory in the terminal device);
 generate a second file and a third file based on a first file, wherein the second file is based on first content in the first file, wherein the third file is based on second content in the first file, and wherein the first content is different from the second content (Zuo on [page 6 last para] teaches a biometric encryption template (i.e. first file) split into at M groups wherein M=2 using simple splitting algorithm or splitting first 10 kb (i.e. first content of first file) of the biometric template into a set of biometric data (i.e. second file) and split the remaining (i.e. second content of first file) biometric template as another set of template (i.e. third file). Further teaches after splitting the amount of data in each M group can be different from each other (i.e. first content different from second content). See also on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file));
and store the second file and the third file in different storage spaces of different application environments of the first application environments  (Zuo [page 7 para 1-4] teaches the M group biometric encryption data is stored in the N storage are and at least on set of bio-metric encryption stored in each of the storage area. Further teaches M=2 (i.e. indicating two groups of data after splitting biometric encryption template) and M=N, where N is number of storage area and one set of biometric data is stored in each of the N storage area (i.e. in instant cased the biometric encryption data is divided into two subset each will be stored in each storage are of N storage). See on [page 7 last two para] teaches in a specific application, at least one of the N storage areas is a storage area of a chip-level security environment such as an SE (Secure Element). Since the chip-level security environment is a hardware-level security environment. One or more sets of biometric encryption template data in the M group biometric encryption template data may be stored in a storage area of the chip level security environment, and the remaining one is Group or groups of biometric encryption template data with large data volume are stored in software-level or semi-software-level security environments (i.e. different application environment) with large total storage capacity such as TEE (Trusted Execution Environment), TrustZone (trust zone), SGX (Software Guard Extensions), software protection extension instructions) or Rich OS (rich operating system). See on [page 11 step s506] teaches storing one set of biometric encryption template data in storage area of the SE security environment and another set of biometric encryption template data area of TEE)
Although Zou teaches storing files in a secure element when file size is less than 10 KB (Zou on [page 12 para 1-2]), but fails to explicitly teach and wherein one file of the second file and the third file is , however Chow from analogous art teaches wherein one file of the second file and the third file is stored in a higher security application environment of the first application environments if the one file is a smaller file of the second file and the third file (Chow on [0163] teaches generate, using a trusted execution environment, a protected data enclave to store the data when the size of the database is less than a threshold size. See on [0054] teaches determines a size (e.g., in bytes) of the database 120 from which the data (e.g., records) may be requested. When the private information retrieval manager 246 determines that the size of the database 120 is equal to or less than a threshold size (e.g., equal to or less than a maximum amount of data that is protectable by one trusted processing unit. See on [0072] teaches if the size of the data 201 is not more than the threshold size storing the data in protected enclave).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chow into the teaching of Zuo by storing data in the SE when size is less than a threshold. One would be motivated to do so in order to securely store and retrieve data from protected environment (Chow on [0002]).
Regarding claim 20  Zuo teaches a computer program product comprising computer-executable instructions for storage on a non-transitory computer-readable storage medium that, when executed by a processor, cause a terminal device toZou on [page 13 2nd last para] teaches the terminal device may be computer mobile phone table etc. (i.e. having processor) being part of memory in the terminal device. See [page 3 1st para] teaches a memory for storing instruction);
generate a second file and a third file based on a first file, wherein the second file is based on first content in the first file, wherein the third file is based on second content in the first file, and wherein the first content is different from the second content  (Zuo on [page 6 last para] teaches a biometric encryption template (i.e. first file) split into at M groups wherein M=2 using simple splitting algorithm or splitting first 10 kb (i.e. first content of first file) of the biometric template into a set of biometric data (i.e. second file) and split the remaining (i.e. second content of first file) biometric template as another set of template (i.e. third file). Further teaches after splitting the amount of data in each M group can be different from each other (i.e. first content different from second content). See also on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file));
and store the second file and the third file in different storage spaces of different application environments of first application environments of the terminal (Zuo [page 7 para 1-4] teaches the M group biometric encryption data is stored in the N storage are and at least on set of bio-metric encryption stored in each of the storage area. Further teaches M=2 (i.e. indicating two groups of data after splitting biometric encryption template) and M=N, where N is number of storage area and one set of biometric data is stored in each of the N storage area (i.e. in instant cased the biometric encryption data is divided into two subset each will be stored in each storage are of N storage). See on [page 7 last two para] teaches in a specific application, at least one of the N storage areas is a storage area of a chip-level security environment such as an SE (Secure Element). Since the chip-level security environment is a hardware-level security environment. One or more sets of biometric encryption template data in the M group biometric encryption template data may be stored in a storage area of the chip level security environment, and the remaining one is Group or groups of biometric encryption template data with large data volume are stored in software-level or semi-software-level security environments (i.e. different application environment) with large total storage capacity such as TEE (Trusted Execution Environment), TrustZone (trust zone), SGX (Software Guard Extensions), software protection extension instructions) or Rich OS (rich operating system). See on [page 11 step s506] teaches storing one set of biometric encryption template data in storage area of the SE security environment and another set of biometric encryption template data area of TEE);
(Zuo on [page 7 last two para] teaches chip level security environment such as secure element SE, and software-level or semi-software-level security environments with large total storage capacity such as TEE (Trusted Execution Environment), TrustZone (trust zone), SGX (Software Guard Extensions), software protection extension instructions) or Rich OS (rich operating system) (i.e. Rich Execution Environment REE). See on [page 7 last two para] teaches chip-level security environment such as an SE (Secure Element). Since the chip-level security environment is a hardware-level security environment, the possibility of successful attack is extremely low, and its data security protection, etc. The level is higher than the software-level and semi-software-level security environment (i.e. SE security is higher than TEE). Furthermore its well know that Trusted execution environment TEE is more secure than Rich OS environment (REE));
Although Zou teaches storing files in a secure element when file size is less than 10 KB (Zou on [page 12 para 1-2]), but fails to explicitly teach and wherein one file of the second file and the third file is stored in a higher security application environment of the first application environments if the one file is a smaller file of the second file and the third file, however Chow from analogous art teaches wherein one file of the second file and the third file is stored in a higher security application environment of the first application environments if the one file is a smaller file of the second file and the third file (Chow on [0163] teaches generate, using a trusted execution environment, a protected data enclave to store the data when the size of the database is less than a threshold size. See on [0054] teaches determines a size (e.g., in bytes) of the database 120 from which the data (e.g., records) may be requested. When the private information retrieval manager 246 determines that the size of the database 120 is equal to or less than a threshold size (e.g., equal to or less than a maximum amount of data that is protectable by one trusted processing unit. See on [0072] teaches if the size of the data 201 is not more than the threshold size storing the data in protected enclave).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chow into the teaching of Zuo by storing data in the SE when size is less than a threshold. One would be motivated to do so in order to securely store and retrieve data from protected environment (Chow on [0002]).

Regarding claim 2 and 28 the combination of Zuo and Chow teaches all the limitations of claim 1 and 19 above, Zuo further teaches wherein the first file comprises sensitive data in an application program of the terminal (Zuo on [page 8 last 3 para] teaches biometric data such as fingerprint data of user).
Regarding claim 3 and 29 the combination of Zuo and Chow teaches all the limitations of claim 2 and 28 above, Zuo further teaches wherein the sensitive data comprises a fingerprint template file (Zuo on [page 8 last 3 para] teaches biometric data such as fingerprint data of user. See also [page 9 para 1-3] teaches biometric encryption template as a fingerprint feature template).
Regarding claim 4 and 30 the combination of Zuo and Chow teaches all the limitations of claim 1 and 19 above, Zuo further teaches wherein before generating the second file and the third file, the method further comprises: encrypting the first file to obtain an encrypted first file (Zuo on [page 3 last para] teaches before the obtaining the M biometric encryption template data, the method further includes: encrypting the biometric encryption according to the biometric template. See also [page 4 1st para] teaches biometric template containing the verification data is encrypted to generate the biometric encryption template);
and splitting(Zuo on [page 6 last para] teaches a biometric encryption template (i.e. first file) split into at M groups wherein M=2 using simple splitting algorithm or splitting first 10 kb (i.e. first content of first file) of the biometric template into a set of biometric data (i.e. second file) and split the remaining (i.e. second content of first file) biometric template as another set of template (i.e. third file). Further teaches after splitting the amount of data in each M group can be different from each other (i.e. first content different from second content). See also on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file)).

Regarding claim 5 the combination of Zuo and Chow teaches all the limitations of claim 4 above, Zuo further teaches wherein the third file comprises a key for encrypting the first file (Zuo on [page 11 step s503-s506] teaches encrypt the biometric verification template using first key and placing the key before the start position in the biometric encryption template and split the biometric encryption template into which the first key is placed into two sets).
Regarding claim 6 the combination of Zuo and Chow teaches all the limitations of claim 1, Zuo further teaches further comprising: storing, the second file in a storage space of the REE; and storing the third file in a storage space of the SE, wherein a size of the second file is greater than or equal to a size of the third file (Zou on [page 11 step s506] teaches storing one set of biometric encryption template data in storage area of the SE security environment and another set of biometric encryption template data area of TEE. See on [page 7 1st para] teaches the size of data after splitting can be same or different from each other. For example one file can be 5 Kb or 10 Kb).
Regarding claim 7 the combination of Zuo and Chow teaches all the limitations of claim 6 above, Zuo further teaches further comprising: invoking a TEE encryption storage service to encrypt the second file to obtain an encrypted second file; and storing the encrypted second file in the storage space of the REE (Zou on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file). Store one set of biometric encryption template data, for example, including the first key, in a storage area of the SE security environment, and store another set of biometric encryption template data in a storage area of the TEE security environment (i.e. both second and the third file are in encrypted file derived from first file)).
Regarding claim 9 the combination of Zuo and Chow teaches all the limitations of claim 1 above, Zuo further teaches further comprising obtaining the first file based on the second file and the third file (Zou on [page 5 para 3-5 and page 12 1st para] teaches template restoring unit is configured to recombine the M group biometric encryption template data to obtain a biometric encryption template (i.e. obtaining first file based on second and third file)).

Regarding claim 22 the combination of Zuo and Chow teaches all the limitations of claim 2 above, Zuo further teaches wherein the sensitive data comprises a face template file (Zou on [page 3 2nd para and page 8 3rd last para] teaches Biological data such as fingerprint, lip lines Iris etc.).
Regarding claim 23 the combination of Zuo and Chow teaches all the limitations of claim 2 above, Zuo further teaches wherein the sensitive data comprises an iris template file (Zou on [page 3 2nd para and page 8 3rd last para] teaches Biological data such as fingerprint, Iris etc.).
Regarding claim 24 the combination of Zuo and Chow teaches all the limitations of claim 1 above, Zuo further teaches storing the second file in a storage space of the REE; and storing the third file in a storage space of the TEE, wherein a size of the second file is greater than or equal to a size of the third file (Zuo on [page 11 step s506] teaches storing one set of biometric encryption template data in storage area of the SE security environment and another set of biometric encryption template data area of TEE. See on [page 7 1st para] teaches the size of data after splitting can be same or different from each other. For example one file can be 5 Kb or 10 Kb).
Regarding claim 25 the combination of Zuo and Chow teaches all the limitations of claim 24 above, Zuo further teaches further comprising: invoking a TEE encryption storage service to encrypt the (Zou on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file). Store one set of biometric encryption template data, for example, including the first key, in a storage area of the SE security environment, and store another set of biometric encryption template data in a storage area of the TEE security environment).
Regarding claim 26 the combination of Zuo and Chow teaches all the limitations of claim 1 above, Zuo further teaches further comprising: storing the second file in a storage space of the TEE; and storing the third file in a storage space of the SE, wherein a size of the second file is greater than or equal to a size of the third file (Zou on [page 11 step s506] teaches storing one set of biometric encryption template data in storage area of the SE security environment and another set of biometric encryption template data area of TEE. See on [page 7 1st para] teaches the size of data after splitting can be same or different from each other. For example one file can be 5 Kb or 10 Kb).

Claims 8 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over by Zuo (WO 2018/165811) in view of BOUSQUET et al (hereinafter BOUSQUET) (US 20180197056) and further in view of Chow et al (hereinafter Chow) (US 20160283731).
Regarding claim 8 the combination of Zuo and Chow teaches all the limitations of claim 7, Zuo further teaches further comprising: encrypting(Zuo on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file). Store one set of biometric encryption template data, for example, including the first key, in a storage area of the SE security environment, and store another set of biometric encryption template data in a storage area of the TEE security environment (i.e. both second and the third file are in encrypted file derived from first file)).
(BOUSQUET on [0134] teaches the processing corresponding to the command APDU' (received in step E58) by using the data obtained by the use of the sub-system (in this case the biometric characteristics BIO). This processing comprises for example the comparison of the data received in step E84 with corresponding data stored in the secure element 6 and, in the case of success of the comparison, the signing of the message to be signed (appended to the command APDU' as indicated above) by means of a secret key (or private key) stored in the secure element 6, that is to say the application to the message to be signed of a cryptographic signature algorithm using the secret key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of BOUSQUET into the combined teaching of Zuo and Chow by storing data in the SE using an application protocol data unit (APDU) command. One would be motivated to do so in order to manage communication using APDU (BOUSQUET on [0007-0008]). 

Regarding claim 27 the combination of Zuo and Chow teaches all the limitations of claim 26, Zuo further teaches further comprising: encrypting the third file to obtain an encrypted third file (Zou on [page 11 step S505] teaches splitting the biometric encryption template (i.e. first file) into two sets of biometric encryption template data (i.e. second and third file). Store one set of biometric encryption template data, for example, including the first key, in a storage area of the SE security environment, and store another set of biometric encryption template data in a storage area of the TEE security environment (i.e. both second and the third file are in encrypted file derived from first file)).
(BOUSQUET on [0134] teaches the processing corresponding to the command APDU' (received in step E58) by using the data obtained by the use of the sub-system (in this case the biometric characteristics BIO). This processing comprises for example the comparison of the data received in step E84 with corresponding data stored in the secure element 6 and, in the case of success of the comparison, the signing of the message to be signed (appended to the command APDU' as indicated above) by means of a secret key (or private key) stored in the secure element 6, that is to say the application to the message to be signed of a cryptographic signature algorithm using the secret key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of BOUSQUET into the teaching of Zuo and Chow by storing data in the SE using an application protocol data unit (APDU) command. One would be motivated to do so in order to manage communication using APDU (BOUSQUET on [0007-0008]). 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436