Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2. 	This is the initial office action that has been issued in response to patent application, 17/021,954, filed on 09/15/2020. Claims 1-20 are currently pending and have been considered below. Claims 1 and 18 are independent claims. 

Priority
3. 	No priority claimed.

Drawings
4. 	The drawings filed on 09/15/2020 are accepted by the examiner. 

Information Disclosure Statement
5. 	The information disclosure statements (IDS’s) submitted on 09/15/2020, 09/16/2020 and 09/30/2021 are in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement. 


Claim Objections
6. 	Claim 2 objected to because of the following informalities:  Claim 2 recites “the digital Fingerprint”, the letter “F” in fingerprint is capitalized. 
Claim 10 objected to because of the following informalities: Claim 10 recites “and and writing the loading events”, “and” is recurrent.
 Appropriate correction is required.

Claim Rejections - 35 USC § 101
7. 	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claimed invention is not directed to patent
eligible subject matter. Based upon consideration of all of
the relevant factors with respect to the claim as a whole,
claim 15 is rejected under 35 U.S.C. 101 because the
claimed invention is directed to non-statutory subject
matter.
Claim 1 and 18 recites “a system”. The claim
recites system without having any hardware positively
recited. Under broadest reasonable interpretation, Examiner assumes that “a system” is no more than
software. Computer programs per se do not fit within
recognized categories of statutory subject matter. The
claim 1 and 18 recite “a system” without reciting
any component or structure. The preamble recites “a
system” but the device cannot be
implemented in software or tangible component. If the
device / apparatus / system is considered as machine, then
the machine needs to consist of some concrete part or
structure which is absent in the claim. See MPEP § 2106.
	A claim that covers both statutory and non-statutory
embodiments (under the broadest reasonable interpretation
of the claim when read in light of the specification and in
view of one skilled in the art) embraces subject matter
that is not eligible for patent protection and therefore is
directed to non-statutory subject matter.
	Claims 2-17 and 19-20 are dependent claims dependent on claim 1 and 18 and have inherited the deficiencies of their parent claim and have not resolved deficiencies. Therefore, they are rejected based on the same rationale as applied to the parent claim 1 and 18 above.  

Claim Rejections - 35 USC § 112
8. 	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 recites the limitation "the access rules are stored in the user layer" in line 15.  Claim 5 recites the limitation “the flow of business events”. Claim 9 recites the limitation “the history and state of the system” in line 2. Claim 10 recites the limitations “the specified product class”, “the service registrar”, “the identified authentication instance in the authentication layer” and “the loading events”, lines 5-9. Claim 11 recites the limitations “the specified product class from the service registrar” in lines 5. Claim 18 recites “the registered station” in lines 7-9. Claim 19 and 20 recite “registered station” and “a report of the comparison” in lines 5 and the last lines. 
There is insufficient antecedent basis for this limitation in the claim.





Claim Rejections - 35 USC § 102
9. 	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


10. 	Claims 1-5, 9-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kshirsagar (US Patent Publication No. 2013/0055367 A1).

11. 	Regarding Claim 1, Kshirsagar discloses, a system comprising:
a digital computing server arranged for communications over a network and implementing (Kshirsagar, [0044], the client device 202 itself or alternatively hosted on servers 204 and accessed via network connection 206): 
 	a storage layer to store digital fingerprint records and processing event records, each processing event record linked to the stored digital fingerprint records used in the corresponding event(Kshirsagar, Claim 11, a method to generate an identity fingerprint, comprising: retrieving records corresponding to a memory impaired patient from a data store of records based on a profile corresponding to the memory.).
an authentication layer to provide working memory of digital fingerprints (Kshirsagar, Claim 11, an identity fingerprint stored in the memory [0027], identity fingerprint that may be used subsequently for authentication, [0048], Client device 202 is any computing device with a processor 212 and a memory 214); 
a users layer to maintain user accounts, where each user and third-party system granted access to the system has a corresponding user account in the users layer (Kshirsagar, [0092], Cellular providers already have a wide range of user information sources 414. Sources may include pre-existing business intelligence sources 416 such as credit scores and default rates, billing information 418 for cellular subscriptions, and prepay information 420 for prepay cellular customers. Information from these user information sources 414 may be loaded into the data services layer 412); 
a services registrar component to manage working memory allocations, including allocating a portion of the working memory as an authentication instance for one client for a selected product class (Kshirsagar, [0052], Application server 208 is any computing device capable of hosting profile collection system 108 and/or profile based authentication server 126. Application server 208 comprises processor 220, memory 222 and network interface 224. As per the preceding discussion regarding client 202, memory 222); 
wherein the services registrar is configured to load digital fingerprint records of a selected product class from the storage layer into the authentication instance (Kshirsagar, [0018], multiple factors relating to user behavior are stored in a data structure called a profile and aggregated in the profile as a history of the user's behavior. The data structure may be persisted in a computer readable memory. A least some subset of the user's interactions stored in the profile may be used to generate an identity fingerprint that subsequently constitute a user's credentials.); 
a digital fingerprint extraction layer (Kshirsagar, [0099], The fingerprint database 502 receives data from enterprise data assets via the information integration layer); 
and a security layer to enforce rules governing network level access to the system, where the access rules are stored in the users layer, on a per user basis, and or stored in the services registrar component (Kshirsagar, [0106], The security component 516 implements the security protocols used for authentication, authorization and other security functions. Specifically, the security component 516 ensures valid access to the fingerprint applications, services and the fingerprints database. It verifies users, fingerprint modes, roles, security credentials, authentication tokens, digital signatures, and the like to comply with information security standards and regulations. [0093], Model 426 and then converted into profiles for storage into data store 428. The ETL Model 426 may be comprised of a data model and several rules and constraints.).  
	
12. 	Regarding Claim 2, Kshirsagar discloses, the system of claim 1 and further comprising a services aggregation service executable on the server and arranged to communicate with and coordinate operations among the storage layer, the digital Fingerprint extraction layer, and the authentication layer (Kshirsagar, Claim 11, a primitive operator stored in the memory and executable by the processor to receive at least the identity fingerprint, and perform any one or more of the following: generate a value, from the identity fingerprint).  

13. 	Regarding Claim 3, Kshisagar discloses, the system of claim 1 wherein the processing events stored in the storage layer include at least one of the following event types: 
an extraction of a digital fingerprint from an image; 
a registration of a digital fingerprint that includes storing and associating identification information of a physical object; an archival of a digital fingerprint that includes deactivation of a digital fingerprint so that it is no longer currently associated with the identification of a physical object; page 22Attorney Docket No. 410784-991640 Client Ref. No. 1620-USan authentication of a digital fingerprint that includes finding a matching digital fingerprint captured during registration; and a load or an unload of a digital fingerprint that includes copying or removing, respectively, of a digital fingerprint from the working memory (Kshirsagar, [0099], the information integration layer 504 performs any tasks to manage the extraction, transformation and loading, and the time of loading of fingerprint, [0004], the form of a user proffering a known value, such as a password or personal identification number (“PIN”). A user's credentials may come in the form by a user proffering a token such as a proximity card, or a fingerprint or retina scan, [0016], FIG. 10 is a diagram of an implementation of an exemplary matchmaking application based on security fingerprints,  [0131], The privacy editor may be used to set various privacy settings in profile 706 and may be used to create, update and delete modes for the customer user's fingerprint or fingerprints).  

14. 	Regarding Claim 4, Kshisagar discloses, the system of claim 1, wherein the security layer, for outbound communication, provides application layer security over and above security configured at the network and operations level (Kshirsagar, [0012], FIG. 6 is a diagram of an exemplary implementation of a logical architecture for a security fingerprint platform from an application and services perspective.).  

15. 	Regarding Claim 5, Kshisagar discloses, the system of claim 4, wherein the security layer is configured to limit the flow of business events to a specific set of product classes (Kshirsagar, [0005], many information systems only authenticate users upon logging onto a system, and subsequently limit system requests to verify identity as not to constantly interrupt the user.).  

16. 	Regarding Claim 9, Kshirsagar discloses, the system of claim 1 and further comprising a customer-specific web portal (Kshirsagar, [0028], Interaction 106 could possibly be user 102 using client device A 104 to access a web site); 
the web portal arranged for select users to access the history and state of the system 
(Kshirsagar, [0077, In other embodiments, a correlation model will identify usage patterns, for example determining if a credit card payment is made immediately after browsing a web site when in contrast the user historically views the same web site at least a dozen times prior to committing to a purchase); 
and the web portal also arranged to permit authorized users to generate reports and manage reference sets of digital fingerprints subject to applicable access rules are stored in the users layer (Kshirsagar, [0019], tracking the web address of the page, tracking the time the page was accessed, or tracking particular action performed such as posting a new picture or entering a comment. When these observables are stored in a user profile, they are called historical activities).  

17. 	Regarding Claim 10, Kshirsagar discloses, the system of claim 2 wherein the services aggregation service is arranged to carry out the steps of: 
receiving an authentication request wherein the authentication request specifies a product class (Kshirsagar, [0027], it illustrates how a user 102 progresses over time and develops a historical profile and an identity fingerprint that may be used subsequently for authentication.); 
identifying an authentication instance for the specified product class from the services registrar (Kshirsagar, [0035], The identity fingerprint may be cached, such that in lieu of the profile based authentication service 126 generating the identity fingerprint dynamically, it may be served directly.); 
loading a product class of digital fingerprints from the storage layer into the identified authentication instances in the authentication layer (Kshirsagar, [0089], FIG. 4 illustrates an exemplary application of multi-factor identity fingerprinting 400. Specifically, FIG. 4 illustrates loading existing user profile information and applying multi-factor identity fingerprinting for mobile device multimedia content requests on mobile devices 400);  
and and writing the loading events back into the storage layer (Kshirsagar, [0153], reading may be interfaced to a computing device and the data used for storage in a profile for a security fingerprint).  

18. 	Regarding Claim 11, Kshirsagar discloses, the system of claim 2 wherein the services aggregation service is arranged to carry out the steps of: 
receiving an authentication request, wherein the authentication request specifies a product class (Kshirsagar, [0151], authentication need not be performed solely by consulting a security fingerprint. There is a class of third party data sources that may supplement a security fingerprint); 
identifying an authentication instance for the specified product class from the services registrar (Kshirsagar, [0080], Thresholds may vary according to the scope of interaction of the user. For example, a per transaction authentication may have a lower threshold than a per session authentication); 
calling the authentication layer to find a matching digital fingerprint record (Kshirsagar, [0150], Authentication is the verification that a user matches a claimed identity.); 
and writing the event to the storage layer (Kshirsagar, [0153], reading may be interfaced to a computing device and the data used for storage in a profile for a security fingerprint).  

19. 	Regarding Claim 12, Kshirsagar discloses, the system of claim 1 and further comprising: 
an authentication API coupled to the security layer for communication with an external authentication station (Kshirsagar, [0081], the analysis results may be accessed directly through an exposed application programming interface (“API”). By way of yet another example, the analysis results may be aggregated into a single similarity score and exported for use by other applications or scenarios.); 
wherein the authentication API enables transmitting an authentication request to the system from an external authentication station and receiving an authentication result from the system (Kshirsagar, [0040], The profile based authentication service 126 may expose an application programming interface (“API”) to be programmatically accessible to an arbitrary information system.).  

20. 	Regarding Claim 13, Kshirsagar discloses, the system of claim 1 and further comprising: 
a REST API coupled to the security layer for communication with an external mobile unit to provide authentication services to the mobile unit(Kshirsagar, [0040], The profile based authentication service 126 may expose an application programming interface (“API”) to be programmatically accessible to an arbitrary information system. For example, the profile based authentication service 126 may be used in conjunction with credit card companies to provide additional indicia as to the identity of an arbitrary user. In this way, the user need not be in possession of a client device); 
and a mobile app executable on the mobile unit is provided a customer or use case specific URL for said communication using the REST API (Kshirsagar, [0040], if a client device is used to make a long distance phone call to a remote location that the user never has accessed, the cellular service may make an authentication request 124 against the profile based authentication service 126 and may require the user provide additional credentials.).  

21. 	Regarding Claim 14, Kshirsagar discloses, the system of claim 1 and further comprising a fingerprint catalog stored in the memory, the fingerprint catalog storing data to enable and manage registration of physical objects into the system, and authentication of a target object based on image data or digital fingerprints of the target object (Kshirsagar, [0145], the fingerprint database. Specifically, the fingerprint encapsulates data from a query on the fingerprint database. Note that the amount of data may be large, and it may be overly time consuming to regenerate the fingerprint. Accordingly, the memory augmentation application may invoke the version function of the versioning primitive operations 810 to find out the time of the last update and then perform an update function also of the versioning primitive operations 810.).  

22. 	Regarding Claim 15, Kshirsagar discloses, the system of claim 14 wherein the fingerprint catalog stored data includes: extraction parameters, authentication parameters, and user settings (Kshirsagar, [0126], A fingerprint requestor 612 can either request a fingerprint via the fingerprint requestor console 614 or via the web service gateway 616. The fingerprint requestor console 614 is typically used to maintain a fingerprint requestors account and/or subscription, preference setting, service issue management (e.g., help desk) and web service catalog.).  

23. 	Regarding Claim 16, Kshirsagar discloses, the system of claim 14 wherein the fingerprint catalog stored data includes: registration station settings and fixed authentication settings (Kshirsagar, [0003], when a user registers with a government site and enters personal information the transaction should also should ensure that the identity of the person is authenticated. Specifically, authentication is the performing of tests to guarantee within a known degree of confidence that a user corresponds to a user identity when interacting with an information system.).  

24. 	Regarding Claim 17, Kshirsagar discloses, the system of claim 14 wherein the fingerprint catalog stored data includes mobile device settings(Kshirsagar, [0089],  FIG. 4 illustrates loading existing user profile information and applying multi-factor identity fingerprinting for mobile device multimedia content requests on mobile devices 400).  

25. 	Regarding Claim 18, Kshirasagar disclose, a cloud-based computing system configured with instructions that, when executed, cause the system to:
receive and store in memory a catalog comprising configuration settings and parameters for a user entity (Kshirsagar, [0126], The fingerprint requestor console 614 is typically used to maintain a fingerprint requestors account and/or subscription, preference setting, service issue management (e.g., help desk) and web service catalog.);  
communicate over a network with a remote station to register the remote station into the system in association with the user entity(Kshirsagar, [0098], the main database of the Security Fingerprinting platform. It contains configuration and metadata for Security Fingerprint applications, monitoring data of processes, input data acquired from enterprise customer data sources and the data mining result data. All historical data is kept until a configurable time period ends); 
provision a URL for the registered station to interact with the system (Kshirsagar, [0127], provide access to the web service gateway 616, the fingerprint services application 618 may support a web service registry and a set of proxy web services.); 	
transmit the URL to the registered station (Kshirsagar, [0127], To track and provide access to the web service gateway 616, the fingerprint services application 618 may support a web service registry and a set of proxy web services.). 	
receive at the URL a request message from the registered station, the request message including image data of a physical object (Kshirsagar, [0019], a user accesses one of their social networking pages, tracking the web address of the page, tracking the time the page was accessed, or tracking particular action performed such as posting a new picture or entering a comment. When these observables are stored in a user profile, they are called historical activities.); 
process the image data according to the stored catalog parameters to form a digital fingerprint of the physical object(Kshirsagar, [0153], a user's geolocation at a particular data time stamp may be stored in a profile, as well as used a present context to be compared to a security fingerprint. User input may be from other input devices, connected via Bluetooth™ or other connectivity methods. For example, a pacemaker or other medical device reading may be interfaced to a computing device and the data used for storage in a profile for a security fingerprint.);	
and store the digital fingerprint in the system in association with the user entity, thereby inducting the physical object into the system (Kshirsagar, [0035], The identity fingerprint comprises a summary of the user's history and may take many potential forms. In one embodiment, the identity fingerprint may identify several different activities, and store the frequency the user performs those activities. In another embodiment, the identity fingerprint may store other users).  

26. 	Regarding Claim 19, Kshirasagar discloses, the computing system according to claim 18 wherein the instructions, when executed, further cause the system to: 
receive and store in memory a set of reference digital fingerprints associated with the user entity (Kshirsagar, Claim 11, a primitive operator stored in the memory and executable by the processor to receive at least the identity fingerprint; 
receive at the URL an authentication request message from the registered station, the request message including image data of a physical object (Kshirsagar, [0126], A fingerprint requestor 612 can either request a fingerprint via the fingerprint requestor console 614 or via the web service gateway 616. The fingerprint requestor console 614 is typically used to maintain a fingerprint requestors account and/or subscription, preference setting, service issue management (e.g., help desk) and web service catalog.);  
process the image data according to the stored catalog parameters to form a digital fingerprint of the physical object (Kshirsagar, [0145], the fingerprint database. Specifically, the fingerprint encapsulates data from a query on the fingerprint database. Note that the amount of data may be large, and it may be overly time consuming to regenerate the fingerprint. Accordingly, the memory augmentation application may invoke the version function of the versioning primitive operations 810 to find out the time of the last update and then perform an update function also of the versioning primitive operations 810.).  
compare the digital fingerprint to the stored set of reference digital fingerprints to find a match (Kshirsagar, [0147], FIG. 10 illustrates a matchmaking application using security fingerprints. Matchmaking is the introduction of two or more people who are compatible.); 
and generate a report of the comparison (Kshirsagar, [0136], fingerprint requestor, the encapsulated data remains secure, while allowing a fingerprint requestor to perform a comparison.); 

27. 	Regarding Claim 20, Kshirasagar discloses, the computing system according to claim 18 wherein the instructions, when executed, further cause the system to: 
receive and store in memory a set of reference digital fingerprints associated with the user entity (Kshirsagar, Claim 11, a primitive operator stored in the memory and executable by the processor to receive at least the identity fingerprint); 
receive at the URL an authentication request message from the registered station, the request message including a target digital fingerprint of a target physical object (Kshirsagar, [0126], A fingerprint requestor 612 can either request a fingerprint via the fingerprint requestor console 614 or via the web service gateway 616. The fingerprint requestor console 614 is typically used to maintain a fingerprint requestors account and/or subscription, preference setting, service issue management (e.g., help desk) and web service catalog.); 
compare the target digital fingerprint to the stored set of reference digital fingerprints to find a match (Kshirsagar, [0147], FIG. 10 illustrates a matchmaking application using security fingerprints. Matchmaking is the introduction of two or more people who are compatible.); 
and generate a report of the comparison (Kshirsagar, [0136], fingerprint requestor, the encapsulated data remains secure, while allowing a fingerprint requestor to perform a comparison.).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


28. 	Claims 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Kshirsagar (US Patent Publication No. 2013/0055367 A1) in view of Withrow (Foreign Patent Publication No. EP 3264330 A1).

29. 	Regarding Claim 6, Kshisagar discloses, the system of claim 1 and further comprising: 
a registration API coupled to the security layer for communication with an external registration station to register a physical object into the system (Kshirsagar, [0040], profile based authentication may be configured to meet the different authentication needs for different information systems. The profile based authentication service 126 may expose an application programming interface (“API”) to be programmatically accessible to an arbitrary information system); 
Kshirsagar does not explicitly disclose the following limitations that Withrow teaches:
wherein the registration station comprises a fixed rig including lighting and camera(s) to capture images of a physical object for extracting digital fingerprints (Withrow, [0071], In FIG. 7, the user device 702 includes a camera 726, which may be coupled to suitable image capture software 724. The camera should be suitable for image capture for generating digital fingerprints as described above. Fingerprints, based on captured image data, may be generated locally on the user device, or externally.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a device to capture images wherein the fingerprint gets extracted to enhance security features.

30. 	Regarding Claim 7, Kshisagar discloses, the system of claim 1 and further comprising:
Kshisagar does not explicitly disclose the following limitations that Withrow teaches:
a registration station including an imaging device arranged to capture an image of a physical object (Withrow, [0038], As previously described, a "scan" may refer to an image (or to digital data that defines an image) captured by a broad range of capturing devices, Claim 10, acquiring digital image data of at least a portion of a physical object); 
and the registration station capable of data communication over the network to the server (Withrow, [0070], A client device 700 may be a computer, laptop, smart phone, tablet, or any other device or assembly, portable or fixed, that is capable of communications over a network).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the images of the device when capture of the object and to register the communication data over the server to enhance security features. 

31. 	Regarding Claim 8, Kshirsagar and Withrow disclose, the system of claim 7 wherein the server provisions a URL for exclusive use by the registration station (Kshirsagar, [0132], Since fingerprints may be served over the web, the fingerprint services application 710 may maintain a web service registry and a proxy web services component.).  

Conclusion
32. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner Art Unit 2433
	
/WASIKA NIPA/Primary Examiner, Art Unit 2433