DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on December 20, 2021.
Claims 1-20 are allowed.

Allowable Subject Matter
Claims 1-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 1 is allowable based on the amendment presented on December 20, 2021.
Specifically, the independent Claim 1 now recites limitations as follows:
“A method of authenticating a first device of a user to a second device, the method comprising performing, by the second device: 
receiving a public key and an encrypted biometric template from the first device;
obtaining, using one or more sensors of the second device, a biometric measurement from the user; 
computing an encrypted similarity metric of the encrypted biometric template and the biometric measurement using homomorphic encryption with the public key, the encrypted similarity metric corresponding to a similarity metric encrypted with the public key; 
sending a first message to the first device, the first message including the encrypted similarity metric; 
receiving a response message from the first device, the response message indicating (1) whether a decrypted similarity metric exceeds a threshold, the decrypted similarity metric generated by decrypting the encrypted similarity metric; and 
providing access to a resource when the decrypted similarity metric exceeds the threshold”.
The cited reference by Tuyls et al. (US 2009/0006855) discloses, a system for identification and authentication of an individual based on biometric data associated with the individual, in accordance with the present invention. Here, the enrolling sensor 201 and the verifying, or authenticating, sensor 208 are located remote from each other. As in FIG. 1, the acquired data (i.e. raw, plaintext data) is processed at a DSP 202. This data is encrypted and stored in a database storage 203. Subsequently, when the individual wishes to access the system, she provides plaintext biometric data to the authenticating sensor 208. This data is then encrypted in DSP 209. Hence, with reference made to FIG. 2, where it is assumed that a biometric template X previously has been provided to the enrolling sensor 201, encrypted at the DSP 202 and stored in encrypted form E.sub.pk(X) in the database storage 203, when an individual requires access to the system, her biometric template Y (which is a noisy representation of X) is extracted by the verifying sensor 208 (also referred to as the authenticating (Fig. 2, ¶34). In order to perform the computations, a homomorphic threshold encryption system, such as e.g. Paillier or El Gamal, is used. The term "homomorphic" implies that E(x+y)=E(x)E(y). The term further implies that E(x).sup.a=E(x*a) for any x and a. An encryption of a parameter x is denoted by E.sub.pk(x), where "pk" denotes public key encryption. Thus, a user and a verifier have access to the same public key pk. Further, the user and the verifier each has access to a share of a corresponding private key. The shares of the private key are used for decryption.  The user may carry her share with her (e.g. on a smart card) or the share may be stored in a sensor of the biometric identification system with which the user interacts. During enrolment, a sequence of bits X representing a biometric identifier, which sequence is assumed to comprise a binary string of length n, i.e. X=(x.sub.1, . . . , x.sub.n), is captured and encrypted with the common public key pk: E.sub.pk(X)=(E.sub.pk(x.sub.0), . . . , E.sub.pk(x.sub.n)) at the sensor. This is typically performed on a bit-by-bit basis. The entries x.sub.i can be represented as binary strings through the following representation:
x i = j = 0 m x ij 2 j . ##EQU00003##. The string E.sub.pk(X) is then passed on to the verifier, which stores the string. Note that the verifier cannot decrypt E.sub.pk(X), as the verifier only has access to his share of the private key, and not to the share of the user. Hence, the plaintext representation X of the biometric identifier remains hidden for the verifier. During authentication, a noisy 
E pk ( d H ( X , Y ) ) = i = 1 n E pk ( x i 2 - 2 x i y i + y i 2 ) = i = 1 n E pk ( x i - 2 x i y i + y i ) = = i = 1 n E pk ( x i ) E pk ( y i ) E pk ( x i ) - 2 y i ( 3 ) ##EQU00004##. (¶15-¶18). The verifier sends E.sub.pk(X.sub.i) to the authenticating sensor, where secure computation is undertaken. The authenticating sensor computes E.sub.pk(y.sub.i) and E.sub.pk(2x.sub.iy.sub.i)=E.sub.pk(x.sub.i).sup.2yi and a proof which is arranged to show that encrypted output data is correct. Hence, at the authenticating sensor, a first set E.sub.pk(X) of encrypted data (received from the enroller) and a first set Y of plaintext data are obtained. The first set Y of plaintext data is then (¶19-¶20). The string E.sub.pk(X) is passed on to the verifier 211, which stores the string. The verifier 211 also typically contains a DSP, even though it is not shown in FIG. 2. Note that the verifier cannot decrypt E.sub.pk(X), as the verifier only has access to its share of the private key, and not to the share of the individual. Hence, the plaintext representation X of the biometric identifier remains hidden for the verifier 211. As previously mentioned, a secure protocol will be run to find out whether d.sub.H(X, Y)&lt;T, where T is a predetermined threshold value, without revealing any information with respect to X and Y. Now, E.sub.pk(d.sub.H(X, Y)) is computed in the manner previously described. The verifier 211 sends E.sub.pk(x.sub.i) to the authenticating sensor 208, which performs secure computation. (¶35)
The reference by Yasuda et al. (US PGPUB. # US 2016/0182226) discloses, when the result of the Hamming distance calculation is received from the calculation server 100, the authentication server 200 decrypts the result using the secret key of the homomorphic encryption, and compares a plaintext that is the Hamming distance resultant of the decryption with a preset threshold. In this comparison, if the Hamming distance that is the plaintext is smaller than the threshold, the authentication server 200 transmits OK as a result of matching, meaning that the authentication has succeeded, to the terminal device 10. If the Hamming distance that is the plaintext is equal to or larger than the threshold, the authentication server 200 transmits NG as a result of matching, indicating that the authentication has failed, to the terminal device 10 (S33). (Fig. 1, ¶42).
Updated search has yielded the following reference:
The reference by Calapodescu et al. (US PGPUB. # US 2016/0119119) discloses, the client then receives the obfuscated vector {Y.sub.j}.sub.K, decrypts it, and adds the result to the output as it is t-fuzzy with one of the client's word vectors. The client receives the obfuscated vector: {Π.sub.i=1.sup.m Π.sub.w=0.sup.T−t (Δ.sub.H(X.sub.i,Y.sub.j)−w).Math.rnd}.sub.K+{Y.sub.j}.sub.K, where rnd is a random vector formed by multiplying the random vectors r. As the double product is not the null vector, the client decrypts what appears to be a large random vector, from which Y.sub.j cannot be decrypted. The probability that a random rnd will produce a correct t-fuzzy element in A.sup.T is negligible. Therefore, the probability of a false positive is negligible. This vector is therefore not added to (Fig. 2, ¶99-¶102).
The reference by Barham et al. (US PGPUB. # US 2020/0228339) discloses, encrypted biometric information that can be stored and used for authentication with undegraded recognition performance. For example, in an embodiment, a method may comprise storing a plurality of encrypted trained weights of a neural network classifier, wherein the weights have been trained using biometric information representing at least one biometric feature of a person, receiving encrypted biometric information obtained by sampling at least one biometric feature of the person and encrypting the sampled biometric feature, obtaining an match-score using the encrypted trained neural network (Abstract).
The reference by Zheng YAN (US PGPUB. # US 2018/0294965) discloses,  receiving an authentication request from a user apparatus (802); sending a verification code to the user apparatus, wherein the verification code comprises a combination of pattern codes and the pattern codes are associated with encrypted bio-patterns that the user has registered respectively (804); receiving first encrypted bio-information of the user corresponding to the verification code (806); and calculating a first encrypted deviation between the registered encrypted bio-patterns corresponding to the combination of pattern codes and the codes and the pattern codes are associated with encrypted first encrypted bio-information. (Abstract).
The reference by Mark Buer (US PGPUB. # US 2014/0115324) discloses, a network-based biometric authentication platform stores biometric templates for individuals which have been securely enrolled with the authentication platform. A plurality of sensor platforms separately establishes secure communications with the biometric authentication platform. The sensor platform can perform a biometric scan of an individual and generate a biometric authentication template. The sensor platform then requests biometric authentication of the individual by the biometric authentication platform via the (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…sending a first message to the first device, the first message including the encrypted similarity metric; receiving a response message from the first device, the response message indicating (1) whether a decrypted similarity metric exceeds a threshold, the decrypted similarity metric generated by decrypting the encrypted similarity metric…”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 10 is also a method claim of above method claim 1 and Claim 17 is a system claim of above method claim 1, and therefore, they are also allowed.
Claims 2-9 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 11-17 depend on the allowed claim 10, and therefore, they are also allowed.
Claims 18-20 depend on the allowed claim 17, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498