DETAILED ACTION
This action is in response to the amendment filed on March 24, 2022. Claims 1-20 are pending. Of which, Claims 1, 9, and 17 have been amended. Claims 1-8 represent a method, claims 9-16 represent an apparatus, and claims 17-20 represent a non-transitory storage medium directed to authentication information transmission.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
	Applicant’s arguments filed on March 24, 2022 have been fully considered but they are not persuasive.
	With respect to the applicant’s argument in claim 1 “the computing device comprising a hardware abstract layer”. The examiner respectfully disagrees that Kamal fails to teach this limitation. According to Wikipedia, the definition of a hardware abstraction layer is a layer that allows communication between software and hardware components (https://en.wikipedia.org/wiki/Hardware_abstraction). Kamal discloses in ¶ 32 “The computing device 200 may also include a communication module 204. The communication module 204 may be configured to transmit data between modules, engines, databases, memories, and other components of the computing device 200 for use in performing the functions discussed herein, such as transmitting data between the application programs stored in the various sections of memory in the computing device 200.“ The communication module transmits data between the computing device as would a device with a hardware abstraction layer. 
	With respect to the applicant’s argument in claim 1 “Receiving by the key management client through a path via a hardware abstract layer interface of the hardware abstract layer”. The examiner respectfully disagrees that Kamal fails to teach this limitation. Kamal discloses in ¶ 21  the biometric application program (performing the duties of a key management client) can transmit the biometric template to a validation application program using internal communication methods of the computing device. 
With respect to applicant’s arguments in claim 1, specifically with the addition of the “Wherein the key management client is registered in the hardware abstract layer”. The examiner respectfully disagrees that Kamal fails to teach this limitation. Kamal discloses in ¶ 21  the biometric application program (performing the duties of a key management client) can transmit the biometric template to a validation application program using internal communication methods of the computing device. 
	With respect to applicant’s arguments in claim 1, specifically with the addition of the “establishment of the path does not repeat following a system update of the computing device”, in view of Kamal et al. have been fully considered and are persuasive. Kamal does not disclose a path that does not repeat after a system update. Therefore, the § 102 rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Woodmansee et al. (US Publication Number 20180331918).
Specification
	The objection to the disclosure for informalities is withdrawn in light of the amendments to the abstract. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 7, 9-10, 15, and 17-18 are rejected under 35 U.S.C. 103 as being anticipated by Kamal, US Patent Application Publication 2018/0053005 A1, in view of  Woodmansee et al. (US Publication Number 20180331918), hereinafter referred to as Woodmansee.
Regarding Claim 1, Kamal discloses:
A method for authentication information transmission, performed by a computing device hosting a key management client, the computing device comprising a hardware abstract layer, and the method comprising (In ¶ 6, Kamal discloses “The present disclosure provides a description of systems and methods for device based biometric authentication. An encrypted biometric template is stored in a computing device...” in ¶ 32, Kamal further discloses “The computing device 200 may also include a communication module 204. The communication module 204 may be configured to transmit data between modules, engines, databases, memories, and other components of the computing device 200 for use in performing the functions discussed herein, such as transmitting data between the application programs stored in the various sections of memory in the computing device 200”) 
by the key management client through a path via a preset hardware abstract layer interface of the hardware abstract layer, authentication information transmitted by an application client running in the computing device and associated with an application server (In ¶ 40, Kamal discloses “…the third party application program may electronically transmit a request for biometric registration to the biometric application program (e.g., via the communication module of the computing device” Where the third-party application program corresponds to the application client and the biometric application program performs the functions of the key management client and server. In ¶ 21, Kamal further discloses “In other embodiments, the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”) ; 
wherein the key management client is registered in the hardware abstract layer (In ¶ 21, Kamal further discloses “In other embodiments, the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”) ; 
transmitting, by the key management client, the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in a trusted execution environment in the computing device (In ¶ 8, Kamal discloses “wherein the second memory is a trusted execution environment and the second application program is configured to receive a validation request submitted by the first application program” Where the second application program corresponds to the trusted application);
obtaining, by the key management client, authentication information signed by the trusted application and forwarded by the key management server transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information (In ¶ 27, Kamal discloses “...In some instances, the (verification) result may be passed to a third party application program for which the authentication may be performed...”).
However, Kamal does not explicitly disclose the path does not repeat following a system update of the computing device. 
Woodmansee discloses:
An establishment of the path does not repeat following a system update of the computing device (In ¶ 102 Woodmansee discloses “During the upgrade/update time, existing sessions are maintained and are not negatively affected by the upgrading/updating of the virtualization system 500. This is the case since, as seen in FIG. 5, once a virtual session between user device 501 and machine 532 has been set up and is operational, a direct connection 557 between user device 501 and machine 532 is set up and fully operational, and any updates to the virtualization system 500 that helped set up the direct connection 557 does not affect the connectivity between user device 501 and machine 532”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Woodmansee’s approach of a non-repeating path after a system update as the motivation would be to reduce the burden on the user to re-establish a session between the device and the system  (See Woodmansee ¶ 4).
Regarding Claim 2, the combination of Kamal and Woodmansee disclose:
The method according to claim 1, wherein before transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server, the method further comprises: obtaining, by the key management client, a signature key value of the application server transmitted by the key management server, the signature key value being generated by the trusted application (In ¶ 47, Kamal discloses “the validation application program may validate the digital signature used to sign the verification request. The validation may use the public key that corresponds to the key used to sign the verification request, and may validate the signature using traditional methods and systems related thereto as will be apparent to persons having skill in the relevant art”);
and transmitting, by the key management client, the signature key value to the application server through the preset hardware abstract layer interface (In ¶ 27, Kamal discloses “The verification application program may provide the result of the verification back to the validation application program to pass on to the biometric application program”).
Regarding Claim 7, the combination of Kamal and Woodmansee disclose:
	The method according to claim 1, further comprising: receiving, by the key management client through the preset hardware abstract layer interface, an identifier of the application client corresponding to the authentication information transmitted by the application client, wherein before transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client, the method further comprises determining, by the key management client according to the identifier of the application client, a target application server corresponding to the application client (In ¶ 40, Kamal discloses “the third party application program 110 may electronically transmit a request for biometric registration to the biometric application program 102 (e.g., via the communication module 204 of the computing device 102). The request for biometric registration may include a unique identifier or other value for associated with the biometric data for use in later authentications”).
Regarding Claim 9, the combination of Kamal and Woodmansee disclose:
An apparatus for authentication information transmission, the apparatus hosting a key management client and comprising a hardware abstract layer, and, the apparatus further comprising a memory for storing computer instructions and a processor in communication with the memory (In ¶ 6, Kamal discloses “The present disclosure provides a description of systems and methods for device based biometric authentication. An encrypted biometric template is stored in a computing device...” in ¶ 32, Kamal further discloses “The computing device 200 may also include a communication module 204. The communication module 204 may be configured to transmit data between modules, engines, databases, memories, and other components of the computing device 200 for use in performing the functions discussed herein, such as transmitting data between the application programs stored in the various sections of memory in the computing device 200”), wherein, when the processor executes the instructions, the processor is configured to cause the key management client to: receive through a path via a preset hardware abstract layer interface of the hardware abstract layer, authentication information transmitted by an application client running in the apparatus and associated with an application server (In ¶ 40, Kamal discloses “…the third party application program may electronically transmit a request for biometric registration to the biometric application program (e.g., via the communication module of the computing device” Where the third-party application program corresponds to the application client and the biometric application program performs the functions of the key management client and server. In ¶ 21, Kamal further discloses “In other embodiments, the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”) ;
wherein the key management client is registered in the hardware abstract layer (In ¶ 21, Kamal further discloses “In other embodiments, the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”) ;
transmit the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in a trusted execution environment in the apparatus (In ¶ 8, Kamal discloses “wherein the second memory is a trusted execution environment and the second application program is configured to receive a validation request submitted by the first application program” Where the second application program corresponds to the trusted application);
obtain authentication information signed by the trusted application and forwarded by the key management server; and transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information (In ¶ 27, Kamal discloses “...In some instances, the (verification) result may be passed to a third party application program for which the authentication may be performed...”).
However, Kamal does not explicitly disclose the path does not repeat following a system update of the computing device. 
Woodmansee discloses:
An establishment of the path does not repeat following a system update of the computing device (In ¶ 102 Woodmansee discloses “During the upgrade/update time, existing sessions are maintained and are not negatively affected by the upgrading/updating of the virtualization system 500. This is the case since, as seen in FIG. 5, once a virtual session between user device 501 and machine 532 has been set up and is operational, a direct connection 557 between user device 501 and machine 532 is set up and fully operational, and any updates to the virtualization system 500 that helped set up the direct connection 557 does not affect the connectivity between user device 501 and machine 532”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Woodmansee’s approach of a non-repeating path after a system update as the motivation would be to reduce the burden on the user to re-establish a session between the device and the system  (See Woodmansee ¶ 4).
 Regarding Claim 10, the combination of Kamal and Woodmansee disclose:
The apparatus according to claim 9, wherein, before the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, the processor is configured to further cause the key management client to: obtain a signature key value of the application server transmitted by the key management server, the signature key value being generated by the trusted application (In ¶ 47, Kamal discloses “the validation application program may validate the digital signature used to sign the verification request. The validation may use the public key that corresponds to the key used to sign the verification request, and may validate the signature using traditional methods and systems related thereto as will be apparent to persons having skill in the relevant art”);
and transmit the signature key value to the application server through the preset hardware abstract layer interface (In ¶ 27, Kamal discloses “The verification application program may provide the result of the verification back to the validation application program to pass on to the biometric application program”).
Regarding Claim 15, the combination of Kamal and Woodmansee disclose:
The apparatus according to claim 9, wherein, when the processor executes the instructions, the processor is configured to further cause the key management client to: receive, through the preset hardware abstract layer interface, an identifier of the application client corresponding to the authentication information transmitted by the application client (In ¶ 40, Kamal discloses “the third party application program 110 may electronically transmit a request for biometric registration to the biometric application program 102 (e.g., via the communication module 204 of the computing device 102). The request for biometric registration may include a unique identifier or other value for associated with the biometric data for use in later authentications”) wherein, before the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client, the processor is configured to further cause the key management client to: determine, according to the identifier of the application client, a target application server corresponding and wherein, when the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client, the processor is configured to cause the key management client to: transmit through the preset hardware abstract layer interface, the signed authentication information to the target application server (In ¶ 27, Kamal discloses “The verification application program may provide the result of the verification back to the validation application program to pass on to the biometric application program”).
Regarding Claim 17, Kamal discloses:
A non-transitory storage medium for storing computer readable instructions, the computer readable instructions, when executed by a processor in a computing device hosting a key management client and comprising a hardware abstract layer (In ¶ 6, Kamal discloses “The present disclosure provides a description of systems and methods for device based biometric authentication. An encrypted biometric template is stored in a computing device...” in ¶ 32, Kamal further discloses “The computing device 200 may also include a communication module 204. The communication module 204 may be configured to transmit data between modules, engines, databases, memories, and other components of the computing device 200 for use in performing the functions discussed herein, such as transmitting data between the application programs stored in the various sections of memory in the computing device 200”), causing the key management client to: receive through a path via a preset hardware abstract layer interface of the hardware abstract layer, authentication information transmitted by an application client running in the computing device and associated with an application server (In ¶ 40, Kamal discloses “…the third party application program may electronically transmit a request for biometric registration to the biometric application program (e.g., via the communication module of the computing device” Where the third-party application program corresponds to the application client and the biometric application program performs the functions of the key management client and server. In ¶ 21, Kamal further discloses “In other embodiments, the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”) ;
wherein the key management client is registered in the hardware abstract layer (In ¶ 21, Kamal further discloses “In other embodiments, the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”) ;
transmit the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in a trusted execution environment in the computing device (In ¶ 8, Kamal discloses “wherein the second memory is a trusted execution environment and the second application program is configured to receive a validation request submitted by the first application program” Where the second application program corresponds to the trusted application);
obtain authentication information signed by the trusted application and forwarded by the key management server and transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information. (In ¶ 27, Kamal discloses “...In some instances, the (verification) result may be passed to a third party application program for which the authentication may be performed...”).
However, Kamal does not explicitly disclose the path does not repeat following a system update of the computing device. 
Woodmansee discloses:
An establishment of the path does not repeat following a system update of the computing device (In ¶ 102 Woodmansee discloses “During the upgrade/update time, existing sessions are maintained and are not negatively affected by the upgrading/updating of the virtualization system 500. This is the case since, as seen in FIG. 5, once a virtual session between user device 501 and machine 532 has been set up and is operational, a direct connection 557 between user device 501 and machine 532 is set up and fully operational, and any updates to the virtualization system 500 that helped set up the direct connection 557 does not affect the connectivity between user device 501 and machine 532”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Woodmansee’s approach of a non-repeating path after a system update as the motivation would be to reduce the burden on the user to re-establish a session between the device and the system  (See Woodmansee ¶ 4).
Regarding Claim 18, the combination of Kamal and Woodmansee disclose:
The non-transitory storage medium according to claim 17, wherein, before the computer readable instructions cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, the computer readable instructions further cause the key management client to: obtain a signature key value of the application server transmitted by the key management server, the signature key value being generated by the trusted application (In ¶ 47, Kamal discloses “the validation application program may validate the digital signature used to sign the verification request. The validation may use the public key that corresponds to the key used to sign the verification request, and may validate the signature using traditional methods and systems related thereto as will be apparent to persons having skill in the relevant art”);
and transmit the signature key value to the application server through the preset hardware abstract layer interface (In ¶ 27, Kamal discloses “The verification application program may provide the result of the verification back to the validation application program to pass on to the biometric application program”).
Claims 3-6, 8, 11-14, 16 and 19-20 are rejected under 35 U.S.C. 103 as being anticipated by Kamal, US Patent Application Publication 2018/0053005 A1, in view of  Woodmansee et al. (US Publication Number 20180331918), hereinafter referred to as Woodmansee, in further view of Kamal et al. (US 20170061441 A1), hereinafter referred to as Kamal et al.
Regarding Claim 3, the combination of Kamal and Woodmansee teach all the elements of the current invention as detailed with respect to claim 1 as referenced above. 
However, the combination of Kamal and Woodmansee does not explicitly disclose a link path between the key management client and server. 
Kamal et al. discloses wherein before transmitting, by the key management client, the authentication information to the key management server, the method further comprises: establishing, by the key management client, a link path between the key management client and the key management server in a hardware abstract layer in the computing device (In ¶ 41, Kamal et al. disclose “in some implementations the authenticator API 206 is also an abstraction layer abstracting calling parties from the low level hardware features of the biometric sensor(s) making the development and interaction seamless” where the authenticator API performs the functionality of the key management server and client).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of establishing a link path for the key management components as the motivation would be to make the interaction and communication between the biometric sensors and authentication components seamless (See Kamal et al. ¶ 41).
Regarding Claim 4, the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The method according to claim 3, wherein: the hardware abstract layer comprises an interface layer between an operating system kernel and a hardware circuit that is capable of interacting with the operating system kernel and the hardware circuit directly; and the key management client and the key management server are persistently pre-registered in the hardware abstract layer (In ¶ 54, Kamal et al. disclose “The captured biometric user data may then be encrypted and transmitted on a secure authenticated channel 409 by the biometric sensor(s) 408 to the matching application 412 which is running in the trusted execution environment (TEE)”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of establishing a link path for the key management components as the motivation would be to make the interaction and communication between the biometric sensors and authentication components seamless (See Kamal et al. ¶ 41).
Regarding Claim 5, the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The method according to claim 4, wherein the link path comprises an interface defined by using a hardware abstract layer interface definition language (In ¶ 70, Kamal discloses “The program code may be source code written in a programming language that is translated into a lower level language, such as assembly language or machine code, for execution by the processor device”).
Regarding Claim 6, the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The method according to claim 4, wherein transmitting, by the key management client, the authentication information to the key management server comprises: encapsulating, by the key management client, the authentication information as a hardware abstract layer interface instruction; and transmitting, by the key management client, the hardware abstract layer interface instruction to the key management server through the link path (In ¶ 20-21, Kamal discloses “The biometric application program 102 may also be configured to generate biometric templates. Biometric templates may be generated based on biometric data that is read from a user of the computing device 200…. the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”).
Regarding Claim 8, the combination of Kamal and Woodmansee teach all the elements of the current invention as detailed with respect to claim 1 as referenced above. 
However, the combination of Kamal and Woodmansee does not explicitly disclose an identifier that is sent to the application. 
Kamal et al. discloses wherein before receiving, by the key management client through the preset hardware abstract layer interface, the authentication information transmitted by the application client, the method further comprises: transmitting, by the key management client, an identifier of the preset hardware abstract layer interface to the application client (In ¶ 30, Kamal et al. disclose “The registration request message may be transmitted via a communications network, such as the Internet, to a FIDO server (or other type of server computer) of a payment processing network to initiate the registration of the consumer mobile device and/or user” where the registration request message sent to the user corresponds to the identifier”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of transmitting an identifier to the application client as the motivation would be to initiate the registration of the consumers mobile device to begin the authentication process. (See Kamal et al. ¶ 30).
Regarding Claim 11, the combination of Kamal and Woodmansee teach all the elements of the current invention as detailed with respect to claim 9 as referenced above. 
However, the combination of Kamal and Woodmansee does not explicitly disclose a link path between the key management client and server. 
Kamal et al. discloses wherein before the processor is configured to cause the key management client to transmit the authentication information to the key management server, the processor is configured to further cause the key management client to: establish a link path between the key management client and the key management server in a hardware abstract layer in the apparatus (In ¶ 41, Kamal et al. disclose “in some implementations the authenticator API 206 is also an abstraction layer abstracting calling parties from the low level hardware features of the biometric sensor(s) making the development and interaction seamless” where the authenticator API performs the functionality of the key management server and client).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of establishing a link path for the key management components as the motivation would be to make the interaction and communication between the biometric sensors and authentication components seamless (See Kamal et al. ¶ 41).
Regarding Claim 12, , the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The apparatus according to claim 11, wherein: the hardware abstract layer comprises an interface layer between an operating system kernel and a hardware circuit that is capable of interacting with the operating system kernel and the hardware circuit directly; and the key management client and the key management server are persistently pre-registered in the hardware abstract layer. (In ¶ 54, Kamal et al. disclose “The captured biometric user data may then be encrypted and transmitted on a secure authenticated channel 409 by the biometric sensor(s) 408 to the matching application 412 which is running in the trusted execution environment (TEE)”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of establishing a link path for the key management components as the motivation would be to make the interaction and communication between the biometric sensors and authentication components seamless (See Kamal et al. ¶ 41).
Regarding Claim 13, the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The apparatus according to claim 12, wherein the link path comprises an interface defined by using a hardware abstract layer interface definition language. (In ¶ 70, Kamal discloses “The program code may be source code written in a programming language that is translated into a lower level language, such as assembly language or machine code, for execution by the processor device”).
Regarding Claim 14, the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The apparatus according to claim 12, wherein, when the processor is configured to cause the key management client to transmit the authentication information to the key management server, the processor is configured to cause the key management client to: encapsulate the authentication information as a hardware abstract layer interface instruction; and transmit the hardware abstract layer interface instruction to the key management server through the link path. (In ¶ 20-21, Kamal discloses “The biometric application program 102 may also be configured to generate biometric templates. Biometric templates may be generated based on biometric data that is read from a user of the computing device 200…. the biometric application program 102 may electronically transmit the biometric template to a validation application program 104 using internal communication methods of the computing device 200”).
Regarding Claim 16, the combination of Kamal and Woodmansee teach all the elements of the current invention as detailed with respect to claim 9 as referenced above. 
However, the combination of Kamal and Woodmansee does not explicitly disclose an identifier that is sent to the application. 
Kamal et al. discloses wherein before the processor is configured to cause the apparatus to receive through the preset hardware abstract layer interface, the authentication information transmitted by the application client, the processor is configured to further cause the key management client to: transmit an identifier of the preset hardware abstract layer interface to the application client (In ¶ 30, Kamal et al. disclose “The registration request message may be transmitted via a communications network, such as the Internet, to a FIDO server (or other type of server computer) of a payment processing network to initiate the registration of the consumer mobile device and/or user” where the registration request message sent to the user corresponds to the identifier”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of transmitting an identifier to the application client as the motivation would be to initiate the registration of the consumers mobile device to begin the authentication process. (See Kamal et al. ¶ 30).
Regarding Claim 19, the combination of Kamal and Woodmansee teach all the elements of the current invention as detailed with respect to claim 17 as referenced above. 
However, the combination of Kamal and Woodmansee does not explicitly disclose a link path between the key management client and server. 
Kamal et al. discloses wherein before the computer readable instructions cause the key management client to transmit the authentication information to the key management server, the computer readable instructions further cause the key management client to: establish a link path between the key management client and the key management server in a hardware abstract layer in the computing device (In ¶ 41, Kamal et al. disclose “in some implementations the authenticator API 206 is also an abstraction layer abstracting calling parties from the low level hardware features of the biometric sensor(s) making the development and interaction seamless” where the authenticator API performs the functionality of the key management server and client).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of establishing a link path for the key management components as the motivation would be to make the interaction and communication between the biometric sensors and authentication components seamless (See Kamal et al. ¶ 41).
Regarding Claim 20, the combination of Kamal and Woodmansee teach in view of Kamal et al. disclose:
The non-transitory storage medium according to claim 19, wherein: the hardware abstract layer comprises an interface layer between an operating system kernel and a hardware circuit that is capable of interacting with the operating system kernel and the hardware circuit directly; the key management client and the key management server are persistently pre-registered in the hardware abstract layer (In ¶ 54, Kamal et al. disclose “The captured biometric user data may then be encrypted and transmitted on a secure authenticated channel 409 by the biometric sensor(s) 408 to the matching application 412 which is running in the trusted execution environment (TEE)”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to utilize Kamal et al. approach of establishing a link path for the key management components as the motivation would be to make the interaction and communication between the biometric sensors and authentication components seamless (See Kamal et al. ¶ 41).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/SHADI H KOBROSLI/               Examiner, Art Unit 2492                                                                                                                                                                                         
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492