DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-4 and 6-9 are pending.
	Claims 5 and 10 are cancelled by Applicant.

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/8/22 has been entered.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-4 and 6-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Asim [US 20120033807] in view of Walsh, et al. [US 20150318994].
As per claim 1:	Asim teach a method of user authentication which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more processors, the method comprising: 
acquiring authentication information including biometric information of a user; [Asim: Abstract; method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data]
generating a random string and a helper string from the biometric information [Asim: para 0034; the Global Unique ID of the device, in combination with a random string, is mapped to a random codeword. Then during the registration of the user, this codeword is used during the generation of the biometric helper data. Hence the helper data of the biometric measurement is made dependent on the device Global Unique ID. As the secret codeword is now dependent on the device unique ID, it is possible to authenticate both device and the user at once. See also para 0055] **using a generate algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
generating a secret value that corresponds to the authentication information; [Asim: para 0066; a secret and random value Ki is generated]
generating a private key and a public key using the secret value and the random string [Asim: para 0044-0046; The output of the GenBio algorithm is an almost uniform key Kuij and helper data-Wuij which is dependent on both the biometric measurement BMu and device global unique ID D.sub.IDi. The computed key Kuij is dependent on both the user's biometric and device global ID, and is used as the private key for the user j and device i pair. Depending on the public-key cryptosystem used, the user runs a public-key generation process which has as input the private key Kuij and outputs a public key Kuij_pub], wherein the public key is used for verification of a digital signature; [Asim: para 0048; The data and signature are sent to the service provider, together with the user/device certificate containing the public-key Kuij_pub. The user/device certificate can be sent only once and stored at the backend system. The service provider searches its database for the certificate of the user, and checks the signature]
transmitting the public key to an authentication server; and  [Asim: para 0057; The following values are then sent to the remote service: (D.sub.IDi, .gamma.i, Uj) in a secure and authenticated manner and possible to send Kuij to the server. By sending Kuij might result in a performance advantage for the server to prevent the user's biometric measurement from being leaked. See para 0045; explains the computed key Kuij is used as the private key for the user j and device i pair. Depending on the public-key cryptosystem used, the user runs a public-key generation process which has as input the private key Kuij and outputs a public key Kuij_pub.]
storing the secret value and the helper string. [Asim: para 0066]
Asim discloses a fuzzy extractor or helper data algorithm is required to extract one (or more) secure keys from noisy biometric data [Asim: para 0029]. Thus, Asim suggests an algorithm that is directed towards the fuzzy extraction to obtain secure key. However, Asim did not clearly “using a generate algorithm of a user authentication technique based on fuzzy extraction”.
Walsh discloses a secure sketch SS for input string O, where ECC is a binary (n, k, 2i+1) error correcting code of length n capable of correcting t errors and V←{0, 1}.sup.k is a k-bit value, may be defined as SS(O; V)=O⊕ECC(V). This definition can be used to build a Gen algorithm, which outputs a set custom-characterV,Pcustom-character, where V is the value to be reconstructed and P is a helper string that is used to recover V [Walsh: 0015].  As such, the “generate algorithm” refers as Gen algorithm. Gen and Rep algorithms such as these may be used in PUF-based protocols to ensure that the same value V is recovered so long as the PUF outputs O, O′ differ by at, most t bits [Walsh: 0016]. Walsh also include the example of biometric authentication, where means such as a fuzzy extractor may preferably be employed to ensure that the biometric reliably returns a constant value. For example, a constant value custom-character.sub.i for the metadata may be chosen and linked to an associated public helper data value custom-character [Walsh: 0016]. Thus, Walsh obviously suggests user authentication technique based on fuzzy extraction. Motivation for “using a generate algorithm of a user authentication technique based on fuzzy extraction”, is to ensure that the same value is recovered.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Asim to teach “using a generate algorithm of a user authentication technique based on fuzzy extraction”, for reasons to ensure recovering the same value or returning a constant value.
Claim 2:  Asim: 0059-0061; discuss the method of claim 1, further comprising: deleting the private key and the random string. 
As per claim 3:	Asim teach a method of user authentication which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more programs, the method comprising: 
receiving a challenge value from an authentication server; [Asim: 0039]
acquiring first biometric information of a user; [Asim: Abstract; method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data] 
generating a first random string using the first biometric information and a pre-generated helper string [Asim: para 0034; the Global Unique ID of the device, in combination with a random string, is mapped to a random codeword. Then during the registration of the user, this codeword is used during the generation of the biometric helper data. Hence the helper data of the biometric measurement is made dependent on the device Global Unique ID. As the secret codeword is now dependent on the device unique ID, it is possible to authenticate both device and the user at once. See also para 0055] **using a restore algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
performing authentication of the first biometric information; [Asim: para 0027, 0065]
when the authentication is successful, generating a private key using the first random string and a pre-generated secret value that corresponds to the first biometric information; [Asim: para 0060-0061, 0066; a secret and random value Ki is generated]
generating a digital signature for the challenge value using the private key; and [Asim: para 0045-0046; The computed key Kuij is dependent on both the user's biometric and device global ID, and is used as the private key for the user j and device i pair. All this information would then be signed by the private key of the certificate authority. If self certification is used, then the user will sign this data with his private key Kuij. See also para 0063]
transmitting the digital signature to the authentication server; and  [Asim: para 0066]
receiving, from the authentication server, an authentication result based on a result of verifying the digital signature using a public key of the user [Asim: para 0048; The data and signature are sent to the service provider, together with the user/device certificate containing the public-key Kuij_pub. The user/device certificate can be sent only once and stored at the backend system. The service provider searches its database for the certificate of the user, and checks the signature], which previously generated using the secret value and a second random string generated from second biometric information of the user that is used when the helper string is generated. [Asim: para 0028;  Biometrics identify/authenticate people, where "fuzzy extractors" are used to extract nearly uniform and reliable keys from the private biometrics. See also para 0058, 0068-0069. As explained above the secret value and random string are from a biometric. Thus, a second random string can be from another biometric (second biometric information) as there is suggestion in establishing data provenance the system couples very early the device and user identifiers that can be obtained by strong authentication mechanisms, using a Unique Global Device ID and biometrics]
Asim discloses a fuzzy extractor or helper data algorithm is required to extract one (or more) secure keys from noisy biometric data [Asim: para 0029]. Thus, Asim suggests an algorithm that is directed towards the fuzzy extraction to obtain secure key. However, Asim did not clearly “using a restore algorithm of a user authentication technique based on fuzzy extraction”.
Walsh discloses a Rep algorithm can be defined such that, on input O′ within a maximum Hamming distance t of O, the original value V may be recovered. Rep(O′, P), where D is the decoding scheme for the binary (n, k, 2t+1) error-correcting code ECC and O′ is an input. This definition can then be used to build a Rep algorithm that allows a PUF output. O′ that differs from the original output O by at most t to reproduce output V such that Rep(O′)=V using the helper string. Gen and Rep algorithms such as these may be used in PUF-based protocols to ensure that the same value V is recovered so long as the PUF outputs O, O′ differ by at, most t bits [Walsh: 0016]. As such, the “restore algorithm” can broadly be the Rep algorithm. Walsh also include the example of biometric authentication, where means such as a fuzzy extractor may preferably be employed to ensure that the biometric reliably returns a constant value. For example, a constant value custom-character.sub.i for the metadata may be chosen and linked to an associated public helper data value custom-character [Walsh: 0060]. Thus, Walsh obviously suggests user authentication technique based on fuzzy extraction. Motivation for “using a restore algorithm of a user authentication technique based on fuzzy extraction”, is to ensure that the same value is recovered and reliably returns a constant value.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Asim to teach “using a restore algorithm of a user authentication technique based on fuzzy extraction”, for reason to ensure the same value is recovered and reliably returns a constant value.
Claim 4:  Asim: 0045 [per BRI, a server may be a certificate authority (or the service provider)]; discuss the method of claim 3, wherein the authentication server stores the public key of the user. 
Claim 5:  Cancelled
As per claim 6:	Asim teach an apparatus for user authentication, the apparatus comprising: 
one or more processors; and [Asim: 0010]
a memory storing one or more programs to be executed by the one or more processors, wherein the one or more programs comprise: [Asim: 0071]
a command for acquiring authentication information including biometric information of a user; [Asim: Abstract; method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data] 
a command for generating a random string and a helper string from the biometric information [Asim: para 0034; the Global Unique ID of the device, in combination with a random string, is mapped to a random codeword. Then during the registration of the user, this codeword is used during the generation of the biometric helper data. Hence the helper data of the biometric measurement is made dependent on the device Global Unique ID. As the secret codeword is now dependent on the device unique ID, it is possible to authenticate both device and the user at once. See also para 0055] **using a generate algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
a command for generating a secret value that corresponds to the authentication information; [Asim: para 0066; a secret and random value Ki is generated]
a command for generating a private key and a public key using the secret value and the random string [Asim: para 0044-0046; The output of the GenBio algorithm is an almost uniform key Kuij and helper data-Wuij which is dependent on both the biometric measurement BMu and device global unique ID D.sub.IDi. The computed key Kuij is dependent on both the user's biometric and device global ID, and is used as the private key for the user j and device i pair. Depending on the public-key cryptosystem used, the user runs a public-key generation process which has as input the private key Kuij and outputs a public key Kuij_pub], wherein the public key is used for verification of a digital signature; [Asim: para 0048; The data and signature are sent to the service provider, together with the user/device certificate containing the public-key Kuij_pub. The user/device certificate can be sent only once and stored at the backend system. The service provider searches its database for the certificate of the user, and checks the signature] 
a command for transmitting the public key to an authentication server; and
storing the secret value and the helper string. [Asim: para 0066]
Asim discloses a fuzzy extractor or helper data algorithm is required to extract one (or more) secure keys from noisy biometric data [Asim: para 0029]. Thus, Asim suggests an algorithm that is directed towards the fuzzy extraction to obtain secure key. However, Asim did not clearly “using a generate algorithm of a user authentication technique based on fuzzy extraction”.
Walsh discloses a secure sketch SS for input string O, where ECC is a binary (n, k, 2i+1) error correcting code of length n capable of correcting t errors and V←{0, 1}.sup.k is a k-bit value, may be defined as SS(O; V)=O⊕ECC(V). This definition can be used to build a Gen algorithm, which outputs a set custom-characterV,Pcustom-character, where V is the value to be reconstructed and P is a helper string that is used to recover V [Walsh: 0015].  As such, the “generate algorithm” refers as Gen algorithm. Gen and Rep algorithms such as these may be used in PUF-based protocols to ensure that the same value V is recovered so long as the PUF outputs O, O′ differ by at, most t bits [Walsh: 0016]. Walsh also include the example of biometric authentication, where means such as a fuzzy extractor may preferably be employed to ensure that the biometric reliably returns a constant value. For example, a constant value custom-character.sub.i for the metadata may be chosen and linked to an associated public helper data value custom-character [Walsh: 0016]. Thus, Walsh obviously suggests user authentication technique based on fuzzy extraction. Motivation for “using a generate algorithm of a user authentication technique based on fuzzy extraction”, is to ensure that the same value is recovered.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Asim to teach “using a generate algorithm of a user authentication technique based on fuzzy extraction”, for reasons to ensure recovering the same value or returning a constant value.

Claim 7:  Asim: 0059-0061; discuss the apparatus of claim 6, wherein the one or more programs further comprise: a command for deleting the private key and the random string.
As per claim 8:	Asim teach an apparatus for user authentication, the apparatus comprising: 
one or more processors; and [Asim: 0010]
a memory storing one or more programs to be executed by the one or more processors, wherein the one or more programs comprise: [Asim: 0071]
a command for receiving a challenge value from an authentication server; [Asim: 0039]
a command for acquiring first biometric information of a user; [Asim: Abstract; method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data]
a command for generating a first random string using the first biometric information and a pre-generated helper string  [Asim: para 0034; the Global Unique ID of the device, in combination with a random string, is mapped to a random codeword. Then during the registration of the user, this codeword is used during the generation of the biometric helper data. Hence the helper data of the biometric measurement is made dependent on the device Global Unique ID. As the secret codeword is now dependent on the device unique ID, it is possible to authenticate both device and the user at once. See also para 0055] **using a restore algorithm of a user authentication technique based on fuzzy extraction; [*as rejected under a secondary reference, discussion below]
a command for performing authentication of the first biometric information; [Asim: para 0027, 0065]
a command for, when the authentication is successful, generating a private key using the first random string and a pre-generated secret value that corresponds to the first biometric information; [Asim: para 0060-0061, 0066; a secret and random value Ki is generated]
a command for generating a digital signature for the challenge value using the private key; and [Asim: para 0045-0046; The computed key Kuij is dependent on both the user's biometric and device global ID, and is used as the private key for the user j and device i pair. All this information would then be signed by the private key of the certificate authority. If self certification is used, then the user will sign this data with his private key Kuij. See also para 0063] 
a command for transmitting the digital signature to the authentication server; and  [Asim: para 0066]
receiving, from the authentication server, an authentication result based on a result of verifying the digital signature using a public key of the user[Asim: para 0048; The data and signature are sent to the service provider, together with the user/device certificate containing the public-key Kuij_pub. The user/device certificate can be sent only once and stored at the backend system. The service provider searches its database for the certificate of the user, and checks the signature], which previously generated using the secret value and a second random string generated from second biometric information of the user that is used when the helper string is generated. [Asim: para 0028;  Biometrics identify/authenticate people, where "fuzzy extractors" are used to extract nearly uniform and reliable keys from the private biometrics. See also para 0058, 0068-0069. As explained above the secret value and random string are from a biometric. Thus, a second random string can be from another biometric (second biometric information) as there is suggestion in establishing data provenance the system couples very early the device and user identifiers that can be obtained by strong authentication mechanisms, using a Unique Global Device ID and biometrics]
Asim discloses a fuzzy extractor or helper data algorithm is required to extract one (or more) secure keys from noisy biometric data [Asim: para 0029]. Thus, Asim suggests an algorithm that is directed towards the fuzzy extraction to obtain secure key. However, Asim did not clearly “using a restore algorithm of a user authentication technique based on fuzzy extraction”.
Walsh discloses a Rep algorithm can be defined such that, on input O′ within a maximum Hamming distance t of O, the original value V may be recovered. Rep(O′, P), where D is the decoding scheme for the binary (n, k, 2t+1) error-correcting code ECC and O′ is an input. This definition can then be used to build a Rep algorithm that allows a PUF output. O′ that differs from the original output O by at most t to reproduce output V such that Rep(O′)=V using the helper string. Gen and Rep algorithms such as these may be used in PUF-based protocols to ensure that the same value V is recovered so long as the PUF outputs O, O′ differ by at, most t bits [Walsh: 0016]. As such, the “restore algorithm” can broadly be the Rep algorithm. Walsh also include the example of biometric authentication, where means such as a fuzzy extractor may preferably be employed to ensure that the biometric reliably returns a constant value. For example, a constant value custom-character.sub.i for the metadata may be chosen and linked to an associated public helper data value custom-character [Walsh: 0060]. Thus, Walsh obviously suggests user authentication technique based on fuzzy extraction. Motivation for “using a restore algorithm of a user authentication technique based on fuzzy extraction”, is to ensure that the same value is recovered and reliably returns a constant value.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Walsh with Asim to teach “using a restore algorithm of a user authentication technique based on fuzzy extraction”, for reason to ensure the same value is recovered and reliably returns a constant value.
Claim 9:  Asim: 0045 [per BRI, a server may be a certificate authority (or the service provider)]; discuss the method of claim 8, wherein the authentication server stores the public key of the user. 
Claim 10:  Cancelled


Response to Arguments
4.	Applicant’s arguments with respect to claim(s) 1-4 and 6-9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
	The arguments moot as they are directed towards the current amendment and are responded to in the respective rejection above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435                                                                                                                                                                                                        LT

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435