DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Amendment
This office action is in response to the amendment filed on 10/28/2022.
Claims 15-20 are amended.
Claims 1-20 are pending in the application. 

Response to Applicant’s Arguments
Rejections under 35 U.S.C. § 103	The Applicant’s arguments in the Remarks filed on 10/28/2022	In the office action dated 08/03/2022, claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Suwald; Thomas (20200167539 A1, hereinafter Suwald) in view of Stein; David et al. (US 20210019385 A1, hereinafter Stein).	The Applicant argues that “Applicants respectfully disagree. As described below in greater detail, a person having an ordinary skill in the art would not be motivated to modify the teachings of Suwald as asserted by the Office Action. … In particular, Applicants respectfully submit that such a modification to Suwald would both "change the principle of operation" of Suwald and render Suwald "unsatisfactory for its intended purpose.”  Specifically,
	Applicant argues starting near the bottom of page 8 of the Remarks, in section A (i), that, “ Suwald uses the authentication token 110 (generated by adding the alleged device information to the alleged biometric information) to authorize a transaction between the first party 101 (customer) and the second party 102 (vendor). In particular, an authentication unit 190 receives the authentication token 110 from the first party 101 and a second party token 151 from the second party 102; compares the authentication token 110 of the first party 101 with the second party token 151 of the second party 102; and, in the case of matching tokens 110 and 151, authorizes the first party 101 to perform the transaction with the second party 102. See Suwald, paragraph [0088]. Replacing the authentication token 110 by a hash of the alleged biometric information and the alleged device information as suggested by the Office Action would render the authentication process of Suwald unsatisfactory. In particular, the authentication process would fail since the hash of the alleged biometric information and the alleged device information would no longer match with the second party token 151. In other words, even if the original authentication token 110 would have otherwise matched the second party token 151 leading to an authorized transaction, if the authentication token 110 is hashed as proposed by the Office Action, then the original authentication token 110 would be modified in a way that it would no longer match the second party token 151, and the intended purpose of authorizing the transaction would be destroyed. As such, the modification as described above renders Suwald unsatisfactory for its intended purpose. Accordingly, a person having an ordinary skill in the art would not be motivated to make any modification to Suwald as described above.”	The Applicant’s arguments are fully considered.  However, the Examiner respectfully disagree because the arguments are not persuasive.  Stein teaches the calculating of a hash of combined information (see Stein ¶16, means for calculating a hash of the Voronoi cell identifier and the knowledge-based secondary information), then Stein teaches the comparing of hashes (see Stein ¶16, whether the hash matches a previously stored hash that was stored in the server).  Stein does not teaches simply generating a hash and comparing a hash to a “non” hash information.  That would be comparing apple to orange as the Applicant allege an ordinary skilled in the art would do. When evaluation prior art, it is important to consider the level of skill of a person of ordinary skill in the art before the effective filing date.  Here, the Applicant does not establish that an ordinary skilled would simply compare a hash to a token.	When combining Suwald’s teaching to Stein’s teaching, an ordinary skilled in the art would understand they have two tokens that need to be compared, and have a method to translate the information into a hash, and to compare two hashes. Stein teaches the hashing of token and comparing both hashes.  As a result, to compare two hashes, the tokens would need to be hashed first. 	According to MPEP 2145 (III), "The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference.... Rather, the test is what the combined teachings of those references would have suggested to those of ordinary skill in the art." In re Keller, 642 F.2d 413, 425, 208 USPQ 871, 881 (CCPA 1981). See also In re Sneed, 710 F.2d 1544, 1550, 218 USPQ 385, 389 (Fed. Cir. 1983) ("[I]t is not necessary that the inventions of the references be physically combinable to render obvious the invention under review."); and In re Nievelt, 482 F.2d 965, 179 USPQ 224, 226 (CCPA 1973) ("Combining the teachings of references does not involve an ability to combine their specific structures.").  As a result, an ordinary skilled would not simply take one hash and then compare to the other information and expect success.  It is what an ordinary skilled in the art would learn from the combination of the two teachings of Stein and Suwald.	According to MPEP 2141(II)(C) "A person of ordinary skill in the art is also a person of ordinary creativity, not an automaton."KSR, 550 U.S. at 421, 82 USPQ2d at 1397. "[I]n many cases a person of ordinary skill will be able to fit the teachings of multiple patents together like pieces of a puzzle."Id. at 420, 82 USPQ2d at 1397. Office personnel may also take into account "the inferences and creative steps that a person of ordinary skill in the art would employ."Id. at 418, 82 USPQ2d at 1396. Since the Applicant does not establish why a person of ordinary skill in the art would not be able to combine the teachings to obtain a predictable result of comparing the 2 hash values, the Applicant’s argument is not persuasive.  Both Suwald and Stein are doing the comparison for authentication purpose, the token disclosed by Suwald and the hash disclosed by Stein are just different forms of identification information. The hash generated by Stein is a form of token. Since there is a strong similarity between the two references, a person of ordinary skilled should have no problem combining the two teachings to result in the limitations of the claimed invention.  As a result, the Applicant’s argument is not persuasive and the combination of Suwald and Stein is proper for teaching the disputed limitations of the claimed invention.	Applicant argues starting near the top of page 10 of the Remarks, in section A (ii), that, incorporating Stein into Suwald would “Changes principle of operation The MPEP states that "If the proposed modification ... of the prior art would change the principle of operation of the prior art invention being modified, then the teachings of the references are not sufficient to render the claims prima facie obvious." In re Ratti, 270 F.2d 810 (CCPA 1959). MPEP § 2143.01. 
	Applicant respectfully submits that a modification of Suwald as described above, would also change the principle of operation of Suwald. Applicant respectfully submits that Suwald teaches an authentication process that is based on a principle of comparing the authentication token 110 of the first party 101 with the second party token 151 of the second party 102. See Suwald, paragraph [0088]. 
	Replacing the authentication token 110 by the hash of the alleged biometric information and the alleged device information as suggested by the Office Action would change the principle of operation of the authentication operation. As such, the modification as described above would change the principle of operation of Suwald. Accordingly, a person having an ordinary skill in the art would not be motivated to make the modification to Suwald described above. 
	In summary, any modifications to Suwald as described above would both "change the principle of operation" of Suwald and render Suwald "unsatisfactory for its intended purpose." Therefore, the rejection of Claim 1 under 35 U.S.C. § 103 should be withdrawn. 
	Based on all the above, Applicants respectfully submit that the cited references, either individually or in combination, fail to disclose, teach, or suggest all features of Claim 1. Therefore, Applicant respectfully requests that the rejection of Claim 1 under 35 U.S.C. § 103 be withdrawn. Claims 2-7 depend from independent Claim 1 and are patentable for at least the same foregoing reasons. 
	Based on analogous arguments as presented above with respect to Claim 1, Applicant respectfully submits that the cited references, either individually or in combination, fail to disclose, teach, or suggest all features of amended Claims 8 and 15. Therefore, Applicant respectfully requests that the rejections of Claims 8 and 15 under 35 U.S.C. § 103 be withdrawn. Claims 9-14 depend from independent Claim 8 and are patentable for at least the same foregoing reasons. Claims 16-20 depend from independent Claim 15 and are patentable for at least the same foregoing reasons. Applicant respectfully requests reconsideration and allowance of all pending claims.”
	The Examiner respectfully disagrees.  The Applicant does not establish why changing the comparing of tokens into comparing hashes would change the principal of operations, or why the comparing of tokens is the principal of operations of Suwald.  In the Abstract of Suwald, Suwald discloses the invention as “A method for authenticating a first party to a second party, the method comprising: i) providing a token, wherein the token is at least a part of a mobile entity and wherein the token is coupled to a secret being indicative for the identity of the first party, ii) coupling the token with an access point by establishing a physical contact, iii) transferring the secret to the access point, iv) linking the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party, and v) providing the authentication token to the second party.”  and “[0007] It is an object of the invention to provide a robust, secure, and individual authentication between two parties”.  Here, Stein just provided a different way of generating token, i.e., in the form of hash of identifier and comparing them.  Therefore, incorporating Stein’s teaching into Suwald does not change the principal of operations of Suwald.  Combining Stein would help improve security of the system by protecting user privacy by way of hashing the information.  As a result, the Applicant’s argument regarding the changing of principal of operations is not persuasive, and it was proper to use the prior art teaches all limitations of the claimed invention.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Suwald; Thomas (20200167539 A1, hereinafter Suwald) in view of Stein; David et al. (US 20210019385 A1, hereinafter Stein).	Regarding claim 1, Suwald teaches a device (Suwald fig. 6 and fig. 9), comprising:
		
    PNG
    media_image1.png
    418
    700
    media_image1.png
    Greyscale
	a first biometric sensor configured to capture biometric information that identifies physical characteristics of a user (¶87, a fingerprint sensor);
	a second biometric sensor configured to capture vital sign information that identifies a physical state of the user (¶47, the wristwatch measures the heart rate and transfers the result to the mobile phone); and
	a processor operably coupled to the first biometric sensor and the second sensor (¶39, the processing unit, in particular also the token, is embedded in a mobile device, in particular one of the group consisting of a wristwatch, a wristband, a mobile phone, a smart card, a breast-band, a body area network. This may provide the advantage that the processing unit is already embedded in a device that is carried by a user associated with the first party; see also ¶40-¶43), and configured to:		capture biometric information for the user using the first biometric sensor ([0051], a sensor for sensing the secret, for example a fingerprint sensor or a heart rate sensor. This information may be used in addition to an identity secret provided through the mobile device);
		capture device information for a user device that is associated with the user (¶10, the processor is configured to link the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party; [0043], the processing unit is embedded in a mobile device carried by the human, that the mobile device is already associated and location-referenced with respect to the first party; see also ¶87; ¶96, The processor 131 is also part of the first communication channel 160 and receives the identity secret 112 (heart rate) from the first party 101 and adds a location information in order to obtain an authentication token);		generate an authentication ([Examiner remark: the crossed over text is disclosed by Stein below]; ¶96, receives the identity secret from the first party and adds a location information in order to obtain an authentication token 110; ¶97, the secret comprises more than one biometric credential, e.g. a heart rate and a fingerprint), wherein the authentication  ([Examiner remark: the crossed over text is disclosed by Stein below]; ¶96, The processor 131 is also part of the first communication channel 160 and receives the identity secret from the first party 101 and adds a location information in order to obtain an authentication token);
		obtain vital sign information using the second biometric sensor (¶47, a mobile phone and a wristwatch may form a body area network, wherein e.g. the wristwatch measures the heart rate and transfers the result to the mobile phone);
		generate an authentication request that comprises the authentication fingerprint and the vital sign information (¶98, the information obtained through the first communication channel 160 (e.g. the authentication token 110) can be directly transferred to the second party); and
		send the authentication request to a network device (¶12, a communication channel between a processing unit (e.g. in a wristwatch) and the access point may be established via the finger; ¶13, the access point may also be connected to internet of things (IoT) applications. In an embodiment, the access point is a point of sale (PoS) comprising the interface (to establish a physical contact with a token), the processor (to link the secret to a location information) and a terminal to establish a communication network with the second party; ¶98, (e.g. the authentication token 110) can be directly transferred to the second party).	Suwald teaches the aforementioned limitations of the claimed invention including generating an authentication token comprising fingerprint, heart rate and device/user location.  Suwald does not explicitly disclose the following limitations that Stein teaches:	generate an authentication fingerprint (¶16, a system for authenticating users in biometric recognition systems; receiving (i) the biometric identifier of the user from a capture device; and (ii) knowledge-based secondary information associated with the user from an input device; means for determining a Voronoi cell identifier that corresponds to the biometric identifier; means for calculating a hash of the Voronoi cell identifier and the knowledge-based secondary information; transmitting the hash to a server device for verification; means for receiving a response indicating whether the hash matches a previously stored hash that was stored in the server device in response to transmitting the hash to the server device; and means for determining whether to automatically authenticate the user to the service based on the response from the server device);	the authentication fingerprint comprises a unique binary bit string (¶16, hash of the Voronoi cell identifier and the knowledge-based secondary information; see also ¶48, ¶54).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Stein, which teaches hashing of biometric data and a secondary information to create authentication information, into the teaching of Suwald who teaches using biometric data and device information as authentication information to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Stein’s teaching would help to improve user’s privacy and enhance security due to the use of hash function on authentication data. In addition, both references teach features that are directed to analogous art, such as, authentication using biometric. This close relation between both references highly suggests an expectation of success when combined.

	Regarding claim 2, Suwald in view of Stein teaches the device of claim 1, wherein the processor is further configured to:
	receive an authentication approval from the network device (Suwald ¶22, the secret and the location information (as an authentication token) may be transferred via the first communication channel to an authentication unit of the second party. After receiving the authentication token, the second party may send a session key (and/or PIN code) via the first communication channel to the processing unit of the first party; Suwald ¶28, receiving a session key from the second party via the first communication channel at the processing unit in return to providing the authentication token, in particular wherein the validity of the session key is time-limited. This may provide the advantage that a mutual agreement between two parties can be efficiently established in a very secure manner; see also ¶81; ¶98, in reply to sending the authentication token 110, receive a session key from the second party 102 via the first communication channel 160 at the processing unit 115); and
	send data to the network device in response to receiving the authentication approval (Suwald ¶105, after authenticating, e.g. using a session key provided by the second party 102 in return to transferring the authentication token 110 through the first communication channel 160, a transaction can be enabled between the first party 101 and the second party 102 through the second communication channel 170. The transaction is for example the reception of goods or services for payment, access to a facility, or access to one of a vehicle, a vessel, an apartment, and a home).
	Regarding claim 3, Suwald in view of Stein teaches the device of claim 1 (see discussion above), wherein generating the authentication fingerprint comprises obfuscating the biometric information and the device information by performing a hashing operation on the biometric information and the device information (Suwald, ¶96, receives the identity secret from the first party and adds a location information in order to obtain an authentication token 110; Suwald ¶97, the secret comprises more than one biometric credential, e.g. a heart rate and a fingerprint; Stein ¶16, means for determining a Voronoi cell identifier that corresponds to the biometric identifier; means for calculating a hash of the Voronoi cell identifier and the knowledge-based secondary information).
	Regarding claim 4, Suwald in view of Stein teaches the device of claim 1 (see discussion above), wherein the device information comprises location information for the user device (Suwald, ¶10, the processor is configured to link the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party; [0043], the processing unit is embedded in a mobile device carried by the human, that the mobile device is already associated and location-referenced with respect to the first party; Suwald ¶96, adds a location information in order to obtain an authentication token).

	Regarding claim 5, Suwald in view of Stein teaches the device of claim 1 (see discussion above), wherein the biometric information comprises information associated with a fingerprint for the user (Suwald ¶97, the secret comprises more than one biometric credential, e.g. a heart rate and a fingerprint).

	Regarding claim 6, Suwald in view of Stein teaches the device of claim 1 (see discussion above), wherein:
	the processor is further configured to receive authentication credentials for the user (Suwald [0027] The PIN code may be a PIN code (e.g. 4-digit code, 6-digit code or n-digit code) from the first party; Suwald ¶78, e.g. a PIN code, a secret provided by an authenticated third party to the customer; Suwald [0097], the secret 112 comprises more than one biometric credential, e.g. a heart rate and a fingerprint. Furthermore, the secret 112 can comprise a PIN code or a PIN code and a biometric; see also Suwald ¶103); and
	the authentication request comprises the authentication credentials (Suwald abstract  i) providing a token, wherein the token is at least a part of a mobile entity and wherein the token is coupled to a secret being indicative for the identity of the first party, ii) coupling the token with an access point by establishing a physical contact, iii) transferring the secret to the access point, iv) linking the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party, and v) providing the authentication token to the second party; see also Suwald ¶9-¶10; Suwald ¶98, (e.g. the authentication token 110) can be directly transferred to the second party).

	Regarding claim 7, Suwald in view of Stein teaches the device of claim 1 (see discussion above), wherein the vital sign information comprises information associated with a heart rate for the user (Suwald ¶97, the secret comprises more than one biometric credential, e.g. a heart rate).

	Regarding claims 8-14, the claims are rejected for the same reasons as that of claims 1-7, respectively, because the claims recite essentially the same limitations as that of claims 1-7, respectively.

	Regarding claims 15-20, the claims are rejected for the same reasons as that of claims 1-3, and 5-7, respectively, because the claims recite essentially the same limitations as that of claims 1-3, and 5-7, respectively.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 10735381 B2 - fingerprint may be input to the hash function to obtain a hash value that corresponds to a group of other content objects that have a similar fingerprint. Hash values that are nearby in the hash table correspond to content objects that have similar (though less similar than those in the same hash bin) fingerprints, to create a clustering effect.
US 20220158986 A1 - the first authentication factor may be a biometric or other factor that may not have the exact same values each time they are measured.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Vy Huy Ho whose telephone number is (571) 272-3261.  The examiner can normally be reached on Monday - Friday 7:30 am-5:30 pm.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/V.H.H/
Examiner, Art Unit 2497
/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497