DETAILED ACTION
Acknowledgements
This Office Action is in response to Applicant’s response filed on 2/1/22.
The Examiner notes that citations to United States Patent Application Publication paragraphs are formatted as [####], #### representing the paragraph number.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Status of Claims
Claims 21-39 are currently pending.
Claims 21-39 are rejected as set forth below.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments	
Claim Rejections - 35 U.S.C. § 112(a)
Applicant’s arguments with respect to claim(s) 21, 35, 38 have been fully considered are persuasive. The rejection (and corresponding rejections to its dependent claims, if applicable) is withdrawn.

Claim Rejections - 35 U.S.C. § 103
Applicant’s arguments with respect to claims 21-39 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Applicant asserts that each data file contains the same personal information but is encrypted using a different personalized data key. Applicant’s Remarks p7. The Examiner respectfully disagrees. As claimed, each data file is not required to contain the same personal information. The claim merely states that each one of the plurality of the encrypted data files contains personal information.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 21, 26, 28-29, 32, 35, 38 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20170109742 to Varadarajan in view of United States Patent Application Publication No. 2021/0288797 to Zhang.
As per claims 21, 35, 38¸ Varadarajan teaches:
A method of accessing a data file, comprising: receiving, at a device, an identifier from a user of the device, the identifier being associated with the user; ([0025], “The method 100 begins at block 102 where authentication information corresponding to an account of the user with a payment services provider is received. In one embodiment, the authentication information is a combination of a username and password.”)
retrieving from a storage device a plurality of encrypted data files associated with the identifier, wherein each one of the plurality of encrypted data files contains personal information that is encrypted using a respective unique personalized data key generated based on biometric scans of the user; ([0027], “Upon successful authentication with the payment services provider, method 100 then proceeds to block 104. At block 104, a request to enable access to a subset of data associated with the account with the payment services provider is received. In one embodiment, the request is received using the touch-sensitive display device of the payer device or mobile device 200. In one embodiment, and in the examples and embodiments described herein, the subset of data is the user's transaction history with the payment services provider. In one embodiment, the subset of data is all of the data in the user's transaction history. In one embodiment, the subset of data is only a portion of the user's transaction history. It should be understood that the subset of data is not limited to transaction history data, but may be any other data associated with a user's account with a payment services provider.”; [0033] – [0034], “The method 100 then proceeds to block 108, where a cryptographic encryption key is generated, based on the biometric authentication signature and the password as the seed to a key generation algorithm…. The method 100 then proceeds to block 110, where the subset of data is encrypted using the cryptographic encryption key. Encryption of the subset of data creates an encrypted subset of data.”)
obtaining biometric scans of the user from a biometric scanner in data communication with the device; generating, at the device, a personalized data key based on the obtained biometric scans of the user; decrypting one of the plurality of encrypted data files using the generated personalized data key; displaying the personal information obtained from the decrypted data file on a display associated with the device. ([0036] – [0038], “Referring now to FIG. 2g, in response to receiving the request to view the subset of data, the payer device may detect that it is not connected to a network, or alternatively, the payer device may detect that authentication to the payment services provider has not occurred. The payer device may then display an authentication screen, as shown in FIG. 2g. The display of FIG. 2g includes a window 236 which instructs the user to enter in the password, and provide the biometric authentication signature, for example, by placing the user's finger on the fingerprint sensor, speaking the audio passphrase, or focusing a camera of the payer device on the user's retina for a retinal scan…. At block 118 of method 100, a cryptographic decryption key based on the entered biometric authentication signature and password is generated.... At block 120 then, decryption of the encrypted subset of data is attempted using the cryptographic decryption key. For example, the cryptographic decryption key is used with a symmetric-key algorithm to attempt decryption of the encrypted subset of data. If decryption is successful, method 100 proceeds to block 122, where the subset of data is displayed on the touch-sensitive display device.”)
Varadarajan does not explicitly teach, but Zhang teaches:
wherein each one of the plurality of encrypted data files contains personal information that is encrypted using a respective unique personalized data key generated based on one of a plurality of different biometric scans of the user; ([0052] – [0067], “Specifically, the plurality of fingerprint scans refers to a plurality of fingerprint scans entered by a user, such as a fingerprint 1, a fingerprint 2, a fingerprint 3, and the like. The plurality of fingerprint scans is saved together to form a fingerprint scansbase. When the user triggers an instruction to start the photographing mode, the photographing mode can be started by means of verifying whether the current fingerprint entered by the user conforms to the fingerprint scansbase…. S200, when detecting a photographing instruction, generating an original photo and generating a key pair based on the unlocking fingerprint wherein the key pair comprises an encryption key and a decryption key.”)
One of ordinary skill in the art would have recognized that applying the known technique of Zhang to the known invention of Varadarajan would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to encrypt personal data using a respective unique personalized data key generated based on one of a plurality of different biometric scans of the user results in an improved invention because applying said technique allows for a plurality of fingerprints to be used to create a plurality of respective unique personalized data keys for further protection of the personal data, thus improving the overall security of the invention.
As per claim 26¸ Varadarajan teaches:
modifying the decrypted data file by updating part of the personal information using the device; generating an encrypted data file by encrypting the modified decrypted data file using the respective generated further personalized data key; and sending the plurality of encrypted data files to the storage device. ([0040] – [0041], “In one embodiment, the user may activate an option within the payment application to provide the request for the payment token. In one embodiment, the user may specify an amount for the payment token, a specified merchant for the payment token, an expiration date for the payment token, or any other details of the payment token.”)
Zhang teaches:
obtaining biometric scans of the user from a biometric scanner in data communication with the device; generating a plurality of further personalized data keys based on the obtained biometric scans of the user; for each of the at least one generated further personalized data keys; ([0052] – [0067])
As per claim 28¸ Zhang teaches:
wherein the plurality of biometric scans comprises fingerprint scans corresponding to a plurality of fingers of the user and wherein the fingerprint scans is obtained from a fingerprint scanner in data communication with the device, and the method further comprises the step of: for each of the plurality of fingers of the user, generating an associated personalized data key using the fingerprint scans relating to the fingerprint corresponding to the finger of the user; ([0052] – [0067)
As per claim 29¸ Varadarajan teaches:
wherein said plurality of biometric scans is not stored on said device or said storage device; ([0030], [0033], The Examiner notes the biometric scans is used only to generate the cryptographic encryption key and is never stored.)
As per claim 32¸ Varadarajan teaches:
wherein the plurality of biometric scans comprises data representing the palm or the retina of a user; ([0030], “In one embodiment, the biometric authentication signature may be a retinal scan performed by a camera or other image recognition component of the payer device.”)


Claims 22-24, 27, 30-31, 33-34, 36-37, 39 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20170109742 to Varadarajan in view of United States Patent Application Publication No. 2021/0288797 to Zhang, and further in view of United States Patent Application Publication No. 20080201769 to Finn.
As per claims 22, 36, 39, Varadarajan as modified does not explicitly teach, but Finn teaches:
wherein the device is a Point of Sale (POS) device. ([0008], “In one embodiment, multiple payment options such as credit cards, debit cards, loyalty cards, etc. are registered by a consumer and consolidated into a secure central repository. Once registered, the consumer no longer needs to physically carry all of the cards. Rather, the consumer may securely access the central repository over a secure communications channel from a remote access device, such as a point-of-sale (POS) terminal at a merchant store, to retrieve and select from one of the available payment methods for use.”)
One of ordinary skill in the art would have recognized the substitution of a known prior art element of Finn for another known prior art element of Varadarajan as modified would have yielded predicable results. Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject and the prior art rests not on any individual element or function but in the very combination itself- that is in the substitution of the point-of-sale device in the secondary reference for the device in the primary reference. It would have been Varadarajan.
As per claim 23¸ Varadarajan teaches:
wherein the decrypted personal information comprises payment data, identification data or a combination of payment data and identification data. ([0027]))
As per claim 24¸ Varadarajan teaches:
selecting one of the data of the decrypted personal information for use in a transaction; ([0042], “The payment application may then generate a cryptographic decryption key based on the biometric authentication signature and the password, and decrypt the encrypted authorized payment token using the decryption key. In response, the authorized payment token may be enabled for use.”)
Finn teaches:
wherein the device is a Point of Sale (POS) device. ([0008])
As per claim 27¸ Zhang teaches:
obtaining the plurality of biometric scans from the user comprises obtaining fingerprint scans relating to a plurality of fingerprints corresponding to a ([0052] – [0067])
As per claim 30¸ Varadarajan as modified does not explicitly teach, but Finn teaches:
wherein the storage device is a server in data communication with the device; ([0008])
One of ordinary skill in the art would have recognized that applying the known technique of Finn to the known invention of Varadarajan as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such remote storage features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the storage device to be a server in data communication with the device results in an improved invention because applying said technique ensures that the data files will be safely secured at a centralized server in case of data loss associated with the device, thus improving the overall user convenience.

As per claim 31¸ Varadarajan
wherein the storage device is a memory device inserted in the POS device; ([0022], “The encrypted subset of data is stored in a non-transitory memory.”)
Finn teaches:
wherein the device is a Point of Sale (POS) device. ([0008])
As per claims 33, 37¸ Varadarajan teaches:
wherein the biometric scanner is embedded in the POS device; ([0022], “The application may be executed by a mobile device having one or more biometric sensors, such as a fingerprint sensor, one or more hardware processors, a network interface, and a touch-sensitive display device.”)
Finn teaches:
wherein the device is a Point of Sale (POS) device. ([0008])
As per claim 34¸ Varadarajan teaches:
wherein when said plurality of encrypted data files are retrieved and decrypted at the POS device, said plurality of data files are removed from the storage device and replaced with a plurality of new altered encrypted data files; ([0040] – [0041])
Finn teaches:
wherein the device is a Point of Sale (POS) device. ([0008])

Claim 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20170109742 to Varadarajan in view of United States Patent Application Publication No. 2021/0288797 to Zhang and United States Patent Application Publication No. 20080201769 to Finn, and further in view of United States Patent Application Publication No. 20170091774 to White.
As per claim 25, Varadarajan as modified does not explicitly teach, but White teaches:
sending an electronic receipt of the transaction to an email address or a cellphone number associated with the user; (Abstract)
One of ordinary skill in the art would have recognized that applying the known technique of White to the known invention of Varadarajan as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such electronic receipt features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to send an electronic receipt of the transaction to an email address or a cellphone number associated with the user results in an improved invention because applying said technique ensures that the user will receive confirmation of a transaction, thus improving the overall user experience.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
United States Patent Application Publication No. 20180308101 discloses an information capturing and transaction device may be used to capture a user's biometric information which in turn may be received by a secure element such as a SIM card. SIM card-based captured biometric keys are generated based on the user's biometric information and compared with SIM card-based reference biometric keys. If these two SIM card-based keys match with one another, access to each of a plurality of applications residing on the SIM card may be permitted. The applications may be selectively activatable from the SIM card. The applications, which may include payment and voting applications, may be executed and operated from the SIM card to perform an electronic transaction on a third-party computer system such as an electronic payment system and electronic voting system.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY HUANG whose telephone number is (408)918-9799. The examiner can normally be reached 9:00a - 5:30p PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anita Coupe can be reached on (571) 270-3614. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAY HUANG/Primary Examiner, Art Unit 3619