DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/10/22 has been entered.

Claims 1, 3-8, 10-15 are pending.  Claims 2 and 9 have been cancelled.  Claims 1, 3, 8, 15 have been amended. 

Response to Amendment

Applicant’s amendments to claims 1, 3, 8, 15 have been considered and are accepted.  The Examiner finds that applicant's amendments do have support in applicant's as-filed disclosure.

Response to Arguments

Applicant’s arguments filed 05/10/2022 have been fully considered but they are not persuasive.
Applicant’s arguments regarding the rejections of the claims under the prior art have been fully considered.  However, those arguments are rendered moot in light of the new grounds of rejection outlined below, which were necessitated by the applicant's amendment.


Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 8 and 15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claims 1, 8 and 15 recite the limitations “communicating, with the mobile to an external system”; “communicating, with the mobile device, a second request for the at least one code to an external system or a second external system arranged remote from the client device “. These limitations are unclear as to the entity being communicated with thus rendering the claims indefinite.  Which entity is being communicated with?  Examiner suggests clarifying by using the term ‘using’ instead of ‘with’.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-5, 8, 10-11, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Chakraborty (US Pub. 20180069703 A1) and further in view of Bolle et al. (US Pub. 20040019570 A1).

Chakraborty discloses the following limitations:

1. A computer-implemented method of authenticating biometric inputs on a mobile device (para. 19- As an example and not by way of limitation, biometric identification device 102 may be a computer, server, a laptop, a wireless or cellular telephone, an electronic notebook, a personal digital assistant, a tablet, or any other device capable of receiving, processing, storing, and/or communicating information with other components of authentication system 100.), comprising: 
receiving, on the mobile device, at least one first biometric input from a user (para. 40- Step 306 includes receiving a biometric file. In some embodiments, a biometric file contains biometric identification information of a user that the user wishes to use as a means of authentication (e.g., a fingerprint, retina scan, facial representation, genetic sequence (portion of the user's DNA or representation thereof), etc.; note, per para. 37- the method 300 may be performed in either the biometric identification device or the user device.  Also, the biometric identification device may also equate to the mobile device);
communicating, with the mobile device, to an external system arranged remote from the mobile device, a request for at least one code (para. 38- A key file (i.e. one code), in certain embodiments, may be an image selected by a user or, for example, biometric identification device 102. In other embodiments, the key file may be an audio file or any other suitable file. In certain embodiments, biometric identification device 102 receives one or more key files, e.g., automatically, via a selection algorithm, from a user and/or user device 112 (i.e. request for one code), over a network or from a local database, social media, or through any other suitable means or from any other suitable source (i.e. remote from the mobile device)).
receiving, on the mobile device, the at least one code from the external system in response to the request communicated from the mobile device (para. 38- Step 302 includes receiving a key file. In some embodiments, a key file is a file other than the biometric file containing a user's biometric identification information. In general, the purpose of the key file is to help encrypt a user's biometric identification information during registration and/or authentication); 
generating, with the mobile device, a first biometric code based at least partially on the at least one first biometric input and the at least one code (Fig. 3 and associated paras.  Key file used in generating hash value of biometric file (i.e. generating a first biometric code)); 
storing the first biometric code on the mobile device (para. 46- Step 314 includes storing the hash value. In certain embodiments, the hash value may be stored as a part of registering a user's biometric identification information (e.g., in the form of the hash value), which may also be used for future authentication of a user trying to access the system. For example, the hash value may be stored on or by biometric identification device 102, such as in storage 106. In some embodiments, the hash value is stored (e.g., on or by user device 112, such as in storage 116) and used for authentication); 
deleting, with the mobile device, the at least one code from the mobile device (para. 46- In particular embodiments, once the hash value has been stored, some or all of the biometric file, the key file, and any numerical representation (and any intermediate step thereof) may be deleted, which may increase the security of the system. For example, once biometric identification device 102 determines and stores the hash value, it may delete some or all information used to create the hash value.)
prompting, with the mobile device, the user to provide at least one second biometric input (para. 63- step 506 includes receiving a biometric file. Step 506 may be similar or identical to step 306 in some embodiments. In certain embodiments, a biometric file may be received for use in authenticating a user 120 (who may already be registered) or user device 112 (which may already be registered). For example, user device 112 may scan user 120′s fingerprint or iris and convert it to a biometric file for use in authentication of the user or user device.; Note- official notice is taken of prompting a user to provide biometric input);
receiving, on the mobile device, the at least one second biometric input from the user (para. 63- step 506 includes receiving a biometric file. Step 506 may be similar or identical to step 306 in some embodiments. In certain embodiments, a biometric file may be received for use in authenticating a user 120 (who may already be registered) or user device 112 (which may already be registered). For example, user device 112 may scan user 120′s fingerprint or iris and convert it to a biometric file for use in authentication of the user or user device.; Note- official notice is taken of prompting a user to provide biometric input);
after receiving the at least one second biometric input, communicating, with the mobile device, a second request for the at least one code to an external system or a second external system arranged remote from the mobile device (para. 61- Step 502 includes receiving a key file. Step 502 may be similar or identical to step 302 in some embodiments. In certain embodiments, a key file may be received for use in authenticating a user 120 (who may already be registered) or user device 112 (which may already be registered). For example, user 120 may select (from the Internet, user device 112, or any other source (i.e. remote external system)) a key file for authentication that matches (e.g., is the same or similar to) a key file used during registration. As an example, a user 120 may select, using user device 112, a favorite image or sound file that matches an image or sound file chosen as a key file during registration. In certain embodiments, user device 112 may receive one or more of the key file(s) sent from a portion or component of the system being accessed (e.g., biometric identification device 102), where, for example, the one or more key file(s) were stored by biometric identification device 102 during registration. User device 112 may, in an example embodiment, receive one or more key file(s) selected randomly (e.g., by biometric identification device 102 or user device 112) from a set of key files used during registration (i.e. request for one code). The key file under this step may be received from any suitable source via any suitable method.);
receiving, on the mobile device, the at least one code from the external system or the second external system in response to the second request communicated from the mobile device (para. 61- Step 502 includes receiving a key file. Step 502 may be similar or identical to step 302 in some embodiments. In certain embodiments, a key file may be received for use in authenticating a user 120 (who may already be registered) or user device 112 (which may already be registered). For example, user 120 may select (from the Internet, user device 112, or any other source) a key file for authentication that matches (e.g., is the same or similar to) a key file used during registration. As an example, a user 120 may select, using user device 112, a favorite image or sound file that matches an image or sound file chosen as a key file during registration. In certain embodiments, user device 112 may receive one or more of the key file(s) sent from a portion or component of the system being accessed (e.g., biometric identification device 102), where, for example, the one or more key file(s) were stored by biometric identification device 102 during registration. User device 112 may, in an example embodiment, receive one or more key file(s) selected randomly (e.g., by biometric identification device 102 or user device 112) from a set of key files used during registration. The key file under this step may be received from any suitable source via any suitable method.);
generating, with the mobile device, a second biometric code based at least partially on the at least one second biometric input and the at least one code (Fig. 5 and associated paras., especially 502-514); 
comparing, with the mobile device, the first biometric code stored on the mobile  with the second biometric code (para. 34-or example, matching engine 206 may compare the hash value stored by the hashing engine 204 with a second hash value sent to biometric identification device 102 (e.g., from user device 112) for authentication.) ;
determining, with the mobile device, that the first biometric code matches the second biometric code (para. 34- As an example, matching engine 206 may find a difference between the stored hash value and the second hash value and determine whether the difference is below or above a certain threshold value, which in some embodiments may assist in determining whether the second hash value is close enough to the stored hash value in order for matching engine 206 to authenticate the user or user device that sent the second hash value.); and 
in response to determining that the first biometric code matches the second biometric code, authenticating the user with the mobile device (para. 34- As an example, matching engine 206 may find a difference between the stored hash value and the second hash value and determine whether the difference is below or above a certain threshold value, which in some embodiments may assist in determining whether the second hash value is close enough to the stored hash value in order for matching engine 206 to authenticate the user or user device that sent the second hash value.),
generating, with the mobile device, an authentication message and communicating the authentication message to the transaction processing server.(para. 34- Matching engine 206, in certain embodiments, may also send messages regarding whether the second hash value is authenticated or not, for example via communication component 108 to user device 112.)
	Chakraborty does not specifically disclose initiating, with the client device, a transaction with a transaction processing server. However, this concept is well known and used in the art as evidenced by Bolle (see Fig. 18, para. 113) and therefore, one skilled in the art would have found it obvious to utilize it in Chakraborty as a simple alternative to achieve the desirable effect of ensuring that transactions can be safely approved based on user authentication.

Regarding claim 3, Bolle discloses in the computer-implemented method of claim 1, wherein the transaction comprises a payment transaction, and wherein initiating the transaction comprises: generating, with the mobile device, a transaction message; and communicating the transaction message to a transaction processing system. (para. 113- In either case, after verifying the distorted biometrics against the record for user ID.sub.1, authorization server 1702 sends a match acknowledgment to 1704, the server of the financial institute. The finance server examines the response from the authentication server, the transaction request and user ID.sub.2 to decide if it can safely approve the transaction. It then communicates to the merchant either an approval or rejection notice for the transaction)

Regarding claim 4, Bolle discloses in the computer-implemented method of claim 1, wherein the transaction comprises granting access to a facility, and wherein initiating the transaction comprises communicating an access signal to an electronic access device at the facility, the access signal configured to cause the electronic access device to unlock. (para. 118- Other functions that can be authenticated and/or authorized by the invention include: providing a service, executing a contract, closing a sale, submitting a bid, submitting an account number (an authorization, an identification, and/or a reservation request), making a purchase, providing a quote, allowing an access to a physical structure)

Regarding claim 5, the combination of Chakraborty and Bolle discloses the computer-implemented method of claim 1, wherein the transaction comprises granting access to a system, and wherein initiating the transaction comprises at least one of the following: communicating an access signal to a server, communicating an access signal to a local computer, communicating user credentials to a server, communicating user credentials to a local computer, communicating an access signal to an electronic access device, or any combination thereof.(Chakraborty- para. 14, Bolle- para. 118- allowing an access to a physical structure, allowing an access to a financial account, providing an authority to manipulate a financial account, providing an access to a database, providing access to information, making a request for a privilege, making a request for a network service, providing an offer for a network service, facilitating an auction, and authorizing an enrollment.; para. 113- after verifying the distorted biometrics against the record for user ID.sub.1, authorization server 1702 sends a match acknowledgment to 1704, the server of the financial institute. The finance server examines the response from the authentication server, the transaction request and user ID.sub.2 to decide if it can safely approve the transaction. It then communicates to the merchant either an approval or rejection notice for the transaction)

Regarding claim 6, Chakraborty discloses in the computer-implemented method of claim 1, wherein the first biometric code is generated by hashing the at least one first biometric input with the at least one code, and wherein the second biometric code is generated by hashing the at least one second biometric input with the at least one code. (para. 32- For example, hashing engine 204 may covert the superimposed numerical representation into a hash value as described)

Regarding claim 7, Bolle discloses in the computer-implemented method of claim 1, wherein the user is associated with a unique identifier, and wherein the at least one code is selected from a plurality of codes based at least partially on the unique identifier. (para. 111- First, in step 1510 the user supplies his alleged identification to the system. The system uses this to lookup up the appropriate distortion 1520 from database 1400 (as registered during enrollment). Then a biometric inputs signal is requested and acquired 1530 and the specified distortion 1540 is applied)

Regarding claims 8, 10-14, they are rejected as applied to claims 1, 2-7 because a corresponding system would have been necessitated to carry forth the method steps of claim 1-7.  The applied prior art also discloses the corresponding architecture.  

Regarding claim 15, it merely recites a computer program that when executed, performs the functional steps of method claim 1, and thus, rejected for the same rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM A CORUM JR whose telephone number is (303)297-4234. The examiner can normally be reached Mon. - Fri. 8 AM - 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WILLIAM A CORUM JR/Examiner, Art Unit 2433          

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433