Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This communication is in response to the application filed on 09/29/2020 in which Claims 1-20 are presented for examination.

Drawings
The applicant’s drawings submitted on 09/29/2020 are acceptable for examination purposes. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Agrawal (U.S. Patent Application Publication 20210217013 A1) in view of Poo (US 8171309 B1) 
As to claim 1, Agrawal teaches a security access control module configured to convert biometric authentication data received from a biometric module into security configuration data having a data format according to a security standard protocol (Agrawal Pa. [0093]) [(b) verifying the series of biometric data; (c) converting, by the computing device, the series of biometric data to an actual person identification number (PIN), the actual PIN including a series of characters]  
[0043] [When the fingerprint data is verified, the authentication engine 120 is configured to convert and/or map the fingerprint data to the associated PIN, as stored in the data structure 122, and to append the associated PIN in the authorization request], and configured to perform, based on the security configuration data, at least one of authority registration and authority authentication of a user authority (Agrawal Pa. [0027]) [as part of the registration request, or enrollment, the consumer 114 provides to the authentication engine 120 his/her registry identifier for the registry 110 (as assigned by the authority responsible for the registry 110, etc.), along with an assignment of a particular desired character for each biometric desired to be used by the consumer 114 in his/her biometric PIN. The assignment may include, for example, an assignment of a number to each fingerprint to be provided by the consumer 114 in connection with the registration (e.g., to each fingerprint provided by the consumer 114 to the authentication engine 120 via a fingerprint scanner at a computing device 200 associated with the consumer]
It is noted that Agrawal does not appear explicitly disclose a memory controller for controlling a nonvolatile memory, the memory controller comprising: the user authority being set for an access control of a secure area of the nonvolatile memory, encrypted user data being stored in the secure area; and a data processing unit configured to, based on an access to the secure area being permitted, encrypt user data received from a host device or decrypt the encrypted user data read from the secure area.  
However, Poo discloses a memory controller for controlling a nonvolatile memory, the memory controller comprising (Poo Col. 2, Pages 63-67) [secure memory controlled access provide a memory controller that includes controller firmware which is isolated from secure crypto firmware that manages cryptographically sensitive data and operations for the security of data stored on a memory drive, such as a disk drive or a flash memory drive]: the user authority being set for an access control of a secure area of the nonvolatile memory, encrypted user data being stored in the secure area (Poo Col. 2, Pages 3-7) [a memory control system includes memory that stores encrypted data and the memory includes a secure memory partition to store cryptographically sensitive data utilized to control access to the encrypted data stored on the memory; and a data processing unit configured to, based on an access to the secure area being permitted (Poo Fig. 4 Col. 8, Pages 34-46) [At block 404, encrypted data stored on memory is accessed with the controller firmware. For example, the controller firmware 112 (FIG. 1) accesses the encrypted data 104 stored on memory 102. At block 406, cryptographically sensitive data stored on a secure memory partition of the memory is accessed with the secure firmware], 
encrypt user data received from a host device or decrypt the encrypted user data read from the secure area (Poo Col. 3, Pages 3-4) [The controller firmware can access encrypted data that is stored on the memory]
Thus, before the effective filing date of the claimed invention, the combination of the fraud detection system of from Poo into the disclosure of Agrawal constitutes the combination of prior art elements according to known methods to yield predictable results and would have been obvious to one of ordinary skill in the art at the time of invention.
As to claim 2, Agrawal teaches wherein the security access control module is further configured to determine, based on the biometric authentication data, field values of a feature set according to the security standard protocol with respect to the user authority (Agrawal Pa. [0043]) [the authentication engine 120 and/or the payment network 106 may be configured to further append a biometric authentication indicator to the authorization request (e.g., at DE 48, sub-element 17, etc.) having a value of “1” or “2” (or some other suitable value or indicator) to indicate that biometric authentication has been performed] 

As to claim 3, Agrawal teaches wherein the feature set corresponds to at least one of a plurality of security providers of a trusted computing group (Agrawal Pa. [0023]) [person may provide his/her registry identifier in connection with requesting services from a desired provider]

As to claim 4, the combination of Agrawal and Poo teaches wherein the security configuration data is implemented by a 512-byte data block according to the security standard protocol (Poo Col. 1 Lines 52]) [Access an encrypted data block, note: data block can be any size including 512 byte]
Thus, before the effective filing date of the claimed invention, the combination of the fraud detection system of from Poo into the disclosure of Agrawal constitutes the combination of prior art elements according to known methods to yield predictable results and would have been obvious to one of ordinary skill in the art at the time of invention.

As to claim 5, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to perform the authority authentication based on the biometric authentication data to open a session (Agrawal Pa. [0027]) [provides to the authentication engine 120 his/her registry identifier for the registry 110 (as assigned by the authority responsible for the registry 110, etc.)], set lock and/or unlock of the secure area of the nonvolatile memory through the session (Poo Col. 4 Lines 10-19]) [access control settings for locking security partitions to access logical block addressing on a disk drive, solid state drive, or other type memory drive; a locking table of the access control settings for the locking security partitions], and set master boot record shadowing (Poo Col. 4 Lines 4-9]) [During a boot-up process, the secure firmware 116 is loaded into the secure memory partition 106, and is not accessible by the controller firmware 112 or any other non-secure firmware 114]
Thus, before the effective filing date of the claimed invention, the combination of the fraud detection system of from Poo into the disclosure of Agrawal constitutes the combination of prior art elements according to known methods to yield predictable results and would have been obvious to one of ordinary skill in the art at the time of invention.
  
As to claim 6, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to, based on a storage device being connected to the host device, transmit an authentication trigger signal to the biometric module and perform the authority authentication 37based on the biometric authentication data received from the biometric module (Poo Col. 5 Lines 45-49]) [The host device credentials can be received during an authentication process and compared, or otherwise checked against, a corresponding credential stored on the secure memory partition 106.]
Thus, before the effective filing date of the claimed invention, the combination of the fraud detection system of from Poo into the disclosure of Agrawal constitutes the combination of prior art elements according to known methods to yield predictable results and would have been obvious to one of ordinary skill in the art at the time of invention.

As to claim 7, the combination of Agrawal and Poo teaches wherein the biometric authentication data comprises a biometric authentication result and a unique value based on biometric data of a user (Agrawal Pa. [0043]) [the authentication engine 120 and/or the payment network 106 may be configured to further append a biometric authentication indicator to the authorization request (e.g., at DE 48, sub-element 17, etc.) having a value of “1” or “2” (or some other suitable value or indicator) to indicate that biometric authentication has been performed] 


As to claim 8, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to, based on the authority authentication being successful (Agrawal Pa. [0032]) [The authentication engine 120 is further configured to provide a notification of the successful storage and/or mapping of the biometric combination to the associated PIN], permit the access to the secure area by setting a write and read state of the secure area to an unlock state (Poo Col. 4 Lines 19-25]) [solid state drive where each range has a unique set of credentials that have the authority to unlock the range for data read/write operations. The data read/write operations can be separately enforced via read-enabled and write-enabled flags.]
Thus, before the effective filing date of the claimed invention, the combination of the fraud detection system of from Poo into the disclosure of Agrawal constitutes the combination of prior art elements according to known methods to yield predictable results and would have been obvious to one of ordinary skill in the art at the time of invention.

As to claim 9, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to set a master boot record table such that a first master boot record included (Poo Col. 4 Lines 4-9]) [During a boot-up process, the secure firmware 116 is loaded into the secure memory partition 106, and is not accessible by the controller firmware 112 or any other non-secure firmware 114] in the secure area of the nonvolatile memory is read (Poo Col. 4 Lines 19-25]) [The data read/write operations can be separately enforced via read-enabled and write-enabled flags.]
Thus, before the effective filing date of the claimed invention, the combination of the fraud detection system of from Poo into the disclosure of Agrawal constitutes the combination of prior art elements according to known methods to yield predictable results and would have been obvious to one of ordinary skill in the art at the time of invention.

As to claim 10, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to transmit a registration trigger signal to the biometric module in response to reception of a user authority registration request, wherein the registration trigger signal requests the biometric module to store biometric data of a user (Agrawal Pa. [0025]) [The data structure 122 includes, at the least, maps defining assignments between fingerprints, for example, and characters (e.g., numbers, letters, etc.) assigned by consumers (e.g., by the consumer 114, etc.) to their fingerprints during registration of the consumers to the authentication engine 120 for the biometric PIN services described herein]

As to claim 11, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to perform the authority registration by setting a credential of the user authority based on the biometric authentication data and activating the user authority (Agrawal Pa. [0025]) [The data structure 122 includes, at the least, maps defining assignments between fingerprints, for example, and characters (e.g., numbers, letters, etc.) assigned by consumers (e.g., by the consumer 114, etc.) to their fingerprints during registration of the consumers to the authentication engine 120 for the biometric PIN services described herein]

As to claim 12, claim 12 recites the claimed that contain similar limitations as claim 5, therefore, it is rejected under the same rationale.

As to claim 13, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to perform the authority registration based on a user authority registration request received from the host device (Agrawal Pa. [0025]) [The data structure 122 includes, at the least, maps defining assignments between fingerprints, for example, and characters (e.g., numbers, letters, etc.) assigned by consumers (e.g., by the consumer 114, etc.) to their fingerprints during registration of the consumers to the authentication engine 120 for the biometric PIN services described herein]

As to claim 14, the combination of Agrawal and Poo teaches wherein the security access control module is further configured to perform the authority registration based on a user authority registration request is received from an input and/or output device separated from the host device (Agrawal Pa. [0025]) [The data structure 122 includes, at the least, maps defining assignments between fingerprints, for example, and characters (e.g., numbers, letters, etc.) assigned by consumers (e.g., by the consumer 114, etc.) to their fingerprints during registration of the consumers to the authentication engine 120 for the biometric PIN services described herein]

As to claim 15, claim 15 recites the claimed that contain similar limitations as claim 10, therefore, it is rejected under the same rationale.

As to claim 16, claim 16 recites the claimed that contain similar limitations as claim 1, therefore, it is rejected under the same rationale.

As to claim 17, claim 17 recites the claimed that contain similar limitations as claim 6, therefore, it is rejected under the same rationale.

As to claim 18, claim 18 recites the claimed that contain similar limitations as claim 11, therefore, it is rejected under the same rationale.

As to claim 19, claim 19 recites the claimed that contain similar limitations as claims 1 and 5, therefore, it is rejected under the same rationale.
As to claim 20, claim 20 recites the claimed that contain similar limitations as claim 1, therefore, it is rejected under the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438. The examiner can normally be reached Monday -Thursday 7:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B. Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/EVANS DESROSIERS/Primary Examiner, Art Unit 2491