DETAILED ACTION
This action is in response to new application filed 9/1/2021 titled “METHOD AND APPARATUS FOR PROCESSING BIOMETRIC INFORMATION IN ELECTRONIC DEVICE” which is a continuation of 14/619,731 now patent 9,792,460 and 15/718,826 now patent 11,151,288. Claims 1-20 were received for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/1/2021, 3/28/2022 and 8/2/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 9,792,460. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 10 and 16 of the present application is broader and therefore anticipated by the corresponding independent claim
1 and 9 of U.S. Patent No. 9,792,460.
17/464,208 Claim 1
9,792,460 Claim 9
1. A portable communication device comprising: 
An electronic device for processing biometric information, the electronic device comprising: 






a fingerprint sensor; and 
a biometric sensor module configured to sense a biometric object; and 
a processor operable, at least with respect to the fingerprint sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) supported under a second OS more secure than the first OS, the processor configured to: 
at least one processor configured to: 


while the processor is operated in the REE under the first OS, receive a signal from the fingerprint sensor in response to a fingerprint object being sensed via the fingerprint sensor, 
detect a biometric input event from the biometric sensor module, when in a normal mode operating under a first operating system; 
switch from the first OS to the second OS in response to the signal, and 
switch to a secure mode operating under a second operating system in response to the detection of the biometric input event, the second operating system being a secure operating system; 
while the processor is operated in the TEE under the second OS, obtain fingerprint image data from the fingerprint sensor, the fingerprint image data accessible by the processor while the processor is operated in the TEE under the second OS.
create, in the secure mode, in response to the biometric input event, biometric data based on sensed data from the biometric sensor module; 

perform, in the secure mode, biometric registration or biometric authentication based on the created biometric data; and 

provide, in the secure mode, result information of biometric registration or biometric authentication at the normal mode; and 

switch from the secure mode to the normal mode after providing the result information.


17/464,208 Claim 10 and 16
9,792,460 Claim 9
A portable communication device comprising: 





An electronic device for processing biometric information, the electronic device comprising: 






a touchscreen display; 

a biometric sensor; and 

a biometric sensor module configured to sense a biometric object; and 
a processor operable, at least with respect to the biometric sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) supported under a second OS more secure than the first OS, the processor configured to: 

at least one processor configured to: 


detect an input associated with an external object while the processor is operated in the REE under the first OS, 
detect a biometric input event from the biometric sensor module, when in a normal mode operating under a first operating system; 
obtain, using the biometric sensor, biometric image data corresponding to the input associated with the external object while the processor is operated in the TEE under the second OS, 

switch to a secure mode operating under a second operating system in response to the detection of the biometric input event, the second operating system being a secure operating system; 

create, in the secure mode, in response to the biometric input event, biometric data based on sensed data from the biometric sensor module; 
perform, using the biometric sensor, biometric authentication based at least in part on one or more biometric characteristics of the biometric image data while the processor is operated in the TEE under the second OS such that the biometric image data and the one or more characteristics of the biometric image data are accessible by the processor, and 
perform, in the secure mode, biometric registration or biometric authentication based on the created biometric data; and 

provide, in the secure mode, result information of biometric registration or biometric authentication at the normal mode; and 
display, via the touchscreen display, an outcome of the biometric authentication while the processor is operated in the REE under the first OS such that the biometric image data or at least one of the one or more characteristics of the biometric image data is inaccessible by the processor.
switch from the secure mode to the normal mode after providing the result information.


Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 11,151,288. Although the claims at issue are not identical, they are not patentably distinct from each other because because each and every element of the above independent claims 1, 10 and 16 of the present application is broader and therefore anticipated by the corresponding independent claim 1, 15 and 19 of U.S. Patent No. 11,151,288.
17/464,208 Claim 1
11,151,288 Claim 15
1. A portable communication device comprising: 
An electronic device for processing biometric information, the electronic device comprising: 

a display; 
a fingerprint sensor; and 
a fingerprint sensor; and 
a processor operable, at least with respect to the fingerprint sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) supported under a second OS more secure than the first OS, the processor configured to: 
a processor, coupled to the display and the fingerprint sensor, operable in one of a trusted execution environment or a rich execution environment, wherein the processor is configured to: 
while the processor is operated in the REE under the first OS, receive a signal from the fingerprint sensor in response to a fingerprint object being sensed via the fingerprint sensor, 
based on a determination that an event is triggered by the fingerprint sensor while operating in the rich execution environment, the event being triggered when the fingerprint sensor senses a fingerprint object; 
switch from the first OS to the second OS in response to the signal, and 
switch from the rich execution environment to the trusted execution environment, 
while the processor is operated in the TEE under the second OS, obtain fingerprint image data from the fingerprint sensor, the fingerprint image data accessible by the processor while the processor is operated in the TEE under the second OS.
obtain, in the trusted execution environment, through a secure interface, raw image data directly from the fingerprint sensor, the fingerprint sensor generating the raw image data by sensing the fingerprint object, 


generate, in the trusted execution environment, biometric data based on the raw image data, and 


perform, in the trusted execution environment, biometric enrollment based on the generated biometric data, and 


based on a determination that the biometric enrollment is complete, transfer a result of the biometric enrollment from the trusted execution environment to the rich execution environment, 


wherein the raw image data from the fingerprint sensor is accessible through the secure interface by the processor while the processor is operating in the trusted execution environment, 

wherein the raw image data is not accessible by the processor while the processor is operating in the rich execution environment, 

wherein a rich operating system is used while the processor operates in the rich execution environment, and 

wherein a secure operating system is used while the processor operates in the trusted execution environment.




17/464,208 Claim 10 and 16
11,151,288 Claim 15
A portable communication device comprising: 





An electronic device for processing biometric information, the electronic device comprising: 
a touchscreen display; 
a display; 
a biometric sensor; and 

a fingerprint sensor; and 
a processor operable, at least with respect to the biometric sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) supported under a second OS more secure than the first OS, the processor configured to: 

a processor, coupled to the display and the fingerprint sensor, operable in one of a trusted execution environment or a rich execution environment, wherein the processor is configured to: 
detect an input associated with an external object while the processor is operated in the REE under the first OS, 
based on a determination that an event is triggered by the fingerprint sensor while operating in the rich execution environment, the event being triggered when the fingerprint sensor senses a fingerprint object; 
switch from the rich execution environment to the trusted execution environment,
obtain, using the biometric sensor, biometric image data corresponding to the input associated with the external object while the processor is operated in the TEE under the second OS, 

obtain, in the trusted execution environment, through a secure interface, raw image data directly from the fingerprint sensor, the fingerprint sensor generating the raw image data by sensing the fingerprint object, 

perform, using the biometric sensor, biometric authentication based at least in part on one or more biometric characteristics of the biometric image data while the processor is operated in the TEE under the second OS such that the biometric image data and the one or more characteristics of the biometric image data are accessible by the processor, and 
generate, in the trusted execution environment, biometric data based on the raw image data, and 
perform, in the trusted execution environment, biometric enrollment based on the generated biometric data, and 

display, via the touchscreen display, an outcome of the biometric authentication while the processor is operated in the REE under the first OS such that the biometric image data or at least one of the one or more characteristics of the biometric image data is inaccessible by the processor.
based on a determination that the biometric enrollment is complete, transfer a result of the biometric enrollment from the trusted execution environment to the rich execution environment, 


wherein the raw image data from the fingerprint sensor is accessible through the secure interface by the processor while the processor is operating in the trusted execution environment, 

wherein the raw image data is not accessible by the processor while the processor is operating in the rich execution environment, 

wherein a rich operating system is used while the processor operates in the rich execution environment, and 

wherein a secure operating system is used while the processor operates in the trusted execution environment.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5, 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Grobman et al (US 2017/0039368) in view of Taveau et al (US 2014/0195815).
With respect to claim 1 Grobman teaches a portable communication device comprising: 
a fingerprint sensor (See Grobman paragraph 0036 i.e. hardware sensor 170 may be a sensor or converter that measures a physical quantity and converts the measurement into a signal, which can be read by electronic device 110. In a specific example, hardware sensor 170 may be a biosensor (e.g., biometric sensor), chemical sensor, or keypad and paragraph 0059 i.e. hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user); and 
a processor operable, at least with respect to the fingerprint sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) more secure than the first OS (see Grobman  paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029), the processor configured to: 
while the processor is operated in the REE under the first OS, receive a signal from the fingerprint sensor in response to a fingerprint object being sensed via the fingerprint sensor (see Grobman paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user), 
switch from the first OS to the second OS in response to the signal (see Grobman paragraph 0029 i.e. An authentication application can request the enclave to gather biometric data from hardware sensors or, if hardware sensors cannot be accessed from and/or operate within the enclave, deliver raw biometric data to the enclave using a trusted services application program interface (API). The enclave can processes the biometric data and build assertion data describing the confidence that the raw biometric data identifies a known user and paragraph 0052-0053), and 
while the processor is operated in the TEE obtain fingerprint image data from the fingerprint sensor, the fingerprint image data accessible by the processor while the processor is operated in the TEE under the second OS (see Grobman paragraph 0044 i.e. Biometric algorithm 308 can be used when comparing data obtained from hardware sensor 170 to data in reference data 160 in order to identify a user or determine authentication. Claim building algorithm 310 can be used to generate an assertion data or claim about the identity of the user. The assertion can include the results of the biometric algorithm).
Grobman does not teach the processor is operated in the TEE under the second OS.
Taveau teaches the processor is operated in the TEE under the second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

	
With respect to claim 2 Grobman teaches the portable communication device of claim 1, wherein the processor is configured to: as at least part of the switching, transition from the REE to the TEE.

With respect to claim 3 Grobman teaches the portable communication device of claim 1, wherein the processor is operably coupled with the fingerprint sensor via a normal interface and a secure interface, and wherein the processor is configured to: perform the receiving via the normal interface, and perform the obtaining via the secure interface (see Grobman paragraph 0029 i.e. An authentication application can request the enclave to gather biometric data from hardware sensors or, if hardware sensors cannot be accessed from and/or operate within the enclave, deliver raw biometric data to the enclave using a trusted services application program interface (API)).

With respect to claim 4 Grobman teaches the portable communication device of claim 1, wherein the processor is configured to: while the processor is operated in the TEE, generate biometric data based at least in part on the fingerprint image data (see Grobman paragraph 0029 i.e. An authentication application can request the enclave to gather biometric data from hardware sensors or, if hardware sensors cannot be accessed from and/or operate within the enclave, deliver raw biometric data to the enclave using a trusted services application program interface (API)).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 5 Grobman teaches the portable communication device of claim 4, wherein the processor is configured to: while the processor is operated in the TEE, perform biometric authentication based at least in part on the biometric data (see Grobman paragraph 0056 i.e. In block 640, based on the comparison, the system determines if the user is an authorized or recognized user and paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user. In block 840, the electronic device determines if the captured identification data for the intended user matches stored authentication data for an authorized user).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 6 Grobman teaches the portable communication device of claim 5, wherein the processor is configured to: while the processor is operated in the REE under the first OS, display an outcome of the biometric authentication via a touchscreen display (see Grobman paragraph 0059 i.e. If the captured identification data does not match, then the intended user is not recognized (and therefore not allowed to access the electronic device or the application), as in block 850. If the captured identification data matches, then the intended user is recognized (and may be allowed to access the electronic device or the application)).

With respect to claim 7 Grobman teaches the portable communication device of claim 6, wherein the processor is configured to: switch from the second OS to the first OS after the performing of the biometric authentication and before the displaying of the outcome (see Grobman paragraph 0059 i.e. If the captured identification data does not match, then the intended user is not recognized (and therefore not allowed to access the electronic device or the application), as in block 850. If the captured identification data matches, then the intended user is recognized (and may be allowed to access the electronic device or the application)).

With respect to claim 8 Grobman teaches the portable communication device of claim 4, further comprising memory including a secure zone accessible by the processor while the processor is operated in the TEE and inaccessible while the processor is operated in the REE under the first OS, wherein the processor is configured to: while the processor is operated in the TEE, store the biometric data in the secure zone (see Grobman  paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 9 Grobman teaches the portable communication device of claim 1, wherein the processor is configured to: refrain from accessing the fingerprint image data while in operation in the REE under the first OS (see Grobman  paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029).

With respect to claim 10 Grobman teaches a portable communication device comprising: 
a touchscreen display (See Grobman paragraph 0049 i.e. user interface 460 may include, by way of non-limiting example, a keyboard, mouse, display monitor, speaker, microphone, touch-sensitive display, which may act as a combined input/output device, and a camera); 
a biometric sensor (See Grobman paragraph 0036 i.e. hardware sensor 170 may be a sensor or converter that measures a physical quantity and converts the measurement into a signal, which can be read by electronic device 110. In a specific example, hardware sensor 170 may be a biosensor (e.g., biometric sensor), chemical sensor, or keypad and paragraph 0059 i.e. hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user); and 
a processor operable, at least with respect to the biometric sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) more secure than the first OS (see Grobman  paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029), the processor configured to: 
detect an input associated with an external object while the processor is operated in the REE under the first OS (see Grobman paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user), 
obtain, using the biometric sensor, biometric image data corresponding to the input associated with the external object while the processor is operated in the TEE under the second OS (see Grobman paragraph 0029 i.e. if hardware sensors cannot be accessed from and/or operate within the enclave, deliver raw biometric data to the enclave using a trusted services application program interface (API)), 
perform, using the biometric sensor, biometric authentication based at least in part on one or more biometric characteristics of the biometric image data while the processor is operated in the TEE under the second OS such that the biometric image data and the one or more characteristics of the biometric image data are accessible by the processor (see Grobman paragraph 0056 i.e. In block 640, based on the comparison, the system determines if the user is an authorized or recognized user and paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user. In block 840,
the electronic device determines if the captured identification data for the intended user
matches stored authentication data for an authorized user), and 
display, via the touchscreen display, an outcome of the biometric authentication while the processor is operated in the REE under the first OS such that the biometric image data or at least one of the one or more characteristics of the biometric image data is inaccessible by the processor (see Grobman paragraph 0059 i.e. If the captured identification data does not match, then the intended user is not recognized (and therefore not allowed to access the electronic device or the application), as in block 850. If the captured identification data matches, then the intended user is recognized (and may be allowed to access the electronic device or the application)).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 11 Grobman teaches the portable communication device of claim 10, wherein the processor is configured to: receive a touch input as the input via the touchscreen display (See Grobman paragraph 0049 i.e. user interface 460 may include, by way of non-limiting example, a keyboard, mouse, display monitor, speaker, microphone, touch-sensitive display, which may act as a combined input/output device, and a camera and paragraph 0049).

With respect to claim 12 Grobman teaches the portable communication device of claim 10, wherein the biometric sensor includes a camera, and wherein the processor is configured to: perform the obtaining of the biometric image data using the camera (See Grobman paragraph 0036 i.e. hardware sensor 170 may be a sensor or converter that measures a physical quantity and converts the measurement into a signal, which can be read by electronic device 110. In a specific example, hardware sensor 170 may be a biosensor (e.g., biometric sensor), chemical sensor, or keypad and paragraph 0059 i.e. hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user).

With respect to claim 13 Grobman teaches the portable communication device of claim 10, further comprising memory including a secure zone accessible by the processor while the processor is operated in the TEE and inaccessible while the processor is operated in the REE under the first OS, wherein the processor is configured to: while the processor is operated in the TEE, generate biometric data indicative of the one or more characteristics of the biometric image data and store the biometric data in the secure zone before the performing of the biometric authentication (see Grobman  paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 14 Grobman teaches the portable communication device of claim 10, wherein the biometric sensor includes a fingerprint sensor, wherein the biometric image data includes fingerprint image data, and wherein the processor is configured to: as at least part of the performing of the biometric authentication, perform fingerprint authentication based at least in part on the fingerprint image data (see Grobman paragraph 0056 i.e. In block 640, based on the comparison, the system determines if the user is an authorized or recognized user and paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user. In block 840, the electronic device determines if the captured identification data for the intended user matches stored authentication data for an authorized user).

With respect to claim 15 Grobman teaches the portable communication device of claim 10, wherein the biometric sensor includes a fingerprint sensor, an iris sensor, a retina sensor, or a vein pattern sensor (See Grobman paragraph 0036 i.e. hardware sensor 170 may be a sensor or converter that measures a physical quantity and converts the measurement into a signal, which can be read by electronic device 110. In a specific example, hardware sensor 170 may be a biosensor (e.g., biometric sensor), chemical sensor, or keypad and paragraph 0059 i.e. hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user).

With respect to claim 16 Grobman teaches a non-transitory storage medium storing instructions that, when executed by a computer including 
a touchscreen display (See Grobman paragraph 0049 i.e. user interface 460 may include, by way of non-limiting example, a keyboard, mouse, display monitor, speaker, microphone, touch-sensitive display, which may act as a combined input/output device, and a camera), 
a biometric sensor (See Grobman paragraph 0036 i.e. hardware sensor 170 may be a sensor or converter that measures a physical quantity and converts the measurement into a signal, which can be read by electronic device 110. In a specific example, hardware sensor 170 may be a biosensor (e.g., biometric sensor), chemical sensor, or keypad and paragraph 0059 i.e. hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user), and 
a processor, cause the computer to perform operations comprising: the processor operable, at least with respect to the biometric sensor, in a rich execution environment (REE) supported under a first operating system (OS) or a trusted execution environment (TEE) supported under a second OS more secure than the first OS (see Grobman paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029), the processor configured to: 
detect an input associated with an external object while the processor is operated in the rich execution environment (REE) under the first operating system (OS) (see Grobman paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user), 
obtain, using the biometric sensor, biometric image data corresponding to the input associated with the external object while the processor is operated in the trusted execution environment (TEE) under the second OS more secure than the first OS, 
perform, using the biometric sensor, biometric authentication based at least in part on one or more biometric characteristics of the biometric image data while the processor is operated in the TEE under the second OS such that the biometric image data and the one or more characteristics of the biometric image data are accessible by the processor, and 
display, via the touchscreen display, an outcome of the biometric authentication while the processor is operated in the REE under the first OS such that the biometric image data or at least one of the one or more characteristics of the biometric image data is inaccessible by the processor (see Grobman paragraph 0059 i.e. If the captured identification data does not match, then the intended user is not recognized (and therefore not allowed to access the electronic device or the application), as in block 850. If the captured identification data matches, then the intended user is recognized (and may be allowed to access the electronic device or the application)).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 17 Grobman teaches the non-transitory storage medium of claim 16, wherein the operations further comprise: receiving a touch input as the input via the touchscreen display (See Grobman paragraph 0049 i.e. user interface 460 may include, by way of non-limiting example, a keyboard, mouse, display monitor, speaker, microphone, touch-sensitive display, which may act as a combined input/output device, and a camera and paragraph 0049).

With respect to claim 18 Grobman teaches the non-transitory storage medium of claim 16, wherein the biometric sensor includes a camera, and wherein the obtaining of the biometric image data is performed using the camera (See Grobman paragraph 0036 i.e. hardware sensor 170 may be a sensor or converter that measures a physical quantity and converts the measurement into a signal, which can be read by electronic device 110. In a specific example, hardware sensor 170 may be a biosensor (e.g., biometric sensor), chemical sensor, or keypad and paragraph 0059 i.e. hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user).

With respect to claim 19 Grobman teaches the non-transitory storage medium of claim 16, wherein the computer further comprises memory including a secure zone accessible by the processor while the processor is operated in the TEE and inaccessible while the processor is operated in the REE under the first OS, and wherein the operations further comprises: while the processor is operated in the TEE, generating biometric data indicative of the one or more characteristics of the biometric image data, and storing the biometric data in the secure zone before the performing of the biometric authentication (see Grobman  paragraph 0024 i.e. The term “enclave” is inclusive of a trusted execution environment (TEE) and is a protected region of memory that is only accessible by the enclave itself or through a trusted services application program interface. Other processes cannot read, write, or otherwise access the data stored in the enclave and paragraph 0029).
Grobman does not teach the TEE uses a second OS.
Taveau teaches the TEE a second OS (see Taveau paragraph 0047 i.e. With mobile computing devices such as smartphones, a Trusted Execution Environment (TEE) can be used to switch the sensor driver into the Secure OS execution mode. The TEE is a secure area that resides in the main processor of a mobile computing device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as "trusted applications", enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grobman in view of Taveau to have use a secure OS inside of the Trusted Execution Environment as a way to offer safe execution of the trusted applications and ensures that sensitive data is stored, processed and protected in a trusted environment. Therefore one would have been motivated to have use a secure OS inside of the Trusted Execution Environment. 

With respect to claim 20 Grobman teaches the non-transitory storage medium of claim 16, wherein the biometric sensor includes a fingerprint sensor, wherein the biometric image data includes fingerprint image data, and wherein the performing of the biometric authentication includes performing fingerprint authentication based at least in part on the fingerprint image data (see Grobman paragraph 0056 i.e. In block 640, based on the comparison, the system determines if the user is an authorized or recognized user and paragraph 0059 i.e. For example, hardware sensor 170 may be used to capture biometric identification data such as a fingerprint from an intended user. In block 840, the electronic device determines if the captured identification data for the intended user matches stored authentication data for an authorized user).

Prior Art of Record
	Colnot (US 2014/0096222) Titled “SECURE USER AUTHENTICATION USING A MASTER SECURE ELEMENT” teaches various techniques of process isolation or virtualization create a secure environment that is typically not tamper resistant and also typically increases the complexity of the required software architecture. One implementation of such a technique is the TEE proposed by GlobalPlatform TEE White Paper, February 2011 and incorporated herein by reference in its entirety which states in part: [0006] The TEE is a separate execution environment that runs alongside the Rich OS and provides security services to that rich environment. The TEE offers an execution space that provides a higher level of security than a Rich OS; though not as secure as a Secure Element (SE), the security offered by the TEE is sufficient for most applications. In this way, the TEE delivers a balance allowing for greater security than a Rich OS environment with considerably lower cost than an SE.
	Smith et al (US 2014/0032933) titled “PROVIDING ACCESS TO ENCRYPTED DATA” teaches the authentication devices 102 may be associated with an embedded authentication module 108. The embedded authentication module 108 may reside or operate in, e.g., a trusted execution environment (TEE) 112. An example TEE 112 may include a manageability engine (ME) or a converged security engine (CSE), which may be a general purpose microcontroller in the chipset. The TEE 112 may also refer to a mode of a Central Processing Unit (CPU), e.g., the Secure Enclaves.RTM. mode where a portion of the user's process is protected from reads/writes by other processes and the kernel. In another example, the TEE 112 may include a CPU mode called Trust Zone.RTM. utilized in Acorn RISC Machine (ARM) architecture. Generally, the TEE 112 may refer to any secure execution environment associated with a computer system such as system 100.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492