Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2 and 5-9 are rejected under 35 U.S.C. 103 as being unpatentable over US 2020/0021446 to Roennow et al. (hereinafter Roennow) in view of WO 2019032113 to Wang (hereinafter Wang). 

Regarding claim 1, Roennow teaches
A method for biometric authentication of a user live scan against a biometric template stored on a user device, … 
Roennow in [0157] teaches the use of biometrics in the blockchain 170. Roennow in [0160] teaches that the (client) node 120 in may include a biometric sensor. Roennow in the last sentence of [0271] teaches that the biometric sensor may be used to identify (i.e., authenticate) a user.
Similarly, Wang (discussed further below) teaches biometric authentication. 
… by a decentralized computing network comprising a plurality of processors, (servers / nodes 110-130 of Roennow, fig. 1) each processor comprised of a network-connected computer and being associated with a processor encryption key pair comprising a processor public encryption key and a processor private encryption key, the method comprising: 
Roennow in [0194] teaches that a blockchain keeps track of both registered domain names (e.g., web addresses) and server nodes (“plurality of processors”) to form a plurality of blockchain node layers. Roennow in [0147-148] teaches that each device / node / server 110-130 of fig. 1 is a node of the blockchain network 170, and thus, the nodes 110-130 correspond to “a decentralized computing network comprising a plurality of processors.” 
Roennow in [0148] teaches that the server node 110 in fig. 1 is a domain name node that records a domain registration and a domain primary key, which corresponds to a public key of the domain. Roennow in [0149] teaches that the public key has a corresponding private key (“a processor encryption key pair comprising a processor public encryption key and a processor private encryption key”). 
receiving, by the user device, a plurality of processor public encryption keys; 
	Roennow in [0040] teaches decrypting, by the client node 120 (“user device”), the encrypted response using a private key of the client node to generate the domain public key (“processor public encryption keys”) and the domain certificate information. As discussed above, Roennow in [0194] teaches that multiple domain names may be tracked. Thus, each of the domains has it’s own public / private key pair, which corresponds to a plurality of domain public keys (“a plurality of processor public encryption keys”).
generating, by the user device, a user device symmetric encryption key; 
encrypting, by the user device, copies of the user device symmetric encryption key, each copy encrypted using one of the processor public encryption keys; 
Roennow in [0041] teaches generating, by the client node (“generating, by the user device”), a session key (“user device symmetric encryption key”) in response to verifying the server node, encrypting the session key using the domain public key (“encrypting, by the user device, copies of the user device symmetric encryption key, each copy encrypted using one of the processor public encryption keys”). Again, as stated above, each of the domains has its own domain public key.
The examiner takes official notice that it is commonly known by one of ordinary skill in the art recognizes that a session key is a shared symmetric key that both a client and server possess, and can use for encryption and decryption. It is commonly understood (e.g., in SSL encryption) that a session key, which is encrypted with a public key, is a shared symmetric key that allows both devices to encrypt and decrypt messages using the shared symmetric key. Further, it is commonly understood by those of ordinary skill in the art that a shared symmetric key is computationally more efficient than asymmetric encryption (public / private key encryption).
Roennow  teaches the following, except for the underlined features,
generating, by the user device, an encrypted live scan and encrypted template by encrypting a biometric live scan and a biometric template using the user device symmetric encryption key; 
Roennow in [0043] teaches utilizing the session key (“using the user device symmetric encryption key”) for encrypting data of the secure communication between the client node and the server node. Further, Roennow, as discussed above (see: in [0157], [0160], and [0271]) does transfer biometric data into the blockchain 170, and thus, this data would be encrypted. 
Roennow does not appear to teach both: generating an encrypted a live scan biometric data and a also generating (e.g., during enrollment) an encrypted a biometric template.
However, Wang teaches generating and encrypting both a biometric live scan and a biometric template,
Wang in [0007] teaches a portable device (“registered device”) that transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”). (Wang, fig. 2) 
Additionally, Wang in [0047] teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session, which apply to all of the teachings of Wang, including figs. 1-4. 
Thus, Wang in [0007] and [0047] teach encrypting both the first biometric template (“biometric template”) associated with a user and a biometric of the user (“live scan”), while Roennow teaches using a session \ symmetric key for the encryption.  
Roennow teaches,
transmitting, by the user device, an authentication request to the processors, the authentication request comprising …. and one or more encrypted copies of the user device symmetric encryption key; and 
Roennow in [0030] teaches a domain name request by a client device. 
Roennow in [0041] teaches generating, by the client node 120, a session key in response to verifying the server node, encrypting the session key (“encrypted copies of the user device symmetric encryption key”) using the domain public key, and transmitting the encrypted session key to the server node (“transmitting, by the user device, …. one or more encrypted copies of the user device symmetric encryption key”).
Roennow fails to teach,
transmitting, by the user device, an authentication request to the processors, the authentication request comprising the encrypted live scan, the encrypted template,  ….    ; and 
However, Wang teaches the above features,
As discussed above, Wang in [0007] and [0047] teach encrypting both the first biometric template (“biometric template”) associated with a user and a biometric of the user (“live scan”) being sent from a portable device to a computing device, while Roennow teaches using a session \ symmetric key for the encryption.  
The encryption of the biometric scan and template, and transmission of this data may be in response to the enrollment process 102 or the transaction process 202 of fig. 1 of Wang, which must be requested (“transmitting, by the user device, an authentication request”). (Wang, Fig. 1)
 (See also rejection of independent claim 11, for additional teachings regarding Wang)
Wang further teaches the following,
receiving, by the user device, biometric matching results from the one or more processors based upon comparison of the biometric template and the biometric live scan, … 
Wang in fig. 1, [0066] describing S 226 and S 228 teaches verifying, using the a blockchain 100 (“the one or more processors”) that receives a hash of a reference biometric template in S 226 of fig. 1., where the blockchain 100 then performs verification of the hash of the reference biometric template.
Wang in fig. 1 and [0064] teaches that S 224 compares biometrics, where one of the biometrics has been verified by the blockchain 100, in S.
Roennow teaches the following,  
… each processor having decrypted at least one encrypted copy of the user device symmetric key using one of said processor private encryption keys and having utilized the user device symmetric key to decrypt the encrypted live scan and encrypted template.
	As stated above, Roennow teaches that multiple domains are stored in the block chain, and there are multiple servers / nodes 110-130, where at least each server / node 110-130 has its own domain public key, and the client node 120 also creates a session key (“user device symmetric key”) that is encrypted with the domain public key of the specific server / nodes 110-130.
	Similarly, Wang teaches blockchain 100 in fig. 1, which may be interpreted as having processors. Wang in in [0047] (discussed above) also teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Roennow, which teaches establishing encrypted blockchain communications using public keys and session / symmetric keys and passing data between a client and server (blockchain) using the established session key(s), where the data includes biometric data, with Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel to a blockchain. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to provide the capability to securely pass data, using encryption, between a client and network computers that utilize distributed ledgers in order to securely pass live scan biometric data a biometric enrollment data, such as templates and/or hashes based on biometric templates. 

	Regarding claim 2, Wang teaches,   
The method of claim 1, wherein the step of transmitting an authentication request to the processor comprises transmitting a first authentication request to a transaction director comprising a network-connected computer.
	Wang in fig. 2 teaches a portable device 110 that communicates with a blockchain network 100 through any one of the access device 220, a transport computer 232, a processing network 240, and an authorization computer 250, which may correspond to “a transaction director.” 
	Additionally, “an authentication request” of claim 2 may correspond to initiating enrollment process 102 or transaction process 202 in fig. 1. 

Regarding claim 5, Wang teaches,    
The method of claim 1, wherein the step of encrypting a biometric live scan and a biometric template further comprises capturing a biometric live scan by the user device.
	Wang in fig. 5 and [0093] teaches that the portable device (“user device”) includes input element 310J. Wang in the second sentence of [0093] teaches that input elements 310J include hardware and software buttons, audio detection devices (e.g. , microphone), biometric readers, touch screens, and the like.

Regarding claim 6, Roennow teaches,   
The method of claim 1, in which the step of receiving the biometric matching results comprises: 
determining a local matching result by each said processor; 
Roennow in the middle of [0256] teaches comparison of domain information to identify the proper nodes. 
Similarly, Wang in fig. 1 S 224 teaches performing a comparison after the biometric template, used in the comparison, is verified by a blockchain in S226 and S 228.
determining a consensus matching result based upon application of consensus rules to said local matching results; and 
Roennow in [0068-69] teaches a distributed consensus system in a plurality of nodes, such as nodes 110-130 of fig. 1.  Roennow in [0138] teaches that the distributed database / blockchain is kept in consensus by strong cryptography. 
reporting the consensus matching result to the user device.
	The examiner interprets this feature corresponding to changing nodes with a system that, instead of distributed consensus, only requires approval from a single device (“user device”). (Roennow, [0310]) In this situation, the single device may have the ability to change node properties and remove nodes.

Regarding claim 7, Roennow teaches,   
The method of claim 1, wherein each processor is associated with a unique processor encryption key pair.
	As discussed above, Roennow in [0194] teaches that a blockchain keeps track of both registered domain names (e.g., web addresses) and server nodes (“plurality of processors”) to form a plurality of blockchain node layers. Roennow in [0147-148] teaches that each device / node / server 110-130 of fig. 1 is a node of the blockchain 170, and thus, the nodes 110-130 correspond to “a decentralized computing network comprising a plurality of processors.” 
Roennow in [0148] teaches that the server node 110 in fig. 1 is a domain name node that records a domain registration and a domain primary key, specific for each domain name. Thus, each domain has its own encryption key pair.
Roennow in the Abstract states, “a domain primary key corresponding to a domain public key and domain certificate information for a server node.” Thus, each server (“processor”) has its own specific keys.

	Regarding claim 8, Roennow teaches,
The method of claim 1, wherein each processor encryption key pair is associated with a plurality of processors.
	See discussion of rejection of claim 8, above.
	Roennow in [0143] teaches that the Domain Name System (DNS) is distributed and maintained among service providers, where the DNS servers are the nodes in the blockchain (“plurality of processors”).
	Thus, each Domain Name has its own public / private key pairs, as discussed above, and the database is spread over multiple servers (“plurality of processors”).

Regarding claim 9, Roennow teaches,
The method of claim 1, further comprising: validating the plurality of public encryption keys received by the user device by querying a certificate authority, prior to transmitting an authentication request to the processors.
	Roennow in the middle of [0133] teaches, “Third, the web server responds by sending over its public key and the certificate that contains information about the website and the Certificate Authority (CA). Fourth, the browser may then check if the certificate is valid or not (this depends on whether the CA can be trusted or not). After verification, the browser sends a one-time session key encrypted with the web server's public key.”

Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Roennow, in view of Wang, and further in view of NPL document: “Symmetric hash functions for secure fingerprint biometric systems” to Tulyakov et al. (hereinafter Tulyakov).

Regarding claim 3, Wang teaches, 
The method of claim 2, in which the step of transmitting an authentication request to the processors further comprises:
further transmitting, from the transaction director to each of the plurality of processors, a second authentication request comprising:
the encrypted live scan, the encrypted template, and an encrypted copy of the user device symmetric encryption key encrypted by a processor public key associated with the processor to which the second authentication request is transmitted.
	As stated above, As discussed above, Wang in [0007] and [0047] teach encrypting both the first biometric template (“biometric template”) associated with a user and a biometric of the user (“live scan”) being sent from a portable device to a computing device. (See fig. 2)
	As admitted above, the encrypted live scan and encrypted template are processed in the Access Device 120 / 220 of figs. 1 and 2. Access Device 120 / 220 or other intermediate devices between portable device 110 and blockchain 100, do not send the encrypted live scan and encrypted template to the blockchain for processing, but rather send a hash of a biometric template to the blockchain for processing (i.e., matching with the enrollment biometric template). Wang teaches performing the comparison between the biometric live scan and the biometric template in S 224 of fig. 1.
	However, it would be obvious to modify Wang so that the blockchain 100 also performed the comparison between the biometric live scan and the biometric template in S 224, for the following reasons.
Tulyakov teaches the modification to Wang,
Tulyakov is directed to matching the hashed features of biometric templates to prevent the need to store biometric templates and instead store hashes of biometric templates. (Tulyakov, page 1, paragraph 1) Tulyakov, in the last sentence of the third paragraph (on the first page) teaches that biometric matching of hashed features instead of the original biometric template, may be performed on the client side or the server / database side. (Tulyakov, page 1, paragraph 3) Thus, one of ordinary skill in the art in view of Tulyakov would modify Wang so that the verification depicted in Steps 226 and 228 that is performed in Blockchain 100 in fig. 1, would instead be performed by the access device 220.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches a block chain that performs verification of biometric templates by comparing a hashed biometric template stored in a blockchain with one provided by a user device,  with Tulyakov, which teaches that comparisons of hashes of biometric templates may be performed by a client or server / database. One of ordinary skill in the art would have been motivated to perform such a modification to provide the capability for Wang’s blockchain 100 to provide the access device 220 with the hash of the biometric template and perform the comparison of hashes of biometric templates in the access device 220 in order to increase security by sending less cleartext information over a network and preventing a man in the middle attack. (Tulyakov, page 1, paragraph 1)

Regarding claim 4, Roennow teaches,  
The method of claim 3, wherein the second authentication request comprises all of the encrypted copies of the user device symmetric encryption key.
	Roennow teaches that the plurality of servers 110-130, which store the blockchain, have separate keys for each of the different domains on the servers 110-130. 
	Roennow in [0040] teaches decrypting, by the client node 120 (“user device”), the encrypted response using a private key of the client node to generate the domain public key (“processor public encryption keys”) and the domain certificate information. As discussed above, Roennow in [0194] teaches that multiple domain names may be tracked. Thus, each of the domains has its own public / private key pair, which corresponds to a plurality of domain public keys (“a plurality of processor public encryption keys”).
Roennow in [0041] teaches generating, by the client node (“user device”), a session key (“user device symmetric encryption key”) in response to verifying the server node, encrypting the session key using the domain public key (“encrypting, by the user device, copies of the user device symmetric encryption key, each copy encrypted using one of the processor public encryption keys”). Again, as stated above, each of the domains has its own domain public key.
The examiner notes that Wang teaches the “transaction director” of claim 3, and that all of the encrypted copies of the symmetric key, taught by Roennow, would have to be transmitted from an intermediate device (e.g., Access Device 220 of Wang) to the blockchain. 

Claims 10 are rejected under 35 U.S.C. 103 as being unpatentable over Roennow in view of Wang and further in view of US 2011/0126024 to Beatson et al. (hereinafter Beatson). 
Regarding claim 10, Roennow teaches,
A method for biometric authentication of a user live scan against a biometric template stored on a user device, … 
Roennow in [0157] teaches the use of biometrics in the blockchain 170. Roennow in [0160] teaches that the (client) node 120 in may include a biometric sensor. Roennow in the last sentence of [0271] teaches that the biometric sensor may be used to identify (i.e., authenticate) a user.
Similarly, Wang (discussed further below) teaches biometric authentication. 
… by a decentralized computing network comprising a plurality of processors, (servers / nodes 110-130 of Roennow, fig. 1) each processor comprised of a network-connected computer and being associated with a processor encryption key pair comprising a processor public encryption key and a processor private encryption key, the method comprising: 
Roennow in [0194] teaches that a single blockchain keeps track of both registered domain names (e.g., web addresses) and server nodes (“plurality of processors”) to form a plurality of blockchain node layers. Roennow in [0147-148] teaches that each device / node / server 110-130 of fig. 1 is a node of the blockchain 170, and thus, the nodes 110-130 correspond to “a decentralized computing network comprising a plurality of processors.” 
Roennow in [0148] teaches that the server node 110 in fig. 1 is a domain name node that records a domain registration and a domain primary key, which corresponds to a public key of the domain. Roennow in [0149] teaches that the public key has a corresponding private key (“a processor encryption key pair comprising a processor public encryption key and a processor private encryption key”). 
receiving, by the user device, the processor public encryption key; 
Roennow in [0040] teaches decrypting, by the client node 120 (“user device”), the encrypted response using a private key of the client node to generate the domain public key (“processor public encryption keys”) and the domain certificate information. As discussed above, Roennow in [0194] teaches that multiple domain names may be tracked. Thus, each of the domains has its own public / private key pair, which corresponds to a plurality of domain public keys (“a plurality of processor public encryption keys”).
Roennow teaches the following, except for the underlined features,
encrypting, by the user device, a biometric live scan and a biometric template using the processor public encryption key; 
Roennow in [0043] teaches utilizing the session key (“using the user device symmetric encryption key”) for encrypting data of the secure communication between the client node and the server node. Further, Roennow, as discussed above (see: in [0157], [0160], and [0271]) does transfer biometric data into the blockchain 170, and thus, this data would be encrypted. 
Roennow does not appear to teach generating an encrypted a live scan biometric data and a also generating (e.g., during enrollment) an encrypted a biometric template.
However, Wang teaches encrypting both a biometric live scan and a biometric template,
Wang in [0007] teaches a portable device (“registered device”) that transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”). 
Additionally, Wang in [0047] teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session, which apply to all of the teachings of Wang, including figs. 1-4. 
Thus, Wang in [0007] and [0047] teach encrypting both the first biometric template (“biometric template”) associated with a user and a biometric of the user (“live scan”).
Roennow teaches encrypting using a symmetric key.
Roennow and Wang fail to teach encrypting both a biometric live scan and a biometric template using a public key, 
	However, Beatson teaches the above underlined features, 
Beatson in the second sentence of [0013] teaches encrypting both a biometric sample and a biometric template using a public key, which are used in authentication.  Further, the examiner asserts that public key encryption is well known in the art and is also taught by Roennow and Wang.
Wang teaches,
transmitting, by the user device, an authentication request to the processors, the authentication request comprising the encrypted biometric live scan and the encrypted biometric template; and 
Wang in fig. 1 S224 includes the portable device 110 (“user device”) that transmits biometric data. As discussed above, Wang in [0007] and [0047] teach encrypting both the first biometric template (“biometric template”) associated with a user and a biometric of the user (“live scan”) being sent from a portable device to a computing device, while Roennow teaches using a session \ symmetric key for the encryption.  
The encryption of the biometric scan and template, and transmission of this data may be in response to the enrollment process 102 or the transaction process 202 of fig. 1 of Wang, which must be requested (“transmitting, by the user device, an authentication request”).
receiving, by the user device, biometric matching results from the one or more processors based upon comparison of the biometric template and the biometric live scan, … 
Wang in fig. 1, [0066] describing S226 and S228 teaches verifying, using the a blockchain 100 (“the one or more processors”) that receives a hash of a reference biometric template in S 226 of fig. 1., where the blockchain 100 then performs verification of the hash of the reference biometric template.
Wang in fig. 1 and [0064] teaches that S 224 compares biometrics, where one of the biometrics has been verified by the blockchain 100, in S.
Roennow teaches the following,  
… each processor having decrypted the encrypted biometric live scan and the encrypted biometric template using the processor private encryption key.
As stated above, Roennow teaches that multiple domains are stored in the block chain, and there are multiple servers / nodes 110-130, where at least each server / node 110-130 has its own domain public key, and the client node 120 also creates a session key (“user device symmetric key”) that is encrypted with the domain public key of the specific server / nodes 110-130.
	Similarly, Wang teaches blockchain 100 in fig. 1, which may be interpreted as having processors. Wang in in [0047] (discussed above) also teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Roennow, which teaches establishing encrypted blockchain communications and passing data between a client and server using the established session key(s), where the data includes biometric data, with Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to provide the capability to securely pass data, using encryption, between a client and network computers that utilize distributed ledgers in order to securely pass live scan biometric data a biometric enrollment data, such as templates and/or hashes based on biometric templates. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Roennow, which teaches establishing encrypted blockchain communications and passing data between a client and server using the established session key(s), where the data includes biometric data, with Beatson, which teaches using a public key to encrypt both a biometric sample and a biometric template used in biometric authentication. One of ordinary skill in the art would have been motivated to perform such an addition to simplify the encryption of Roennow by replacing the use of a symmetric key, which needs to be encrypted by a public key to securely share with another device, with a public key.

Claims 11 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Tulyakov.
Regarding claim 11, Wang teaches,
A method for biometric authentication of a user live scan against a biometric template stored on a registered device, by a decentralized computing network comprising a plurality of authentication ledger (AL) processors, each processor comprised of a network-connected computer, the method comprising: 
Wang in [0007] teaches a portable device (“registered device”) transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”).
Wang in [0050] teaches that the blockchain system 100 may include a computer network that includes a number of nodes (“plurality of authentication ledger (AL) processors, each processor comprised of a network-connected computer”). 
receiving, from the registered device, an encrypted copy of the biometric template and an encrypted live scan; 
…
decrypting the encrypted biometric template and the encrypted live scan; 
Again, Wang in [0007] teaches that the portable device (“registered device”) transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”).
Wang in [0047] teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session, which apply to all of the teachings of Wang, including figs. 1-4. Thus, Wang [0007] and [0047] teach the following underlined features, “an encrypted copy of the biometric template and an encrypted live scan” and decrypting the encrypted biometric template and encrypted live scan. 
Wang teaches the following features, except the underlined features,
receiving, from a decentralized user ledger, a hash of the biometric template previously associated in the decentralized user ledger with the registered device; 
As further discussed below, Wang teaches a blockchain 100 (“decentralized leger”) that receives a hash of a reference biometric template in S 226 of fig. 1., where the blockchain 100 then performs verification of the hash of the reference biometric template. Please see discussion of Wang [0064] and [0066] included below, which more fully discusses S226 of fig. 1 with regards to the hashes of biometric templates.
In contrast, the claim recites that the hash is received from the decentralized user ledger (blockchain). 
Tulyakov teaches the above underlined features,
Tulyakov is directed to matching the hashed features of biometric templates to prevent the need to store biometric templates and instead store hashes of biometric templates. (Tulyakov, page 1, paragraph 1) Tulyakov, in the last sentence of the third paragraph (on the first page) teaches that biometric matching of hashed features instead of the original biometric template, may be performed on the client side or the server / database side. (Tulyakov, page 1, paragraph 3) Thus, one of ordinary skill in the art in view of Tulyakov would modify Wang so that the verification depicted in Steps 226 and 228 that is performed in Blockchain 100 in fig. 1, would instead be performed by the access device 220.  
computing a hash of the biometric template; 
Wang in [0009] teaches hashing, by the computing device, the biometric template. 
Wang in S 122 of fig. 1 teaches taking a biometric, and Wang in S 124 of fig. 1 and [0055] teaches obtaining a hash of the biometric, during an enrollment process 102.  
Wang teaches the following, except for the underlined portions,
verifying authenticity of the biometric template by comparing the computed hash of the biometric template with the hash received from the decentralized user ledger; and 
As discussed below, Wang in [0064] teaches comparing two different biometric templates to authenticate. Wang in [0066] teaches verifying the reference biometric template  (“verifying authenticity of the biometric template”) by comparing a hash of the reference biometric template (stored outside of the blockchain) with the hash of the biometric template (from within the blockchain). The second half of [0066] teaches that the hashed reference biometric template is decrypted, and then then a comparison is made between the obtained hashed biometric template and the hashed biometric template stored on the blockchain of the blockchain system 100. 
Wang teaches that in step 226 the encrypted hashed reference biometric template (i.e., biometric certification token 110B) is transmitted to the blockchain for the comparison. Thus, Wang does not appear to teach the above underlined features. 
Tulyakov teaches the above underlined features,
As discussed above, Tulyakov teaches that performing matching of hashed biometric templates may be performed on the client side or the server / database side. (Tulyakov, page 1, paragraph 3) Thus, one of ordinary skill in the art in view of Tulyakov would modify Wang so that the verification depicted in Steps 226 and 228 that is performed in Blockchain 100 in fig. 1, would instead be performed by the access device 220.  
determining a biometric authentication result by comparing the decrypted biometric template with the decrypted live scan.
Wang in [0064] teaches, after the access device 220 has obtained the reference biometric template 1 10A and the second biometric template, it may compare them as shown in decision block 224. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches a block chain that performs verification of biometric templates by comparing a hashed biometric template stored in a blockchain with one provided by a user device,  with Tulyakov, which teaches that comparisons of hashes of biometric templates may be performed by a client or server / database. One of ordinary skill in the art would have been motivated to perform such a modification to provide the capability for Wang’s blockchain 100 to provide the access device 220 with the hash of the biometric template and perform the comparison of hashes of biometric templates in the access device 220 in order to increase security by sending less cleartext information over a network and preventing a man in the middle attack. (Tulyakov, page 1, paragraph 1)

Regarding claim 15, Wang and Tulyakov teach,
The method of claim 11, wherein the hash of the biometric template received from the decentralized user ledger is previously stored in the decentralized user ledger by the registered device.
Wang in fig. 1, teaches that before the transaction process 202 (lower half of fig. 1) is performed, an enrollment process 102 is performed (upper half of fig. 1). The enrollment process 102 (“is previously stored in the decentralized user ledger”) in S 126 submits a hash to the blockchain 100 (“the hash of the biometric template received from the decentralized user ledger is previously stored”) before the transaction process 202 is performed. (Wang, [0055]) 
	
Regarding claim 16, Wang teaches,
A method for biometric authentication of a user live scan against a biometric template stored on a registered device, by a decentralized computing network comprising a plurality of authentication ledger (AL) processors, each processor comprised of a network-connected computer, the method comprising: receiving, from the registered device: 
Wang in [0007] teaches a portable device (“registered device”) transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”).
Wang in [0050] teaches that the blockchain system 100 may include a computer network that includes a number of nodes (“plurality of authentication ledger (AL) processors, each processor comprised of a network-connected computer”). 
Wang teaches the following,
an encrypted live scan, and a template decryption key for use in decrypting an encrypted biometric template associated with the registered device; 
Wang in [0007] teaches a portable device (“registered device”) that transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”). 
Wang in [0047] teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session, which apply to all of the teachings of Wang, including figs. 1-4. Thus, Wang [0007] and [0047] teach the following underlined features, “an encrypted copy of the biometric template and an encrypted live scan” and decrypting the encrypted biometric template and encrypted live scan. 
Wang teaches the following features, except the underlined features,
receiving, from a decentralized user ledger, the encrypted biometric template previously associated in the decentralized user ledger with the registered device; 
As further discussed below, Wang teaches a blockchain 100 (“decentralized leger”) that receives a hash of a reference biometric template in S 226 of fig. 1., where the blockchain 100 then performs verification of the hash of the reference biometric template. Please see discussion of Wang [0064] and [0066] included below, which more fully discusses S226 of fig. 1 with regards to the hashes of biometric templates.
In contrast, the claim recites that the hash is received from the decentralized user ledger (blockchain). 
Tulyakov teaches the above underlined features,
Tulyakov is directed to matching the hashed features of biometric templates to prevent the need to store biometric templates and instead store hashes of biometric templates. (Tulyakov, page 1, paragraph 1) Tulyakov, in the last sentence of the third paragraph (on the first page) teaches that biometric matching of hashed features instead of the original biometric template, may be performed on the client side or the server / database side. (Tulyakov, page 1, paragraph 3) Thus, one of ordinary skill in the art in view of Tulyakov would modify Wang so that the verification depicted in Steps 226 and 228 that is performed in Blockchain 100 in fig. 1, would instead be performed by the access device 220.  
decrypting the encrypted biometric template using the template decryption key; 
As stated above, Wang in [0047] teaches that the data (e.g., biometrics) are encrypted and decrypted with a session key (“template decryption key”).
decrypting the encrypted live scan; and 
Again, Wang in [0007] teaches that the portable device (“registered device”) transmits: first biometric template (“encrypted biometric template”) associated with a user and a biometric certification token and a biometric of the user (“encrypted live scan”), which is decryptable using the session key discussed in [0047] of Wang.
determining a biometric authentication result by comparing the decrypted biometric template with the decrypted live scan.
	Wang in fig. 1, S 224 “compare biometric” teaches comparing the results. (Wang, [0062])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches a block chain that performs verification of biometric templates by comparing a hashed biometric template stored in a blockchain with one provided by a user device,  with Tulyakov, which teaches that comparisons of hashes of biometric templates may be performed by a client or server / database. One of ordinary skill in the art would have been motivated to perform such a modification to provide the capability for Wang’s blockchain 100 to provide the access device 220 with the hash of the biometric template and perform the comparison of hashes of biometric templates in the access device 220 in order to increase security by sending less cleartext information over a network and preventing a man in the middle attack. (Tulyakov, page 1, paragraph 1)

Claims 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Tulyakov and further in view of Beatson.
	Regarding claim 12, Wang teaches the following except the underlined features,
The method of claim 11, in which the encrypted copy of the biometric template and encrypted live scan are both encrypted using a public encryption key associated with the AL processors, and the step of decrypting the encrypted biometric template and the encrypted live scan comprises decrypting the encrypted biometric template and encrypted live scan using a private encryption key associated with the AL processors.
Wang in [0007] teaches a portable device (“registered device”) that transmits: first biometric template (“biometric template”) associated with a user and a biometric certification token and a biometric of the user (“live scan”). 
Additionally, Wang in [0047] teaches establishing “secure communications” channels, including mutual authentication and use of a session key in establishing an SSL session, which apply to all of the teachings of Wang, including figs. 1-4. 
	Beatson in the second sentence of [0013] teaches encrypting both a biometric sample and a biometric template using a public key, which are used in authentication.
	However, Beatson teaches the underlined features recited above,
Beatson in the second sentence of [0013] teaches encrypting both a biometric sample and a biometric template using a public key, which are used in authentication. Further, the examiner asserts that public key encryption is well known in the art and is also taught by Wang.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel, with Beatson, which teaches using a public key to encrypt both a biometric sample and a biometric template used in biometric authentication. One of ordinary skill in the art would have been motivated to perform such an addition to perform a simple encryption that does not require complicated procedures because the public key does not need to be encrypted. 

Regarding claim 18, Wang, Tulyakov, and Beatson teach,  
The method of claim 16, in which the encrypted live scan is encrypted using a public encryption key associated with the AL processors, and the step of decrypting the encrypted live scan comprises decrypting the encrypted live scan using a private encryption key associated with the AL processors.
Claim 18 is rejected using the same basis of arguments used to reject claim 12 above.

Claims 13-14, 17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang, in view of Tulyakov, and in further view of Roennow.

Regarding claim 13, Roennow teaches,
The method of claim 11, in which the encrypted copy of the biometric template and encrypted live scan are both encrypted by a symmetric encryption key; 
(See also, the rejection of independent claim 1, which relies upon Roennow)
Roennow in [0041] teaches generating, by the client node (“user device”), a session key (“symmetric encryption key”).
the method further comprising: receiving one or more copies of the symmetric encryption key, each encrypted by a public key associated with one or more AL processors; and 
Roennow in [0194] teaches that a single blockchain keeps track of both registered domain names (e.g., web addresses) and server nodes (multiple “AL processors”) to form a plurality of blockchain node layers. Roennow in [0147-148] teaches that each device / node / server 110-130 of fig. 1 is a node of the blockchain 170, and thus, the nodes 110-130 correspond to “a decentralized computing network comprising a plurality of processors.” 
Roennow in [0041] teaches generating, by the client node (“registered device”), a session key (“symmetric encryption key”) encrypting the session key using the domain public key (“public key associated with one or more AL processors”), and transmitting the encrypted session key to the server node / blockchain through an intermediate server (see fig. 1).
decrypting at least one copy of the symmetric encryption key using a private key associated with one or more of the AL processors; and 
wherein the step of decrypting the encrypted biometric template and the encrypted live scan comprises decrypting the encrypted biometric template and the encrypted live scan using the decrypted symmetric encryption key.
Roennow in [0042] teaches decrypting, by the server node, the encrypted session key using a domain private key. Roennow in [0043] teaches utilizing the session key for encrypting data (e.g., biometrics) of the secure communication between the client node and the server node.
Roennow in in [0157], [0160], and [0271] transfers biometric data into the blockchain 170
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel to a blockchain, with Roennow, which teaches establishing encrypted blockchain communications using public keys and session / symmetric keys and passing data between a client and server (blockchain) using the established session key(s), where the data includes biometric data. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to provide the capability to securely pass data, using encryption, between a client and network computers (blockchain) that utilize distributed ledgers by establishing a session by encrypting a shared session / symmetric key with a public key so that the shared session key may be securely shared. 

Regarding claim 14, Roennow teaches,
The method of claim 11, further comprising the preceding step of: 
validating, for the registered device, a public encryption key associated with the AL processors for use in generating the encrypted copy of the biometric template and the encrypted live scan, by querying a certificate authority.
Roennow in the middle of [0133] teaches, “Third, the web server responds by sending over its public key and the certificate that contains information about the website and the Certificate Authority (CA). Fourth, the browser may then check if the certificate is valid or not (this depends on whether the CA can be trusted or not). After verification, the browser sends a one-time session key encrypted with the web server's public key.”
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel to a blockchain, with Roennow, which teaches establishing encrypted blockchain communications using public keys and session / symmetric keys and passing data between a client and server (blockchain) using the established session key(s), where the keys may be verified by a certificate authority. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to authenticate / verify the identity of the nodes / servers 110-130 used to implement a blockchain to increase the security of the servers / nodes in the blockchain.  

Regarding claim 17, Roennow teaches,
The method of claim 16, in which the step of determining a biometric authentication result comprises: 
determining a local matching result by each of said AL processors; 
Roennow in the middle of [0256] teaches comparison of domain information to identify the proper nodes. 
Similarly, Wang in fig. 1 S 224 teaches performing a comparison after the biometric template, used in the comparison, is verified by a blockchain in S226 and S 228.
determining a consensus matching result based upon application of consensus rules to said local matching results; and 
Roennow in [0068-69] teaches a distributed consensus system in a plurality of nodes, such as nodes 110-130 of fig. 1. Roennow in [0138] teaches that the distributed database / blockchain is kept in consensus by strong cryptography. 
reporting the consensus matching result to the registered device.
The examiner interprets this feature corresponding to changing nodes with a system that, instead of distributed consensus, only requires approval from a single device (“user device”). (Roennow, [0310]) In this situation, the single device may have the ability to change node properties and remove nodes.	
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel to a blockchain, with Roennow, which teaches establishing encrypted blockchain communications using public keys and session / symmetric keys and passing data between a client and server (blockchain) using the established session key(s), and also teaches consensus determinations that are made to maintain standards (i.e., the same data) in the blockchain. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to utilize the consensus capabilities of Roennow so that the consistency of the data in the blockchain / distributed ledger is maintained. 

Regarding claim 19, Wang, Tulyakov, and Roennow teach,   
The method of claim 16, in which the encrypted live scan is encrypted by a symmetric encryption key; 
wherein the step of receiving, from the registered device, an encrypted live scan, 
further comprises: receiving one or more copies of the symmetric encryption key, each encrypted by a public key associated with one or more AL processors; and 
decrypting at least one copy of the symmetric encryption key using a private key associated with one or more of the AL processors; and 
wherein the step of decrypting the encrypted live scan is performed using the decrypted symmetric encryption key.
Claim 19 is rejected using the same basis of arguments used to reject claim 13 above.

Regarding claim 20, Roennow teaches,
The method of claim 19, further comprising the preceding step of: validating, for the registered device, the public encryption key associated with one or more AL processors, by querying a certificate authority.
	Roennow in the middle of [0133] teaches, “Third, the web server responds by sending over its public key and the certificate that contains information about the website and the Certificate Authority (CA). Fourth, the browser may then check if the certificate is valid or not (this depends on whether the CA can be trusted or not). After verification, the browser sends a one-time session key encrypted with the web server's public key.”
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wang, which teaches passing both biometric live scan data and biometric template data through an encrypted channel to a blockchain, with Roennow, which teaches establishing encrypted blockchain communications using public keys and session / symmetric keys and passing data between a client and server (blockchain) using the established session key(s), where the keys may be verified by a certificate authority. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to authenticate / verify the identity of the nodes / servers 110-130 used to implement a blockchain to increase the security of the servers / nodes in the blockchain.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495