DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 02/26/2021.
Claims 1-14 are submitted for examination.
Claims 1-14 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on February 26, 2021 claims priority of provisional  application 62/981,823 filed on February 26, 2020.

Claim Objections
Claim 4 s objected to because of the following informalities: There are two claims having same number 4. For the purpose of examination these claims will be treated as two separate claims. Second Claim 4 will be labeled as Claim 4A for an examination purpose. Appropriate correction is required.

Claim 8 s objected to because of the following informalities: “homomorphic encryption” is misspelled as “homorphic encryption”. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Regarding claims 1, 10, 14 the phrase "such that", “can be” renders the claim indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 6-7, 9-10 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over  Erickson et al. (US PGPUB. # US 2013/0318361, hereinafter “Erickson”), and further in view of Pazhoor et al. (US PGPUB. # US 2020/0259643, hereinafter “Pazhoor”).

Regarding Claim 1, Ericson teaches,
A method for supplying data relating to an individual that can be proved to be connected to the individual using a biometric template such that others may access the data without being able to identify the individual or access the biometric template comprising: 
enrolling the individual by creating a positive biometric identification of the individual that includes the biometric template of the individual encrypted and masked to others, said biometric template being solely controlled by the individual; (¶26, “The encryption module 110 may encrypt the biometric template such that the encrypted biometric template may only be encrypted with access to the private key”, ¶27, “The smart card may be issued when a patient first provides biometric data, and when the biometric template is first encrypted. The smart card may then be used when a patient subsequently provides biometric data and the private key on the smart card is used to verify a match between subsequently obtained biometric data and the encrypted biometric template”, ¶36, ¶38, ¶41-¶42, Fig. 2, ¶46-¶50, Fig. 3(302,304,306,308,310,312,314), ¶51-¶57, i.e. an encrypted biometric template  for a user is created which is controlled by the user, utilizing a private key. The encrypted biometric template is used for the user authentication).
[providing a hash to reference] the biometric template (Fig. 2(204), ¶48, Fig. 3(304), ¶52) [by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain]; 
anonymizing a set of data relating to said individual to produce an anonymized data set; (¶32, “ the records may be encrypted using a separate encryption key or alternatively using the public key provided by the electronic device 102”, ¶40, “the medical records may be anonymized and/or encrypted”, i.e. data is anonymized)
associating the anonymized data set with the encrypted biometric template (¶32, “The records may also be linked to a corresponding biometric template or other biometric information”, ¶40, “a storage device 104 may receive the encrypted biometric template and link the encrypted biometric template with medical records corresponding to the biometric template stored on one or more storage devices 104”, ¶59, “the medical records may have been linked to the encrypted biometric templates without further information regarding the identity of the patient or biometric data linked to the medical records”, i.e. encrypted biometric template is linked with anonymized data)  [and the hash]; 
allowing a third party access to the anonymized data set; (Fig. 3(318), ¶59, “thus providing a health care provider, patient or other device access to medical records associated with the patient”, i.e. healthcare provider is considered as a third party which gains access to a patient’s medical records (anonymized data)).
providing identity proof of the anonymized data set by the individual by providing biometric matching proved through a privacy preserving calculation without disclosing contents of the biometric template to the third party. (¶20, “there is also an interest in preserving the privacy of patients that may limit the availability of accurate patient information. A benefit of encrypting biometric information and storing it on a storage device (e.g., a central database) is protecting the privacy of those associated with the biometric data while still permitting health care providers to obtain accurate information about patients”, ¶21, ¶41-¶42, ¶49-¶50, i.e. Examiner submits that a patient controls the private key of the encrypted biometric template and only storage device can decrypt the biometric template, a third party is not able to access content of the biometric template data). 
Erickson does not teach explicitly,
providing a hash to reference the [biometric template] by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain; 
[associating the anonymized data set with the encrypted biometric template] and the hash; 
However, Pazhoor teaches,
providing a hash to reference the biometric [template] by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain; (¶24, ¶29, “After a unique biometric key has been generated, a hash corresponding to the unique biometric key may be calculated and stored for later authentication purposes”, ¶36, Fig. 3, ¶58, “the requestor is authorized to access the at least an encrypted data record 144 may include matching the unique key to a hash of the unique key previously created when the unique key and/or cryptographic hash thereof was generated and stored in system 100”, ¶43, “Nodes may then vote by a consensus algorithm as to which copy is correct. Consensus algorithms may include proof of work, proof of stake, or voting systems. Once a consensus has been determined, all other nodes may update themselves to reflect the new copy of the ledger”, Fig. 2, ¶47-¶48, i.e. hash is stored in distributed ledger (blockchain)).
[associating the anonymized data set with the encrypted biometric template] and the hash; (¶57, “a public key associated with a requestor containing location information pertaining to requestor-linked data store 140 may be converted into a series of hash functions. This may occur by converting an entry into a series of integers by using a hash function. A hash function may include any function that may be used to map a set of data which falls into the hash table”, associating records with hashed biometric public key).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Pazhoor with the invention of Erickson.
Erickson teaches, enrolling an encrypted biometric template and associating with anonymized data. Pazhoor teaches, hashing biometric public key and associating with anonymized data stored in a distributed ledger. Therefore, it would have been obvious to have hashing biometric public key and associating with anonymized data stored in a distributed ledger of Pazhoor with enrolling an encrypted biometric template and associating with anonymized data of Erickson to avoid text and numeric based password which is easily forgotten by a user and to secure data in a distributed data storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, Ericson teaches,
A method for supplying data relating to an individual that can be proved to be connected to the individual using a biometric template such that others may access the data without being able to identify the individual or access the biometric template comprising: 
enrolling the individual by creating a positive biometric identification of the individual that includes the biometric template of the individual encrypted and masked to others, said biometric template being solely controlled by the individual; (¶26, “The encryption module 110 may encrypt the biometric template such that the encrypted biometric template may only be encrypted with access to the private key”, ¶27, “The smart card may be issued when a patient first provides biometric data, and when the biometric template is first encrypted. The smart card may then be used when a patient subsequently provides biometric data and the private key on the smart card is used to verify a match between subsequently obtained biometric data and the encrypted biometric template”, ¶36, ¶38, ¶41-¶42, Fig. 2, ¶46-¶50, Fig. 3(302,304,306,308,310,312,314), ¶51-¶57, i.e. an encrypted biometric template  for a user is created which is controlled by the user, utilizing a private key. The encrypted biometric template is used for the user authentication).
[providing a hash to reference] the biometric template (Fig. 2(204), ¶48, Fig. 3(304), ¶52) [by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain]; 
[combining the hash of] the biometric template (Fig. 2(204), ¶48, Fig. 3(304), ¶52) [into an ensemble, said ensemble referenced by a master hash and comprising a hash list, the hash list including one or more hashes pertaining to the anonymized data set, the master hash immutably stored in the blockchain];
anonymizing a set of data relating to said individual to produce an anonymized data set; (¶32, “ the records may be encrypted using a separate encryption key or alternatively using the public key provided by the electronic device 102”, ¶40, “the medical records may be anonymized and/or encrypted”, i.e. data is anonymized)
associating the anonymized data set with the encrypted biometric template (¶32, “The records may also be linked to a corresponding biometric template or other biometric information”, ¶40, “a storage device 104 may receive the encrypted biometric template and link the encrypted biometric template with medical records corresponding to the biometric template stored on one or more storage devices 104”, ¶59, “the medical records may have been linked to the encrypted biometric templates without further information regarding the identity of the patient or biometric data linked to the medical records”, i.e. encrypted biometric template is linked with anonymized data) [and the hash]; 
allowing a third party access to the anonymized data set; (Fig. 3(318), ¶59, “thus providing a health care provider, patient or other device access to medical records associated with the patient”, i.e. healthcare provider is considered as a third party which gains access to a patient’s medical records (anonymized data)).
 providing identity proof of the anonymized data set by the individual by providing biometric matching proved through a privacy preserving calculation without disclosing contents of the biometric template to the third party. (¶20, “there is also an interest in preserving the privacy of patients that may limit the availability of accurate patient information. A benefit of encrypting biometric information and storing it on a storage device (e.g., a central database) is protecting the privacy of those associated with the biometric data while still permitting health care providers to obtain accurate information about patients”, ¶21, ¶41-¶42, ¶49-¶50, i.e. Examiner submits that a patient controls the private key of the encrypted biometric template and only storage device can decrypt the biometric template, a third party is not able to access content of the biometric template data). 
Ericson does not teach explicitly,
providing a hash to reference the [biometric template] by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain; 
combining the hash of the [biometric template] into an ensemble, said ensemble referenced by a master hash and comprising a hash list, the hash list including one or more hashes pertaining to the anonymized data set, the master hash immutably stored in the blockchain; 
[associating the anonymized data set with the encrypted biometric template] and the hash; 
However, Pazhoor teaches,
providing a hash to reference the biometric [template] by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain; (¶24, ¶29, “After a unique biometric key has been generated, a hash corresponding to the unique biometric key may be calculated and stored for later authentication purposes”, ¶36, Fig. 3, ¶58, “the requestor is authorized to access the at least an encrypted data record 144 may include matching the unique key to a hash of the unique key previously created when the unique key and/or cryptographic hash thereof was generated and stored in system 100”, ¶43, “Nodes may then vote by a consensus algorithm as to which copy is correct. Consensus algorithms may include proof of work, proof of stake, or voting systems. Once a consensus has been determined, all other nodes may update themselves to reflect the new copy of the ledger”, Fig. 2, ¶47-¶48, i.e. hash is stored in distributed ledger (blockchain)).
combining the hash of the biometric [template] into an ensemble, said ensemble referenced by a master hash and comprising a hash list, the hash list including one or more hashes pertaining to the anonymized data set, the master hash immutably stored in the blockchain; (Fig. 2, ¶47-¶48, ¶57, “Requestor-linked data store 140 may include an encrypted data record 144. Requestor-linked data store 140 may be located on a multi-nodal secure datastore 148”, “ A master list may include a hash-table and/or distributed hash table which may be used to locate a requestor-linked data store”, “Using the hashed key, a hash function may compute an index that may suggest where requestor-linked data store 140 may be found. Locating may also be performed by linking the at least an encrypted data record 144 to a digital signature associated with the requestor. Requestor may produce a digital signature as described above in reference to FIG. 1, which may then be linked to the at least an encrypted data record 144 and locate to the location of the at least an encrypted data record 144”)
[associating the anonymized data set with the encrypted biometric template] and the hash; (¶57, “a public key associated with a requestor containing location information pertaining to requestor-linked data store 140 may be converted into a series of hash functions. This may occur by converting an entry into a series of integers by using a hash function. A hash function may include any function that may be used to map a set of data which falls into the hash table”, i.e. associating records with hashed biometric public key).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Pazhoor with the invention of Erickson.
Erickson teaches, enrolling an encrypted biometric template and associating with anonymized data. Pazhoor teaches, hashing biometric public key and associating with anonymized data stored in a distributed ledger. Therefore, it would have been obvious to have hashing biometric public key and associating with anonymized data stored in a distributed ledger of Pazhoor with enrolling an encrypted biometric template and associating with anonymized data of Erickson to avoid text and numeric based password which is easily forgotten by a user and to secure data in a distributed data storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 14 Erickson teaches,
A method for supplying data relating to an individual that can be proved to be connected to the individual using a biometric template such that others may access the data without being able to identify the individual or access the biometric template comprising: 
enrolling the individual by creating a positive biometric identification of the individual that includes the biometric template of the individual encrypted and masked to others, said biometric template being solely controlled by the individual; (¶26, “The encryption module 110 may encrypt the biometric template such that the encrypted biometric template may only be encrypted with access to the private key”, ¶27, “The smart card may be issued when a patient first provides biometric data, and when the biometric template is first encrypted. The smart card may then be used when a patient subsequently provides biometric data and the private key on the smart card is used to verify a match between subsequently obtained biometric data and the encrypted biometric template”, ¶36, ¶38, ¶41-¶42, Fig. 2, ¶46-¶50, Fig. 3(302,304,306,308,310,312,314), ¶51-¶57, i.e. an encrypted biometric template  for a user is created which is controlled by the user, utilizing a private key. The encrypted biometric template is used for the user authentication).
[providing a hash to reference] the biometric template (Fig. 2(204), ¶48, Fig. 3(304), ¶52)  [by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain, wherein the blockchain is a permissioned blockchain]; 
anonymizing a set of data relating to said individual to produce an anonymized data set; (¶32, “ the records may be encrypted using a separate encryption key or alternatively using the public key provided by the electronic device 102”, ¶40, “the medical records may be anonymized and/or encrypted”, i.e. data is anonymized)
associating the anoymized data set with the encrypted biometric template (¶32, “The records may also be linked to a corresponding biometric template or other biometric information”, ¶40, “a storage device 104 may receive the encrypted biometric template and link the encrypted biometric template with medical records corresponding to the biometric template stored on one or more storage devices 104”, ¶59, “the medical records may have been linked to the encrypted biometric templates without further information regarding the identity of the patient or biometric data linked to the medical records”, i.e. encrypted biometric template is linked with anonymized data) [and the hash];  
allowing a third party access to the anoymized data set; (Fig. 3(318), ¶59, “thus providing a health care provider, patient or other device access to medical records associated with the patient”, i.e. healthcare provider is considered as a third party which gains access to a patient’s medical records (anonymized data)).
providing identity proof of the anonymized data set by the individual by providing biometric matching proved through a privacy preserving calculation without disclosing contents of the biometric template to the third party. (¶20, “there is also an interest in preserving the privacy of patients that may limit the availability of accurate patient information. A benefit of encrypting biometric information and storing it on a storage device (e.g., a central database) is protecting the privacy of those associated with the biometric data while still permitting health care providers to obtain accurate information about patients”, ¶21, ¶41-¶42, ¶49-¶50, i.e. Examiner submits that a patient controls the private key of the encrypted biometric template and only storage device can decrypt the biometric template, a third party is not able to access content of the biometric template data). 
Erickson does not teach explicitly,
providing a hash to reference the biometric [template] by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain, wherein the blockchain is a permissioned blockchain; 
[associating the anoymized data set with the encrypted biometric template] and the hash;  
However, Pazhoor teaches,
providing a hash to reference the biometric [template] by obtaining the hash through a one-way pre-image resistant cryptographic function, said hash being immutably stored into a trustless decentralized ledger distributed multiple times to a plurality of nodes exchanging consensus over a blockchain, wherein the blockchain is a permissioned blockchain; (¶24, ¶29, “After a unique biometric key has been generated, a hash corresponding to the unique biometric key may be calculated and stored for later authentication purposes”, ¶36, Fig. 3, ¶58, “the requestor is authorized to access the at least an encrypted data record 144 may include matching the unique key to a hash of the unique key previously created when the unique key and/or cryptographic hash thereof was generated and stored in system 100”, ¶43, “Nodes may then vote by a consensus algorithm as to which copy is correct. Consensus algorithms may include proof of work, proof of stake, or voting systems. Once a consensus has been determined, all other nodes may update themselves to reflect the new copy of the ledger”, Fig. 2, ¶47-¶48, i.e. hash is stored in distributed ledger (blockchain)).
[associating the anoymized data set with the encrypted biometric template] and the hash; (¶57, “a public key associated with a requestor containing location information pertaining to requestor-linked data store 140 may be converted into a series of hash functions. This may occur by converting an entry into a series of integers by using a hash function. A hash function may include any function that may be used to map a set of data which falls into the hash table”, associating records with hashed biometric public key).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Pazhoor with the invention of Erickson.
Erickson teaches, enrolling an encrypted biometric template and associating with anonymized data. Pazhoor teaches, hashing biometric public key and associating with anonymized data stored in a distributed ledger. Therefore, it would have been obvious to have hashing biometric public key and associating with anonymized data stored in a distributed ledger of Pazhoor with enrolling an encrypted biometric template and associating with anonymized data of Erickson to avoid text and numeric based password which is easily forgotten by a user and to secure data in a distributed data storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Ericson does not teach explicitly,
The method of claim 1, wherein the hash of the biometric template is combined into an ensemble, said ensemble referenced by a master hash and comprising a hash list, the hash list including one or more hashes pertaining to the anonymized data set, the master hash immutably stored in the blockchain;
However, Pazhoor teaches,
The method of claim 1, wherein the hash of the biometric template is combined into an ensemble, said ensemble referenced by a master hash and comprising a hash list, the hash list including one or more hashes pertaining to the anonymized data set, the master hash immutably stored in the blockchain; (Fig. 2, ¶47-¶48, ¶57, “Requestor-linked data store 140 may include an encrypted data record 144. Requestor-linked data store 140 may be located on a multi-nodal secure datastore 148”, “ A master list may include a hash-table and/or distributed hash table which may be used to locate a requestor-linked data store”, “Using the hashed key, a hash function may compute an index that may suggest where requestor-linked data store 140 may be found. Locating may also be performed by linking the at least an encrypted data record 144 to a digital signature associated with the requestor. Requestor may produce a digital signature as described above in reference to FIG. 1, which may then be linked to the at least an encrypted data record 144 and locate to the location of the at least an encrypted data record 144”).

Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Ericson does not teach explicitly,
The method of claim 1, wherein the anonymized data set is stored by a data custodian outside the blockchain. 
 However, Pazhoor teaches,
The method of claim 1, wherein the anonymized data set is stored by a data custodian outside the blockchain. (Fig. 1(152), ¶55, “requestor-linked data store 140 may include a local database 152 “, “ Local database 152 may store data and may be invisible to replication so that collections of data in a local database 152 are not replicated”, i.e. data is stored on local database outside of the blockchain).

Regarding Claim 4, rejection of Claim 3 is included and for the same motivation Erickson does not teach explicitly,
The method of claim 3, wherein the data custodian uses the data for secondary purposes.
However, Pazhoor teaches,
The method of claim 3, wherein the data custodian uses the data for secondary purposes. (¶56, “a request by a requestor to access requestor-linked data store 140 pertaining to requestor and/or subject person employment history”, “data access request 136 may include a request by requestor to access requestor-linked data store 140 pertaining to a degree requestor and/or subject person may have achieved at a college or university”, i.e. data is being used for secondary purpose).

Regarding Claim 6, rejection of Claim 1 is included and for the same motivation Erickson teaches,
The method of claim 1, wherein the individual is able to de anonymize the data. (Fig. 3(308), ¶54,  Fig. 3(318), ¶59, “the medical records may be encrypted using the public key and decrypted using the private key”, i.e. a user is able to decrypt the encrypted data using a private key indicates that a user is able to de anonymize the data).

Regarding Claim 7, rejection of Claim 1 is included and for the same motivation Erickson does not teach explicitly,
The system of claim 1, wherein the biometric matching is proved by the individual by committing a non-interactive argument to the blockchain; said proof being certified by a verifier.
However, Pazhoor teaches,
The system of claim 1, wherein the biometric matching is proved by the individual by committing a non-interactive argument to the blockchain; said proof being certified by a verifier. (Fig. 3, ¶58, “at step 315 access control regulator 112 determines that the requestor is authorized to access the at least an encrypted data record 144 as a function of the unique key associated with the requestor”, “matching the unique key to a hash of the unique key previously created when the unique key and/or cryptographic hash thereof was generated and stored in system 100”, i.e. biometric key is considered as non-interactive argument for which biometric-matching is done by a verifier).

Regarding Claim 9, rejection of Claim 1 is included and for the same motivation Erickson does not teach explicitly,
The system of claim 1, wherein the blockchain is a permissioned blockchain.
However, Pazhoor teaches,
The system of claim 1, wherein the blockchain is a permissioned blockchain. (¶43, “Multi-nodal secure datastore 148 may utilized cryptographic keys and digital signatures to ensure node security and/or authenticity. Multi-nodal secure datastore 148 may utilize digitally signed assertions as described in more detail below in reference to FIG. 2”, ¶57-¶58, i.e. blockchain is a permissioned blockchain as an authentication is required prior to accessing records).

Claims 4(4A), 5, 8 and 11-13  are rejected under 35 U.S.C. 103 as being unpatentable over  Erickson et al. (US PGPUB. # US 2013/0318361, hereinafter “Erickson”), and further in view of Pazhoor et al. (US PGPUB. # US 2020/0259643, hereinafter “Pazhoor”), and further in view of Carmignani et al. (US PGPUB. # US 2020/0259638, hereinafter “Carmignani”).


Referring to Claims 4(4A) and 11:
Regarding Claim 4(4A), rejection of Claim 3 is included combination of Erickson and Pazhoor does not teach explicitly,
The method of claim 1, wherein the privacy preserving calculation is executed using a plurality of nodes that is different from the nodes exchanging consensus on the permissionless blockchain.
However, Carmignani teaches,
The method of claim 1, wherein the privacy preserving calculation is executed using a plurality of nodes that is different from the nodes exchanging consensus on the permissionless blockchain. (¶46, “which may include any suitable secure two-party computation protocol(s)) to be carried out by the nodes for performing a matching function between the EBT of the enrollment and a later (e.g., during authentication) obtained authentication biometric sample (“ABS”) for potentially revealing the success key(s) to the node(s)”, “homomorphic (e.g., fully or somewhat homomorphic) encryption”, ¶47-¶48).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Carmignani with the invention of Erickson in view of Pazhoor.
Erickson in view of Pazhoor teaches, enrolling an encrypted biometric template and associating with anonymized data and hashing biometric public key and associating with anonymized data stored in a distributed ledger. Carmignani teaches, matching biometric templates for an authentication by distributed nodes utilizing homomorphic encryption. Therefore, it would have been obvious to have matching biometric templates for an authentication by distributed nodes utilizing homomorphic encryption of Carmignani into the invention of Erickson in view of Pazhoor to preserve privacy of biometric data of a user. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 11, rejection of Claim 10 is included and Claim 11 is rejected with the same rationale as applied against Claim 4(4A) above.

Referring to Claims 5 and 12:

Regarding Claim 5, rejection of Claim 4(4A) is included for the same motivation combination of Erickson and Pazhoor does not teach explicitly,
The method of claim 4, wherein the privacy preserving calculation comprises a commit-reveal scheme.
However, Carmignani teaches,
The method of claim 4, wherein the privacy preserving calculation comprises a commit-reveal scheme. (¶46, “which may include any suitable secure two-party computation protocol(s)) to be carried out by the nodes for performing a matching function between the EBT of the enrollment and a later (e.g., during authentication) obtained authentication biometric sample (“ABS”) for potentially revealing the success key(s) to the node(s)).

Regarding Claim 12, rejection of Claim 11 is included and Claim 12 is rejected with the same rationale as applied against Claim 5 above.

Regarding Claim 8, rejection of Claim 1 is included and combination of Erickson and Pazhoor does not teach explicitly,
The system of claim 1, wherein the biometric matching is proved by the individual by executing the privacy preserving calculation in a trusted execution environment using homomorphic encryption.
However, Carmignani teaches,
The system of claim 1, wherein the biometric matching is proved by the individual by executing the privacy preserving calculation in a trusted execution environment using homomorphic encryption. (¶46, “which may include any suitable secure two-party computation protocol(s)) to be carried out by the nodes for performing a matching function between the EBT of the enrollment and a later (e.g., during authentication) obtained authentication biometric sample (“ABS”) for potentially revealing the success key(s) to the node(s)”, “homomorphic (e.g., fully or somewhat homomorphic) encryption”, ¶52, “an attacker of a corrupted node will generally not be able to compute the circuit output key (e.g., the success key) unless it interacts with a trusted device, and the authentication is successful.”, i.e. privacy preserving calculation is performed using homomorphic encryption in a trusted execution environment).

Regarding Claim 13, rejection of Claim 12 is included and for the same motivation Erickson does not teach explicitly,
The system of claim 12, wherein the blockchain is a permissioned blockchain.
However, Pazhoor teaches,
The system of claim 12, wherein the blockchain is a permissioned blockchain (¶43, “Multi-nodal secure datastore 148 may utilized cryptographic keys and digital signatures to ensure node security and/or authenticity. Multi-nodal secure datastore 148 may utilize digitally signed assertions as described in more detail below in reference to FIG. 2”, ¶57-¶58, i.e. blockchain is a permissioned blockchain as an authentication is required prior to accessing records).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Sheets et al. (WIPO PUB. # WO 2019/112650) discloses, a system and techniques for enabling biometric authentication without exposing the authorizing entity to sensitive information. In some embodiments, the system receives a biometric template from a user device which is encrypted using a public key associated with the system. The encrypted biometric template is then provided to a second entity along with a biometric identifier. Upon receiving a request to complete a transaction that includes the biometric identifier and a second biometric template, the second entity may encrypt the second biometric template using the same public key associated with the system and perform a comparison between the two encrypted biometric templates. The resulting match result data file is already encrypted and can be provided to the system to determine an extent to which the two biometric templates match.
Jindal et al. (US PGPUB. # US 2021/0211290) discloses, a method and system for biometric verification. Conventional biometric verification method and system performs one or more computations in non-encrypted domain, thereby leading to security threats. The disclosed method includes performing computations such as enrollment and verification feature vector computation, dimensionality reduction of said feature vectors, and comparison of dimensionally reduced encrypted feature vectors to obtain matching scores indicating the extent of match therebetween between in encrypted domain using fully homomorphic encryption, thereby leading to secure biometric verification.
Callahan et al. (US PGPUB. # US 2020/0036797) discloses, an enrollment request is received from a user computing device that is configured via a distributed client software application and is processed. The enrollment request is usable to enroll the user computing device in a network and includes an encrypted partial initial biometric vector associated with a user. An authentication request is processed that is subsequently received that includes an encrypted partial second biometric vector and that is associated with a user of the user computing device. A comparison of the encrypted partial initial biometric vector and the encrypted partial second biometric vector is performed, and a value representing the comparison is generated and transmitted to the user computing device. The user computing device is authenticated where the value is above a minimum threshold.
Kevin Alan Tussy (US PGPUB. # US 2019/0311102) discloses, a method for enrolling and authenticating a user in an authentication system via a camera of a computing device include capturing and storing biometric information from at least one first image and at least one second image of the user taken via the camera. Prior to use, the user answers personal questions and the answers are stored as stored answer data. Later, such as at a business, the questions are presented to the user and the user provides their personal answers via a computing device. The answers are processed and uploaded to an authentication server where a comparison occurs against the stored answer data. If a match does not occur, then the authentication/identity verification processes ends. If a match does occur, then the authentication process continues. The questions match may serve as a gate function for accessing authentication data stored in a blockchain.
GUILAUME et al. (WIPO PUB. # WO 2019/086553) discloses, a computer-implemented method of privacy management. A core dataset comprising user personal identifiable data can be kept separated from some other data silos associated with said core dataset by a software program. Said program can be a smart contract implemented on a crypto-ledger. Personal identifiable data can comprise true identity information and/or Know Your Customer data compliant with banking regulation. Data silos can comprise anonymous and/or anonymized and/or pseudonymized and/or de- identified data. Data silos can be actively partitioned into a plurality of datasets associated with discrete levels of privacy breach risks. The partitioning between datasets can use one or more mechanisms comprising in particular multi-party computation, homomorphic encryption, k-anonymity, or differential privacy. Asymmetric encryption can be used, along format- preserving encryption. Software and system aspects are described.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/           Primary Examiner, Art Unit 2498