DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 08/17/2022.
Claims 1, 10 and 12-13 have been amended.
Claim 9 have been canceled.
Claims 1-8 and 10-13 are submitted for examination.
Claims 1-8 and 10-13 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment, filed on August 17, 2022, has claims 1, 10 and 12-13 amended, claim 9 canceled and all other claims previously presented. Among the amended claims, claims 1, 10, 12 and 13 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on December 20, 2021 at page 9, asserts, “Claim 12 was rejected under 35 U.S.C. §101 because the claimed invention is directed to non-statutory subject matter. Claim 12 has been amended to recite a processor and a memory as suggested by the Examiner during the recent interview. The Examiner seemed to indicate that this would obviate the rejection under 35 USC 101.”
Applicant’s argument presented above has been considered and is found persuasive, the U.S.C 101 rejection has been withdrawn.
Applicant’s remark, filed on December 20, 2021 at page 9-10, asserts, “The application is generally directed to capturing images by an image sensor, generating a sensor fingerprint based on the captured images, and encoding the sensor fingerprint into a compressed fingerprint using an algorithm of random projections. The application further claims encrypting or decrypting confidential data using the compressed fingerprint as a key. Each of the independent claims has been amended to recite "wherein the confidential data comprise a private key of a private key/public key pair." In particular, each of the independent claims has been amended to essentially include the subject matter of previously presented claim 9.”
Applicant’s argument presented above has been considered and is found persuasive due to Applicant’s amendment necessitates a new ground of rejection.
Accordingly, a new ground of rejection based on newly identified prior-art by Katoh (US 2016/0373264) has been applied to the amendment.
Specifically, Katoh discloses PUF technology, digital ID data constituted by random numbers specific to each IC is generated as irreproducible data. Such digital ID data is used as a device key for encrypting the private key described above. The private key encrypted by using the device key (digital ID data) is kept encrypted and saved in a non-volatile memory. That is, the encrypted private key recorded in the non-volatile memory can be decrypted and restored to the original private key data only by using the device key. Therefore, even if the entire data within the non-volatile memory is hard-copied by hacking, the device key (digital ID data) specific to each IC is irreproducible. As a result, it is not possible to restore the encrypted private key to the original data, and therefore, it is not possible to use the hacked data..
In addition, Katoh disclose a public key and a private key used in a public key scheme make a unique pair of keys, such as the RSA encryption, may be employed in which encrypted communication is performed by using two different keys, namely, a private key and a public key, to make a key used in encryption different from a key used in decryption. 
Thus, Examiner submits that Katoh teaches the feature limitation, “… wherein the confidential data comprise a private key of a private key/public key pair …” (See Parags. [0006-0007] and [0302-0324] and rejection below for specific citation).
Therefore, the combination of Magli, Trimberger and Katoh discloses amended claim 1.
Applicant’s remarks regarding amended independent claims 10, 12 and 13 has been considered and is addressed based on the same rationale presented for the amended claim 1.
Applicant further recites similar remarks as listed above for dependent claims, 2-8 and 10-13. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Magli, Trimberger, Katoh, Chen and Dabov would render the claimed limitations obvious (See rejection below).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-8, 10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Magli et al. (WO 2018/073681) hereinafter Magli in view of Trimberger (US 9,225,512) and further in view of Katoh (US 2016/0373264).
As per Claim 1, Magli teaches a method (Magli, page 1, lines 5-8; “method for authenticating said user equipment by said device, in particular for authenticating a user equipment by using a fingerprint of an image sensor.”) [for protection of confidential data], comprising: 
an image acquisition phase, wherein a plurality of images are captured by an image sensor (Magli, page 9, lines 12-14; “an image acquisition phase E1, wherein a plurality of images (preferably 10 to 30 images) are acquired by the image sensor 21.”); 
a fingerprint calculation phase, wherein a sensor fingerprint is generated, by a processor, on the basis of said plurality of images captured during the image acquisition phase (Magli, page 9, lines 17-21; “a registration fingerprint computation phase E2, wherein a registration sensor fingerprint is generated, through the control and processing means of said user equipment, on the basis of said plurality of images acquired during said phase E1.”); 
a compression phase, wherein at least a portion of said sensor fingerprint is encoded, by said processor, using an algorithm of random projections, in such a way as to generate a compressed fingerprint (Magli, page 9, lines 22-27; “a registration fingerprint compression phase E4, wherein said at least one compressed portion (W) of said registration sensor fingerprint is coded (compressed), through the control and processing means of the user equipment 2 , by using a random projection algorithm, so as to generate at least one compressed portion W of said registration sensor fingerprint.”); and
[a processing phase, wherein said confidential data are encrypted and/or decrypted using said compressed fingerprint as a key, wherein the confidential data comprise a private key of a private key/public key pair.]
Magli does not expressly teaches:
for protection of confidential data, and
a processing phase, wherein said confidential data are encrypted and/or decrypted using said compressed fingerprint as a key, wherein the confidential data comprise a private key of a private key/public key pair.
However, Trimberger teaches:
the protection of confidential data (Trimberger, Abstract; “Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value (i.e. fingerprint) is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value.” … Col. 1, lines 18-24; “A PUF circuit uses the physical characteristics to generate an identifier value, for example a binary number, which differs from one integrated circuit to the next due to the different physical characteristics of each manufactured device. These identifier values may be used to uniquely identify the integrated circuit, as a key for encryption and decryption, or for other purposes.”), and
a processing phase, wherein said confidential data are encrypted and/or decrypted using said compressed fingerprint as a key (Trimberger, Abstract; “Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value (i.e. fingerprint) is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value.” … Col. 1, lines 18-24; “A PUF circuit uses the physical characteristics to generate an identifier value, for example a binary number, which differs from one integrated circuit to the next due to the different physical characteristics of each manufactured device. These identifier values may be used to uniquely identify the integrated circuit, as a key for encryption and decryption, or for other purposes.” …. Col. 4 lines 41-52; “At block 208, n encrypted data pairs are generated using then PUF values. In one implementation, each encrypted data pair is produced by encrypting the session key and a correctness indicator using one of the PUF values as the encryption key. The correctness indicator serves to signal when decryption is successful or valid. The correct ness indicator can be any known value and does not need to be kept secret. Values such as a hash or cyclic redundancy check (CRC) of the session key may alternatively be used. In another implementation, each encrypted data pair is produced by encrypting the payload data and a correctness indicator using one of the PUF values as the encryption key.” … Col. 5, lines 31-38; “FIG. 3 shows an example process of using a PUF for decryption. At block 302, a PUF value is generated, and at block 304 an encrypted data set is input. An unprocessed one of the encrypted data pairs is obtained for processing at block 306. At block308, the current encrypted data pair is decrypted into a decrypted data element (i.e., decrypted payload data or decrypted session key) and a decrypted correctness indicator using the generated PUF value.”), [wherein the confidential data comprise a private key of a private key/public key pair].
Magli and Trimberger are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for configure a user apparatus so as to capture a plurality of images by means of an image sensor comprised in said apparatus, generate a sensor fingerprint on the basis of said plurality of images, encode at least a portion of said sensor fingerprint using an algorithm of random projections in such a way as to generate a compressed fingerprint, and encrypt and/or decrypt said confidential data using said compressed fingerprint as a key, in order to protect confidential data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Trimberger’s system into Magli’s system, with a motivation to provide a unique value to be used as part of a cryptographic operation (encryption/decryption) in order to protect the confidential data (Trimberger, Abstract).
However, the combination of Magli and Trimberger does not expressly teach:
wherein the confidential data comprise a private key of a private key/public key pair.
But, Katoh teaches:
wherein the confidential data comprise a private key of a private key/public key pair (Katoh, Parag. [0302]; “Alternatively, a public key scheme. Such as the RSA encryption, may be employed in which encrypted communication is performed by using two different keys, namely, a private key and a public key, to make a key used in encryption different from a key used in decryption. In this case, the private key storage unit 508 described below may store both the public key of the party at the other end of communication and the private key of the communicating party. Data of these important keys may be encrypted by using digital ID data of the present disclosure generated from the specific-ID storage unit 511 as an encryption key and may be stored as an encrypted private key or an encrypted public key. Digital ID data generated by using the PUF technology as described above is specific to the reader/writer and is difficult to reproduce or hack. Accordingly, even if an encrypted private key or an encrypted public key encrypted by using Such digital ID data is copied, the digital ID data is data for which copying is not possible and which is specific to the IC card, and therefore, ensures security.”).
Magli, Trimberger and Katoh are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for configure a user apparatus so as to capture a plurality of images by means of an image sensor comprised in said apparatus, generate a sensor fingerprint on the basis of said plurality of images, encode at least a portion of said sensor fingerprint using an algorithm of random projections in such a way as to generate a compressed fingerprint, and encrypt and/or decrypt said confidential data using said compressed fingerprint as a key, in order to protect confidential data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Katoh system into Magli-Trimberger system, with a motivation to provide a private key to be used as part of a asymmetric cryptographic operation (encryption/decryption) in order to encrypt/decrypt device data (Katoh, Parag. [0302]).

As per claim 2, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Trimberger teaches wherein, during the processing phase, the confidential data are encrypted (Trimberger, Abstract; “Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value (i.e. fingerprint) is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value.” … Col. 1, lines 18-24; “A PUF circuit uses the physical characteristics to generate an identifier value, for example a binary number, which differs from one integrated circuit to the next due to the different physical characteristics of each manufactured device. These identifier values may be used to uniquely identify the integrated circuit, as a key for encryption and decryption, or for other purposes.”), 
In addition, Magli further teaches wherein said method also comprises: a random generation phase, wherein, by said processor, a random bit string is generated (Magli, page 10, lines 24-25; “a random generation phase, wherein a (pseudo) random bit string preferably having a predefined length is generated.”), and wherein during the compression phase, said algorithm of random projections (Magli, page 13, lines 3-6; “the control and processing means of the user equipment 2 are configured for executing a set of instructions implementing a compression algorithm that utilizes the random projection technique.”) generates a set of random projections on the basis of said random bit string (Magli, page 13-14, lines 25-3; “the user equipment 2 can be configured for computing a compressed version of each sensor fingerprint computed by it by means of random projections, i.e. via multiplication (matrix product) between a compression matrix and a matrix that represents said sensor fingerprint (or vice versa), wherein said compression matrix has a number of rows (or columns) which is smaller than that of the matrix that represents the sensor fingerprint of a camera. The result of said product can be quantized, i.e. represented on a finite number of bits, for the purpose of obtaining a more compact representation of the compressed version of the sensor fingerprint.”).

As per claim 4, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Magli further teaches wherein, during the processing phase, a string of confidential data is encoded by said processor using a polar coding, in such a way as to obtain a string of encoded confidential data (Magli, page 10, lines 28-31; “a coding phase, wherein said bit string is coded by the control and processing means 11 by using a polar coding technique (polar encoder C), so as to obtain a coded random string.”), and
In addition, Trimberger teaches said encoded confidential data are encrypted using said compressed fingerprint as a key (Trimberger, Abstract; “Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value (i.e. fingerprint) is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value.” … Col. 1, lines 18-24; “A PUF circuit uses the physical characteristics to generate an identifier value, for example a binary number, which differs from one integrated circuit to the next due to the different physical characteristics of each manufactured device. These identifier values may be used to uniquely identify the integrated circuit, as a key for encryption and decryption, or for other purposes.” …. Col. 4 lines 41-52; “At block 208, n encrypted data pairs are generated using then PUF values. In one implementation, each encrypted data pair is produced by encrypting the session key and a correctness indicator using one of the PUF values as the encryption key. The correctness indicator serves to signal when decryption is successful or valid. The correct ness indicator can be any known value and does not need to be kept secret. Values such as a hash or cyclic redundancy check (CRC) of the session key may alternatively be used. In another implementation, each encrypted data pair is produced by encrypting the payload data and a correctness indicator using one of the PUF values as the encryption key.” … Col. 5, lines 31-38; “FIG. 3 shows an example process of using a PUF for decryption. At block 302, a PUF value is generated, and at block 304 an encrypted data set is input. An unprocessed one of the encrypted data pairs is obtained for processing at block 306. At block308, the current encrypted data pair is decrypted into a decrypted data element (i.e., decrypted payload data or decrypted session key) and a decrypted correctness indicator using the generated PUF value.”).

As per claim 5, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Trimberger teaches wherein during the processing phase, said confidential data are decrypted so as to obtain encoded confidential data (Trimberger, Abstract; “Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value (i.e. fingerprint) is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value.” … Col. 1, lines 18-24; “A PUF circuit uses the physical characteristics to generate an identifier value, for example a binary number, which differs from one integrated circuit to the next due to the different physical characteristics of each manufactured device. These identifier values may be used to uniquely identify the integrated circuit, as a key for encryption and decryption, or for other purposes.” …. Col. 4 lines 41-52; “At block 208, n encrypted data pairs are generated using then PUF values. In one implementation, each encrypted data pair is produced by encrypting the session key and a correctness indicator using one of the PUF values as the encryption key. The correctness indicator serves to signal when decryption is successful or valid. The correct ness indicator can be any known value and does not need to be kept secret. Values such as a hash or cyclic redundancy check (CRC) of the session key may alternatively be used. In another implementation, each encrypted data pair is produced by encrypting the payload data and a correctness indicator using one of the PUF values as the encryption key.” … Col. 5, lines 31-38; “FIG. 3 shows an example process of using a PUF for decryption. At block 302, a PUF value is generated, and at block 304 an encrypted data set is input. An unprocessed one of the encrypted data pairs is obtained for processing at block 306. At block308, the current encrypted data pair is decrypted into a decrypted data element (i.e., decrypted payload data or decrypted session key) and a decrypted correctness indicator using the generated PUF value.”), and 
In addition, Magli teaches said encoded confidential data are decoded using a polar coding (Magli, page 22, lines 20-25; “wherein said authentication information (IA) was previously generated on the basis of at least one portion (W) of a registration fingerprint and a random string coded by using a polar coding technique, decoding said coded authentication string by using a polar decoding technique, so as to obtain an authentication string.”).

As per claim 6, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Magli teaches wherein, during the compression phase, said at least one portion of said sensor fingerprint is encoded using an algorithm of random projections, so as to generate an encoded sensor fingerprint, and wherein said encoded sensor fingerprint is quantized through the processing means, so as to generate said compressed fingerprint (Magli, page 13-14, lines 25-5; “the user equipment 2 can be configured for computing a compressed version of each sensor fingerprint computed by it by means of random projections, i.e. via multiplication (matrix product) between a compression matrix and a matrix that represents said sensor fingerprint (or vice versa), wherein said compression matrix has a number of rows (or columns) which is smaller than that of the matrix that represents the sensor fingerprint of a camera. The result of said product can be quantized, i.e. represented on a finite number of bits, for the purpose of obtaining a more compact representation of the compressed version of the sensor fingerprint. For example, a binary version of the compressed sensor fingerprint can be obtained with the following formula: w=sign(y).”).

As per claim 7, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Magli teaches wherein, during the compression phase, said processor performs the steps of: 
transforming the generated sensor fingerprint inside a transformed domain during the fingerprint calculation phase, in such a way as to obtain a transformed fingerprint, selecting the points of the transformed fingerprint that have a horizontal and/or vertical spatial frequency higher than a threshold value, and antitransforming said selected points of the transformed fingerprint (Magli, page 20, lines 3-20; “during each one of the phases E3,V3, the control and processing means of the user equipment 2 are configured for executing the following steps: 
- transforming the fingerprint computed during the phase E2 or the phase V2 in a transformed domain, so as to obtain a transformed fingerprint; this can be done, for example, by executing a set of instructions implementing a transformation algorithm, such as the Discrete Cosine Transform (DCT) or the 2D Fast Fourier Transform (2D FFT) , or the like; 
- selecting those pixels of the transformed fingerprint which have a horizontal and/or vertical spatial frequency greater than a predefined threshold value; 
- anti-transforming said selected pixels of the transformed fingerprint, e.g. by executing a set of instructions implementing an anti-transformation algorithm, such as the Inverse Discrete Cosine Transform (DCT) or the (2D Inverse Fast Fourier Transform (2D IFFT ), or the like.”).

As per claim 8, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Magli teaches wherein, during the fingerprint calculation phase, a set of instructions is executed which, before the sensor fingerprint is generated, applies the Wiener filtering algorithm to each image captured during the image acquisition phase, in such a way as to remove all periodic artefacts from said plurality of images (Magli, page 19, lines 14-25; “Aiming at further improving the quality of the registration and authentication sensor fingerprints, each image acquired by the image sensor 2 1 can be filtered through a Wiener filter suitable for removing all periodic artifacts before the sensor fingerprints are extracted (computed) . In other words, the control and processing means of the user equipment 2 may also be configured for executing, at the beginning of the phase E2 and/or of the phase V2, a set of instructions applying the Wiener filtering algorithm to said at least one image acquired during the image acquisition phase El, I before the generation of the authentication sensor fingerprint, so as to remove all periodic artifacts from said at least one image.”).

As per claim 10, it is an apparatus claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1.  In addition, Magli teaches a user apparatus for protection of confidential data, comprising: an image sensor (Magli, page 7, lines 12-13; “The user equipment 2 comprises an image sensor 21 (e.g. a photographic sensor, a night vision sensor, or the like).”) adapted to capture images (Magli, page 11, lines 11-13; “wherein at least one image (preferably one to five images) is acquired by the image sensor 21.”); 
processor in communication with said image sensor (Magli, page 7, lines 12-19; “The user equipment 2 comprises an image sensor 21 (e.g. a photographic sensor, a night vision sensor, or the like) and elements that are functionally similar to those already described with reference to the device 1 (i.e. control and processing means, volatile memory means, mass memory means, communication means and input/output means) in signal communication with one another and configured for executing different functions.”).

As per claim 12, it is an apparatus claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1.

As per claim 13, it is a computer program product claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1. In addition, Magli teaches one or more hardware storage devices having stored thereon computer-executable instructions that are structured such that, when the computer-executable instructions are executed by one or more processors (Magli, page 4-5, lines 31-8; “With reference to Fig. 1, an embodiment of a device 1 (e.g. a PC, a server, or the like) according to the invention comprises the following components: control and processing means 11, e.g. one or more CPUs, governing the operation of the device 1 , preferably in a programmable manner, through the execution of suitable instructions; volatile memory means 12, e.g. a random access memory (RAM), in signal communication with the control and processing means 11, wherein said volatile memory means 12 store at least instructions that can be read by the control and processing means 11 when the device 1 is in an operating condition.”)…

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Magli et al. (WO 2018/073681) hereinafter Magli in view of Trimberger (US 9,225,512) and Katoh (US 2016/0373264) as applied to claim 1 above, and further in view of Chen et al. (US 10,915,464) hereinafter Chen.
As per claim 3, the combination of Magli, Trimberger and Katoh teaches the method according to claim 1. Trimberger teaches wherein during the processing phase, the confidential data are decrypted (Trimberger, Abstract; “Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value (i.e. fingerprint) is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value.” … Col. 1, lines 18-24; “A PUF circuit uses the physical characteristics to generate an identifier value, for example a binary number, which differs from one integrated circuit to the next due to the different physical characteristics of each manufactured device. These identifier values may be used to uniquely identify the integrated circuit, as a key for encryption and decryption, or for other purposes.” …. Col. 4 lines 41-52; “At block 208, n encrypted data pairs are generated using then PUF values. In one implementation, each encrypted data pair is produced by encrypting the session key and a correctness indicator using one of the PUF values as the encryption key. The correctness indicator serves to signal when decryption is successful or valid. The correct ness indicator can be any known value and does not need to be kept secret. Values such as a hash or cyclic redundancy check (CRC) of the session key may alternatively be used. In another implementation, each encrypted data pair is produced by encrypting the payload data and a correctness indicator using one of the PUF values as the encryption key.” … Col. 5, lines 31-38; “FIG. 3 shows an example process of using a PUF for decryption. At block 302, a PUF value is generated, and at block 304 an encrypted data set is input. An unprocessed one of the encrypted data pairs is obtained for processing at block 306. At block308, the current encrypted data pair is decrypted into a decrypted data element (i.e., decrypted payload data or decrypted session key) and a decrypted correctness indicator using the generated PUF value.”), [wherein said method also comprises: a random string reading phase, wherein, by means of said processing means, a random bit string stored in memory means is read], and
In addition, Magli teaches wherein during the compression phase, the processing means generate a set of random projections (Magli, page 13, lines 3-6; “the control and processing means of the user equipment 2 are configured for executing a set of instructions implementing a compression algorithm that utilizes the random projection technique.”) on the basis of said random bit string (Magli, page 13-14, lines 25-3; “the user equipment 2 can be configured for computing a compressed version of each sensor fingerprint computed by it by means of random projections, i.e. via multiplication (matrix product) between a compression matrix and a matrix that represents said sensor fingerprint (or vice versa), wherein said compression matrix has a number of rows (or columns) which is smaller than that of the matrix that represents the sensor fingerprint of a camera. The result of said product can be quantized, i.e. represented on a finite number of bits, for the purpose of obtaining a more compact representation of the compressed version of the sensor fingerprint.”).
However, the combination of Magli, Trimberger and Katoh does not expressly teaches:
wherein said method also comprises: a random string reading phase, wherein, by means of said processing means, a random bit string stored in memory means is read,
But, Chen teaches:
wherein said method also comprises: a random string reading phase, wherein, by means of said processing means, a random bit string stored in memory means is read (Chen, Col. 2, lines 9-18; “The method includes the PUF circuit providing a plurality of random bit strings to generate a first random bit string, the write-in protection circuit receiving a write-in address and original data, the write-in protection circuit generating a scrambled address by scrambling the write-in address according to the random bit string, the memory storing storage data corresponding to the original data according to the scrambled address, and the readout decryption circuit reading out the storage data from the memory according to the write-in address to derive the original data.”).
Magli, Trimberger, Katoh and Chen are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for configure a user apparatus so as to capture a plurality of images by means of an image sensor comprised in said apparatus, generate a sensor fingerprint on the basis of said plurality of images, encode at least a portion of said sensor fingerprint using an algorithm of random projections in such a way as to generate a compressed fingerprint, and encrypt and/or decrypt said confidential data using said compressed fingerprint as a key, in order to protect confidential data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chen system into Magli-Trimberger-Katoh system, with a motivation to provide security system, more particularly, to a security system using random bit string to improve data safety (Chen, Col. 1, lines 8-10).


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Magli et al. (WO 2018/073681) hereinafter Magli in view of Trimberger (US 9,225,512) and Katoh (US 2016/0373264) as applied to claim 10 above, and further in view of Dabov (US 8,730,372).
As per claim 11, the combination of Magli, Trimberger and Katoh teaches the user apparatus according to claim 10, [comprising obstruction means adapted to prevent the image sensor from being lit].
However, the combination of Magli, Trimberger and Katoh does not expressly teaches:
… comprising an obstructor adapted to prevent the image sensor from being lit.
But, Dabov teaches:
… comprising obstruction means adapted to prevent the image sensor from being lit (Dabov, Col. 1, lines 31-38; “One example of an embodiment described herein may take the form of an image sensing system comprising: a lens; an image sensor defining an indirectly lit area and a directly illuminated area and in optical communication with the directly illuminated area; and an obstruction positioned between the lens and image sensor, the obstruction preventing optical communication between the lens and a portion of the image sensor other than the directly illuminated area.”).
 Magli, Trimberger, Katoh and Dabov are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for configure a user apparatus so as to capture a plurality of images by means of an image sensor comprised in said apparatus, generate a sensor fingerprint on the basis of said plurality of images, encode at least a portion of said sensor fingerprint using an algorithm of random projections in such a way as to generate a compressed fingerprint, and encrypt and/or decrypt said confidential data using said compressed fingerprint as a key, in order to protect confidential data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dabov system into Magli-Trimberger-Katoh system, with a motivation to provide an image sensing system for an electronic device. The image sensing system includes a lens and an image sensor. The image sensor includes a indirectly lit area of pixels and a directly lit area of pixels. The lens is in optical communication with the directly lit area of pixels (Dabov, Abstract).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Macchetti, et al.; (US 2014/0376717): discloses  a method and a cryptographic device for encrypting/decrypting an input message by using an algorithm having as entries, said input message, a cryptographic key, and a complementary unique value used as parameter of the algorithm. The output data is formed by the input message decrypted/encrypted by the algorithm using the cryptographic key and the complementary value. The latter is determined on the basis of a unique value physically bound to an electronic device by using a physically unclonable function (PUF) which is inherent to this device and which is used to generate this unique value from a plurality of physical measurements carried out on components integrated in said device.
Krutzik et al.; (US 2013/0141137): discloses a physically uncloneable function (PUF) sense and response module fabricated from a stack of integrated circuit chip layers. At least one of the PUF chips in the stack has a unique identifier resulting from random effects of fabrication processes. The PUF chip generates the fingerprint at power-on resulting that in turn is used to generate a private key. The private key generates a public key used to communicate with the outside world. The encrypted data from the outside world is decrypted with the private key. The public key is stored for comparison with pubic keys generated at subsequent power up operations. If the key changes, tampering is indicated and a predetermined tamper response event is generated such as the erasing of the contents of a memory.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.D.C./Examiner, Art Unit 2498 

/JOHN B KING/Primary Examiner, Art Unit 2498