DETAILED ACTION
Status of Claims
This is the final office action in response to the applicant’s arguments/remarks made in an amendment filed on 06/27/2022.
Claims 1, 4, 11, 14, and 19 have been amended.
Claims 1-20 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments/Remarks
35 U.S.C. § 112:
	Regarding the 35 U.S.C. § 112 (a) rejection, the applicant has amended claims 4 and 14. Furthermore, the applicant has pointed out the paragraphs that describe the claimed subject matter of claims 4 and 14. The examiner agrees with the applicant, and the 35 U.S.C. § 112 (a) rejection has been withdrawn.

35 U.S.C. § 101:
	Regarding the 35 U.S.C. § 101 rejection, the applicant contends that the additional elements of the amended claims integrate the abstract idea into a practical application. The examiner agrees with the applicant, and the 35 U.S.C. § 101 rejection has been withdrawn.
	
35 U.S.C. § 103:
	The primary reference, Gulak, discloses comparing multiple different types of the received homomorphically encrypted data with the retrieved homomorphically encrypted data, and identifying a fraudulent action based on the comparison (see paragraph [0006]; Fig. 1; paragraphs [0100]-[0104]; paragraph [0111]; and paragraph [0114]). 
	The secondary reference, Sakemi, discloses determining the distance/proximity between the received homomorphically encrypted biometric information and the retrieved/registered homomorphically encrypted biometric information, calculating a count based on the determined distances, and identifying a fraudulent action based on the calculated count (see Fig. 1; Figs. 3-4; paragraphs [0058]-[0060]; paragraph [0103]; paragraphs [0105]-[0107]; and paragraphs [0111]-[0116]).
	The applicant’s amendments have overcome the 35 U.S.C. § 103 rejection. However, there are new grounds of rejection necessitated by the applicant’s amendments as detailed in the 35 U.S.C. § 103 rejection section.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-8, 11-14, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over GULAK et al. (US 20170293913 A1) in view of Sakemi et al. (US 20160204936 A1), and further in view of Morikawa et al. (US 20170104752 A1). 
Claims 1, 11, and 19:
	GULAK discloses the following:
	a.	a memory coupled to at least one processor, the least one processor configured to. (See Fig. 1; Fig. 3; and paragraph [0138], “[t]he data system 22 may include a network interface 80, a data accumulator 82, a query constructor 84, a user interface 86, and a calculation engine 88. The data system 22 may further include memory [e.g., RAM, hard-drive, solid-state drive, etc.] for storing encrypted data 50, encrypted calculation results (ER) 54, data 90, and authorizations 92. The data system 22 may also include a processor configured to execute the data accumulator 82, the query constructor 84, the user interface 86, and the calculation engine 88 and to control operations of the data system 22.”)
	b.	receiving, by at least one processor of a device, first data and second data, the first data and the second data being homomorphically encrypted, the first data associated with a first type of data, and the second data associated with a second type of data. (See paragraph [0006], “receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, and the transaction request comprising confidential cardholder data including an account number, non-confidential cardholder data and transaction data; retrieving one or more sets of encrypted comparison cardholder data encrypted according to a homomorphic encryption scheme”; Fig. 1; paragraphs [0100]-[0101], “[i]n an embodiment, the following fields may be encrypted using quantum secure lattice-based Fully Homomorphic Encryption [FHE]: the middle 3-9 digits of the credit card number [e.g. the secure portion of the account number], the expiry date and the CVV number. These fields may never be decrypted at any point in the verification process. They may always be in the ciphertext [Ctxt] form”; paragraphs [0103]-[0104]; and paragraph [0111], “[a]ccording to an embodiment, in performing the secure credit card authentication, the middle digits [for this example, 6 digits for a 16-digit card number are assumed] of the credit card number are first converted into bits where each bit is then encrypted using FHE encryption. The same process is performed for the expiry date and the CVV number. These encrypted bits are then sent on the network along with the cardholder name, bank name, BIN number, and last 4 digits of the credit card to the payment processor which then forwards them to the appropriate card issuer.”)
	c.	retrieving, by the at least one processor, third data associated with the first type of data, the third data being homomorphically encrypted; retrieving, by the at least one processor, fourth data associated with the second type of data, the fourth data being homomorphically encrypted. (See paragraph [0006], “retrieving one or more sets of encrypted comparison cardholder data encrypted according to a homomorphic encryption scheme”; and paragraph [0111], “[t]he card issuer will then receive this information, and using the cardholder name and last 4 digits of the card number, it will narrow down the search to just a few possible matching accounts [due to the match in the name and the last 4 digits] and the corresponding encrypted information will be fetched. Secure authentication is then applied between the incoming encrypted information and the possible matching accounts.”)
	d.	determining, by the at least one processor, a first match between the first data and the third data; determining, by the at least one processor, a second match between the second data and the fourth data. (See paragraph [0006], “comparing the confidential cardholder data to each set of the comparison cardholder data using one or more homomorphic operations to determine which set of comparison cardholder data matches the confidential cardholder data and validating the confidential cardholder data,” and paragraph [0111], “[t]he matching account, if all the bits of the credit card number, expiry date, and CVV numbers match [and possibly BIN number if used], and if the requested transaction amount is less than the account balance or limit, an encrypted indicator of z=1 will be generated. The encrypted indicator, either ‘0’ or ‘1’ can then be multiplied by a number corresponding to the order of this entry against the reduced list.”)
	e.	determining, by the at least one processor and based on the matches, a fraudulent action associated with the first data and the second data. (See paragraph [0111] and paragraph [0114], “[f]or example, there may be a separate list of stolen/lost cards and cardholder data against which the transaction request may be compared as well. In that case, the card number may be valid, but the authentication denied, if the card also appears on the stolen/lost list. A similar process may also be used for other validation and authentication lists, such as blacklisted countries for transaction, while remaining compliant with laws regarding disclosure of such information.”)
	GULAK does not explicitly disclose the following:
	determining  proximities between the received data and retrieved data, wherein the first proximity greater than zero;
	determining, by the at least one processor, that the first proximity is less than a proximity threshold, wherein a non-zero proximity less than the proximity threshold is indicative of a fraudulent action.
	determining, based on the first proximity being greater than zero and less than the proximity threshold, and based on the second proximity, a risk score associated with the first data and the second data; and
	identifying, based on the risk score, a fraudulent action associated with the first data and second data.
	However, Morikawa discloses the following:
	a.	determining a proximity (i.e., a distance) between the received homomorphically encrypted data and the retrieved homomorphically encrypted data. (See Fig. 1; paragraphs [0031]-[0032], “[f]or example, elements in the feature vector 2 indicating a feature of a vein pattern in a palm 1 of a user are encrypted to homomorphic ciphertexts with a public key 3 of the user, and an encryption vector [homomorphic encryption vector] including the encrypted elements that have been encrypted are stored in the storage unit 11, as the template 11a…. For example, when an authentication request is inputted, the authentication request including a ciphertext in which elements in a feature vector 2a [determination target vector] generated from a vein pattern in the palm 1 by an authorized user are encrypted to homomorphic ciphertexts”; and paragraphs [0035]-[0037], “[f]urther, when an authentication request including a ciphertext is inputted, the computation unit 12 generates an encrypted distance based on the ciphertext and the template 11a…. If the value indicating the distance is less than a threshold value θ, and each of all the values obtained by the decryption of a part of the encrypted elements is 0 or 1, the computation unit 12 determines that the feature vector having been used for the generation of the inputted ciphertext represents the feature of the biometric information on the authorized user…. For example, as for a ciphertext E(x′) that is generated from the feature vector 2a indicating the feature of the vein pattern in the palm 1 of the authorized user, a distance d is less than the threshold value θ with a high probability”; Fig. 4; and paragraphs [0086]-[0089], “[t]he calculation server 200 calculates an Euclidean squared distance between the template 33 and the sample 35 while remaining encrypted, and transmits the calculation result to the authentication server 100.”)
	b.	determining, by the at least one processor, that the proximity is greater than zero and less than a proximity threshold, wherein a non-zero proximity less than the proximity threshold is indicative a fraudulent action. (See paragraph [0090]; Fig. 5 and paragraphs [0101]-[0103], “[w]hen the number of elements is D, an Euclidean squared distance between the feature vector 32 and the feature vector 41 is D/4. If a threshold value is greater than D/4, the Euclidean squared distance is less than the threshold value, thus, the spoofing is succeeded.” These citations indicate that a non-zero proximity less than a threshold could indicate a spoofing attack.)
	GULAK discloses comparing multiple homomorphically encrypted data associated with different data types. Morikawa discloses determining a proximity by comparing the homomorphically encrypted biometric data. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify GULAK, to incorporate with the teachings of Morikawa, to determine proximities between the received data and the retrieved data, and to determine a proximity that is greater than zero and less than a threshold indicative of a fraudulent action, so that the system can be warned of a possible spoofing attack if the determined proximity is greater than zero and less than a threshold.
	The combination of GULAK and Morikawa discloses the claimed invention but does not explicitly disclose the following:
	determining, based on the first proximity being greater than zero and less than the proximity threshold, and based on the second proximity, a risk score associated with the first data and the second data; and
	identifying, based on the risk score, a fraudulent action associated with the first data and second data.
	Sakemi discloses the following:
	a.	determining, based on the proximity less than a threshold, a risk score associated with the data and that a proximity may be greater than zero. (See paragraphs [0033]-[0035]; Fig. 4 and paragraphs [0111]-[0114], “[t]hereafter, the determining unit 231 determines whether D.sub.H is smaller than a threshold [θ] set in advance, that is, whether the Hamming distance between A and B is smaller than the threshold [S104]. If D.sub.H is not smaller than the threshold [θ] set in advance [NO at S104], the determining unit 231 determines that a matching result is NG, and the process proceeds to S113. If D.sub.H is smaller than the threshold [θ] set in advance [YES at S104], the determining unit 231 initializes a counter [Count] [Count=0] [S105]…. If D.sub.1 is not smaller than the threshold [θ] set in advance [NO at S108], the determining unit 231 does not count up the counter [Count], and the process proceeds to S110. If D.sub.1 is smaller than the threshold [θ] set in advance [YES at S108], the determining unit 231 counts up the counter [Count], and the process proceeds to S110.”)
	b.	identifying, based on the risk score, a fraudulent action associated with the data. (See Fig. 4; paragraph [0103]; and paragraphs [0114]-[0116], “[i]f the number counted as the counter [Count] is smaller than the false acceptance rate [YES at S111], the determining unit 231 determines that a matching result is OK, and the process proceeds to S112…. Therefore, if determination is performed by counting the number of determinations indicating that the Hamming distance between B and random vector generated from A is smaller than the threshold, it is possible to accurately detect the spoofing attack by wolf.”)
	GULAK discloses comparing multiple encrypted data associated with different data types. Morikawa discloses that a distance/proximity may be greater than zero and less than a threshold. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of GULAK and Morikawa, to incorporate with the teachings of Sakemi, and to determine a risk score based on the determined proximities and a fraudulent action associated with the received data, so that the system can detect a spoofing attack by determining a risk score based on the distance between the received data and the retrieved data to make the verification process more accurate and more secure.
	Claims 1, 11, and 19 recite “wherein a non-zero proximity less than the proximity threshold is indicative of a fraudulent action.” This recites the intended use of the non-zero proximity. The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art. MPEP § 2103 I C states that language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP § 2103 I C).

Claims 2, 12, and 20:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK further discloses wherein the first data and the third data remain homomorphically encrypted while determining the first march, and wherein the second data and the fourth data remain homomorphically encrypted while determining the second march. (See paragraph [0006]; paragraph [0100]; and paragraph [0111].)
	Sakemi discloses determining the proximity. (See Fig. 1; Fig. 3; paragraphs [0058]-[0060]; and paragraphs [0105]-[0107].)
	GULAK discloses comparing multiple encrypted data associated with different data types. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify GULAK, to incorporate with the teachings of Sakemi, and to determine proximities between the received data and the retrieved data, so that the system can detect a spoofing attack by determining the distance between the received data and the retrieved data to make the verification process more accurate and more secure.

Claims 3 and 13:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK further discloses wherein the first data comprises first ciphertext, and wherein the second data comprises second ciphertext. (See paragraph [0100].)

Claims 4 and 14:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK further discloses determining, based on the first match being less than a threshold, fifth data and sixth data, the fifth data and the sixth data associated with an account attribute, wherein determining the match is further based on a comparison of the fifth data to the sixth data. (See paragraph [0100] and paragraph [0111].)
	Sakemi discloses determining a proximity and a risk score based on the proximity. (See Fig. 1; Fig. 3; paragraphs [0058]-[0060]; and paragraphs [0105]-[0107]; Fig. 4 and paragraphs [0111]-[0114].)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify GULAK, to incorporate with the teachings of Sakemi, and to determine proximities between the received data and the retrieved data as well as a risk score based on the proximities, so that the system can detect a spoofing attack by determining a risk score based on the distance between the received data and the retrieved data to make the verification process more accurate and more secure.

Claims 7 and 17:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK further discloses wherein the account attribute is a name or an address associated with the account. (See paragraph [0100]-[0101] and paragraph [0111].) 
	Claims 7 and 17 recite “wherein the account attributes is a name or an address associated with the account.” This describes the characteristics of the account attributes. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, these claims recite a nonfunctional descriptive material. When a descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Claims 8 and 18:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK further discloses wherein the first data is associated with a social security number or a payment number. (See paragraph [0100].)
	Claims 8 and 18 recite “wherein the firs data is associated with a social security number or a payment number.” This describes the characteristics of the first data. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, these claims recite a nonfunctional descriptive material. When a descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Claims 5-6 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over GULAK et al. (US 20170293913 A1) in view of Sakemi et al. (US 20160204936 A1), and further in view of Morikawa et al. (US 20170104752 A1) and Wuerch et al. (US 20140051417 A1).

Claims 5 and 15:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK discloses wherein the first data, the second data, and the fifth data are associated with a request for a financial process associated with an account. (See paragraphs [0100]-[0101] and paragraph [0111].)
	None of GULAK, Sakemi, and Morikawa explicitly discloses a request to activate an account.
	However, Wuerch discloses a request comprising a set of data to activate an account. (See paragraphs [0030]-[0033].)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify GULAK, Sakemi, and Morikawa, to incorporate with the teachings of Wuerch, and to implement the homomorphic encryption on a request to activate an account, so that the sensitive information in the request and the activation process can be more secure.
	
Claims 6 and 16:
	GULAK in view of Sakemi, Morikawa, and Wuerch discloses the limitations shown above.
	GULAK further discloses wherein the fraudulent action indicates that the account is fraudulent. (See paragraph [0111] and paragraph [0114].)
	Claims 6 and 16 recite “wherein the fraudulent action indicates that the account is fraudulent.” This describes the characteristics of the fraudulent action. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, these claims recite a nonfunctional descriptive material. When a descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over GULAK et al. (US 20170293913 A1) in view of Sakemi et al. (US 20160204936 A1), and further in view of Morikawa et al. (US 20170104752 A1) and KOGURE et al. (JP 2011211593 A).
Claim 9:
	GULAK in view of Sakemi and Morikawa discloses the limitations shown above.
	GULAK discloses determining a match between the first ciphertext and the second ciphertext. (See paragraph [0100] and paragraph [0111].)
	Sakemi discloses determining a distance between the encrypted data, and wherein the risk score is based on the distance. (See Fig. 1; Fig. 3; paragraphs [0058]-[0060]; and paragraphs [0105]-[0107]; Fig. 4 and paragraphs [0111]-[0114].)
	None of GULAK, Sakemi, and Morikawa discloses determining a Levenshtein-Damereau distance. 
	However, KOGURE discloses determining a Levenshtein-Damereau distance. (See page 7, paragraph 4, “[a]s a specific example of the biometric authentication algorithm f, for example, an algorithm for determining whether the Hamming distance is equal to or less than a certain value. As another specific example, it may be determined by the Levenshtein distance in addition to the determination by the Hamming distance. In addition, if the homomorphic encryption E is a completely homomorphic encryption capable of both addition and multiplication operations, the biometric authentication algorithm f can use any algorithm.”)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify GULAK, Sakemi, and Morikawa, to incorporate with the teachings of KOGURE, and to determine a Levenshtein-Damereau distance between homomorphically encrypted data, so that the system could be more flexible through implementing different algorithms for biometric authentication.

Claim 10:
	GULAK in view of Sakemi, Morikawa, and KOGURE discloses the limitations shown above.
	Sakemi discloses wherein determining the risk score comprises determining that the distance is less than a threshold distance. (See Fig. 1; Fig. 3; paragraphs [0058]-[0060]; and paragraphs [0105]-[0107]; Fig. 4 and paragraphs [0111]-[0114].)
	KOGURE discloses determining a Levenshtein-Damereau distance. (See page 7, paragraph 4.)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify GULAK, Sakemi, and Morikawa, to incorporate with the teachings of KOGURE, and to determine a Levenshtein-Damereau distance between homomorphically encrypted data, so that the system could be more flexible through implementing different algorithms for biometric authentication.

Conclusion
The prior art, made of record and not relied upon, is considered pertinent to the applicant’s disclosure.
Arora et al. (US 20200250679 A1) disclose authenticating a user by comparing homomorphically encrypted data.
Bent et al. (US 20190140818 A1) discloses performing a homomorphic operation on a data set by applying an encrypted operand and performing a homomorphic threshold calculation using a homomorphic polynomial evaluation.

The applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). The applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHUNLING DING, whose telephone number is (571)270-3605. The examiner can normally be reached 9:30 - 7:30 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, an applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel, can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.D./Examiner, Art Unit 3685                                                                                                                                                                                                        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685