Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 10/20/2020 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) have been considered by the examiner.
  
Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
	Specifically, claim 1 recites, “the secure connection”, however, the claim only has antecedent support for a “first secure connection” and a “second secure connection.” For the purpose of examination, “the secure connection” will be interpreted as the “first secure connection.”
Claims 2-8 are rejected as being dependent upon claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-6, and 8 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0260721 to O'Regan et al. (hereinafter O’Regan) and in further view of US 2018/0089548 to Sims et al. (hereinafter Sims).
Regarding claim 1, O’Regan teaches,
A method of operating a device to perform a biometric authentication, the device (biometric input device 110, fig. 1 of O’Regan, biometric input device 110 of fig. 10 including the secure element 116) comprising a biometric authentication unit (biometric input device including biometric input 114, fig. 1 of O’Regan, biometric input 114 of fig. 10 but not including the secure element 116) and a secure element (secure element 116, fig. 1 of O’Regan, secure element 116 of fig. 10 of O’Regan), the method comprising: 
O’Regan teaches a secure element for use in authenticating biometric data locally. (O’Regan, [0019]) 
establishing a first secure connection between the biometric authentication unit of the device and the secure element; 
O’Regan teaches sending biometric information from the biometric input 114 of the biometric input device 110 to the biometric data receiving component 610 of the secure element 116 using data line 609 (“transmitting a message from the biometric authentication unit to the secure element”). (See fig. 10 and [0139] of O’Regan). 
O’Regan also teaches secure end to end encryption of data from the biometric input device 110 to the secure server 120, which includes data line 609 (and also 130). (O’Regan, [0074]) Thus, data line 609 (“first secure connection”) is also encrypted.
O’Regan further teaches that the biometric input and secure element are physically located proximate each other to minimize any possibility of intercepting biometric data being transmitted from the biometric input (114) to the secure element (116), which the examiner interprets as a “first secure connection.” (O’Regan, [0145])
O’Regan teaches the following, except for the underlined portion,
causing the biometric authentication unit to obtain biometric data from a user of the device and to authenticate said biometric data; 
O’Regan teaches that the biometric input unit 114 of the biometric input device 110 (“biometric authentication unit”) receives the user’s biometric input (“causing the biometric authentication unit to obtain biometric data from a user of the device”). (O’Regan, [0065]) 
However, O’Regan appears to teach that the biometric authentication is performed by the smart card (“secure element”) and not the handset (“biometric authentication unit”).
	However, Sims teaches the above underlined portion of the claim,
Sims teaches biometric authentication module 6 (“biometric authentication unit”) that “is configured to receive and process fingerprint data 8 from a finger presented to a fingerprint sensor.” (Sims, third sentence [0014]) Thus, Sims teaches processing the fingerprint (“authenticate said biometric data”), where the processing the fingerprint is performed in the biometric authentication module 6 (“biometric authentication unit”). Further, Sims in fig. 1 teaches a biometric authentication module 6 (“biometric authentication unit”) connected through a communication channel 4 to a secure element 2 (“secure element”) which is given an authentication result of the fingerprint authentication.
Sims teaches the following underlined portions,
transmitting a message from the biometric authentication unit to the secure element containing a result of the authentication over the secure connection; and 
Sims in fig. 1 teaches a biometric authentication module 6 (“biometric authentication unit”) connected through a communication channel 4 to a secure element 2 (“secure element”), where the secure element 2 sends authorization data 10 to an external terminal. (Sims, fig. 1, [0014])
Sims teaches a message from the biometric authentication module 6 (“biometric authentication unit”) to the secure element 2 (“secure element”) containing the results of a fingerprint authentication (result of authentication). (Sims,  [0014])
However, O’Reagan and Sims both teach the non-underlined portions of the claim above,
Regarding the “secure connection,” which the examiner interprets as the “first secure connection” (see above), both O’Regan (as discussed above) and Sim teach this feature. First: O’Regan teaches sending biometric information from the biometric input 114 of the biometric input device 110 to the biometric data receiving component 610 of the secure element 116 using data line 609, as discussed above. (See fig. 10 and [0139] of O’Regan) Second: Sim similarly teaches an encrypted communications between the secure element and the biometric authentication module. (Sims, second to last sentence [0004]) 
O’Regan teaches the following,
transmitting the result of the authentication from the secure element to a remote entity (secure server 120, fig. 1 of O’Regan, secure server 120 of fig. 10) over a second secure connection.
O’Regan in fig. 10 teaches a secure communication channel 130 (“second secure connection”) between a “secure element 116 and a secure server 120. (O’Regan, second sentence [0167] and fig. 10, see also [0074] of O’Regan
O’Regan also teaches a user uniquely identifying him- or herself with an institution such as a bank to enable the user to conduct sensitive transactions, e.g., against his or her bank account. (O’Regan, [0081]) 
Sims also teaches the above features of the claim,
Similarly, as discussed above, Sims in fig. 1 teaches a biometric authentication module 6 (“biometric authentication unit”) connected through a communication channel 4 to a secure element 2 (“secure element”), where the secure element 2 sends authorization data 10 to an external terminal (“from the secure element to a remote entity”). (Sims, fig. 1, [0014])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of O’Regan, which teaches biometric authentication being performed using a secure communication channel between a user device and a smart card / secure element and using another secure communication channel between the smart card and a remote device (server), with Sims, which teaches biometric / fingerprint authentication being performed by a biometric authentication module 6 (“biometric authentication unit”) connected through a communication channel 4 to a secure element 2 (“secure element”), where the secure element 2 sends authorization data 10 to an external terminal (“remote entity”). One of ordinary skill in the art would have been motivated to perform such an addition to provide the well know capability of having the biometric authentication performed by the client instead of the secure element, and sending an authentication message from the biometric authentication unit (i.e., where biometric authentication occurs) to a secure element, and from the secure element to a remote entity / external server.

Regarding claim 5, O’Regan teaches the following,
The method according to claim 1, wherein the first secure connection is provided using symmetric encryption.  
	As discussed above in the rejection of claim 1, O’Regan also teaches secure end to end encryption of data from the biometric input device 110 to the secure server 120, which includes data line 609. (O’Regan, [0074]) Thus, data line 609 (“first secure connection”) is also encrypted.
	The encryption methods taught in [0074] of O’Regan include TLS and SSL, which utilize both public / asymmetric key encryption and symmetric key encryption.

Regarding claim 6, O’Regan teaches the following,
The method according to claim 1, wherein the first secure connection is provided using asymmetric encryption.  
As discussed above in the rejection of claim 1, O’Regan also teaches secure end to end encryption of data from the biometric input device 110 to the secure server 120, which includes data line 609. (O’Regan, [0074]) Thus, data line 609 (“first secure connection”) is also encrypted.
The encryption methods taught in [0074] of O’Regan include TLS and SSL, which utilize both public / asymmetric key encryption and symmetric key encryption.

Regarding claim 8, O’Regan teaches the following,
The method according to claim 1, wherein the biometric authentication unit includes a controller and a sensor.
O’Regan teaches that the biometric input device 110 (“biometric authentication unit”) of fig. 10 includes a biometric input 114 (“sensor”) and a processor 602 (“controller”).
	
Claims 2-4 are rejected under 35 U.S.C. 103 as being unpatentable over O'Regan, in view of Sims, and in further view of US 2008/0109882 to Mahalal et al. (hereinafter Mahalal). 

Regarding claim 2, Mahalal teaches the following,
The method according to claim 1, wherein the biometric authentication unit is provided with a certification either by or on behalf of the remote entity prior to the authentication process.  
	Mahalal in fig. 1 teaches the Rights Issuer 2 (“remote entity”) authenticates the handset 1. For example, OMA compliant handsets have a private/public key pair and a device certificate. The handset sends the device certificate to the Rights Issuer 2. The Rights Issuer issues a challenge to the handset 1 which the handset signs with its private key. The Rights Issuer 2 can then verify if the certificate is satisfactory and if the signature corresponds to the sent device certificate. (Mahalal, [0051]) 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of O’Regan, which teaches biometric authentication being performed using a secure communication channel between a user device and a smart card / secure element and using another secure communication channel between the smart card and a remote device (server),  with Mahalal, which teaches a handset 1 with a smart card 3 that authenticates the handset 1 (client) by verifying the handset’s certificate with a rights issuer 2.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the smart card with the capability of authenticating / verifying a client by verifying the client’s certificate.

Regarding claim 3, Mahalal teaches,
The method according to claim 1, wherein the secure element is a universal integrated circuit card, preferably a subscriber identity module, SIM, or a universal subscriber identity module.  
	Mahalal teaches that the smart card 3 (“secure element”) may be in the form of a Subscriber Identity Module (SIM). (Mahalal, last sentence [0010])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of O’Regan, which teaches biometric authentication being performed using a secure communication channel between a user device and a smart card / secure element and using another secure communication channel between the smart card and a remote device (server),  with Mahalal, which teaches a handset 1 with a smart card 3 that authenticates the handset 1 (client) by verifying the handset’s certificate with a rights issuer 2, where the smart card 3 may be a SIM card.  One of ordinary skill in the art would have been motivated to perform such an addition to provide capability of having the smart card be a SIM card.

Regarding claim 4, Mahalal teaches the following,
The method according to claim 1, wherein the secure element validates a certificate of the biometric authentication unit prior to transmitting the result of the authentication to the remote entity.  
Mahalal teaches a client / handset 1 that includes a smart card 3, where the smart card 3 first authenticates the handset by sending a challenge to the handset 1 which the handset media player signs with the private key of the handset. The smart card 3 then verifies if the signature corresponds to the stored device certificate. (emphasis added) (Mahalal, fig. 1, [0054]) At this point the smart card 3 transmits keys to the handset 1. 
Additionally, the rights are delivered prior to the authentication (i.e., transmitting) of the rights data. (Mahalal, [0055]) 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of O’Regan, which teaches biometric authentication being performed using a secure communication channel between a user device and a smart card / secure element and using another secure communication channel between the smart card and a remote device (server),  with Mahalal, which teaches a handset 1 with a smart card 3 that authenticates the handset 1 (client) by verifying the handset’s certificate with a rights issuer 2.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the smart card with the capability of authenticating / verifying a client by verifying the client’s certificate.

	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over O'Regan, in view of Sims, and in further view of US 2013/0237190 to Smith et al. (hereinafter Smith). 
Regarding claim 7, Smith teaches,
The method according to claim 1, wherein the biometric authentication is performed in response to a request received by the secure element from an external source.  
	Smith teaches radio transceiver 121 of device 117 (“external device”) communicating with radio transceiver 103 of device 101 of fig. 1. (Smith, [0066]) Smith then teaches receiving an authentication request with radio transceiver 103 of device 101, that is passed to a smart card applet 151 (“secure element”), where biometrics may be used, to perform authentication. (Smith, [0068] as quoted below)
Smith in [0068] states, “In block 509, the portable wireless device radio transceiver 103 receives the authentication request, and transmits the authentication request to the portable wireless device application 109. The portable wireless device application 109 receives the authentication request, and transmits the authentication request to the smart card emulator 111. The smart card emulator 111 receives the authentication request, and transmits the authentication request to the smart card applet 113. The smart card emulator 111 may translate the authentication request so that it is readable by the smart card applet 113. The smart card applet 113 receives the authentication request from the smart card emulator 111, and accesses the data store 115 and/or the memory associated with the portable wireless device 101 to create a response to the authentication request. The response may include, but is not limited to, public and/or private keys, certificates, or unique biometric information associated with the user. The smart card applet 113 transmits the response to the smart card emulator 111. The smart card emulator 111 receives the response from the smart card applet 113, and transmits the response via the portable wireless device radio transceiver 103 to the smart card reader emulation device radio transceiver 121. The smart card reader emulation device radio transceiver 121 receives the response, and transmits the response to the radio smart card reader driver 119. The radio smart card reader driver 119 receives the response, and transmits the response to the application software 123 and/or the operating system 125. The application software 123 and/or the operating system 125 receives the response, and performs one or more actions based on the response. The actions may include, but are not limited to, authorizing a user to operate the smart card reader emulation device 117, or perform one or more tasks with the authority of the user.” (emphasis added in bold)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of O’Regan, which teaches biometric authentication being performed using a secure communication channel between a user device and a smart card / secure element and using another secure communication channel between the smart card and a remote device (server), with Smith, which also teaches a device and smart card (emulator) that performs authentication using biometrics based on a request being issued from an external device. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of an external device \ server sending an authentication request to a smart card / secure element to initiate authentication.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./


/HENRY TSANG/Primary Examiner, Art Unit 2495