DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the Requested Continued Examination (RCE) dated on 12/19/2025.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/19/2025 has been entered.
Response to Arguments
Applicant’s amendment filed on December 19, 2025 having claim 19 amended.
Applicant’s remark, filed on December 19 at page 7, indicates, “Claim 1 is rejected under 35 U.S.C. §112(a), which is respectfully traversed. The Office Action states that the Specification does not disclose that the biometric information is not sent to the service provider. The Examiner is respectfully directed to paragraph 27 which states that "... the user may select their own data and amount thereof to authenticate a transaction. The service provider may only receive the request for the transaction, as well as an authentication thereof, and may issue the service without further inquiry....". At least this portion of the specification makes it clear that only the request for the transaction and authentication thereof are received at the service provider. Regarding the second point, paragraphs 88-90 provide one example of the operation of the system, and furthermore, paragraphs 13-28 provide all the necessary disclosure for understanding the use of the fusion templates and now these are used to combine biometric data into a sophisticated authentication that cannot be easily deconstructed into individual modalities. (See specifically [0023-0027] and also Figs 11-12 and the accompanying description). As such, Applicant respectfully submits the claims are compliant with 35 U.S.C. §112. Moreover, and during the June 9, 2023 Interview with Applicant's undersigned representative and Examiners Matijasec and Shaw, the Applicant's technology was discussed, in particular the claimed fusion templates and use thereof, and the Examiners agreed they understood the operation of Applicant's technology. Withdrawal of the rejection is earnestly solicited.”
Applicant’s argument has been considered and is found persuasive. Therefore, the rejection under U.S.C. 112(a) is now withdrawn.
Applicant’s remark, filed on December 19 at page 8, indicates, “As previously discussed, Alexanian, Gudavalli, Wang do not disclose applicants claimed combination of features. It is admitted in the Office Action that "The combination of Alexian, Gudavalli and Wang does not expressly teach: the first and the second biometric modalities are not sent to the service provider." However, Boye is relied upon for this disclosure. As discussed in [0020], it is not the individual modalities that are used for authentication, but rather the blended or fused information that is usable for authentication. Boye suffers from the exact drawbacks Applicant is trying to avoid-unnecessary dissemination of specific biometric modalities. Specifically, [0095] in Boye states that "Yet another advantage of the present invention is that it allows users to maintain their personal data and keep it current in one location, but available to a plurality of service providers." Furthermore, as discussed in [0059 and [0079] of Boye, it is the system 10 that determines which biometric specimen types to use - not the user. As such, Boye, along with the other cited references, whether alone or in combination, do not teach, suggest nor disclose the claimed combination of features. The dependent claims are further distinguishable at least based on the above, the additional feature(s) recited therein, and the previously provided remarks. Withdrawal of the rejection is earnestly solicited.”
Applicant’s argument has been considered and is found persuasive. However, a new ground of rejection is made based on a newly identified prior-art reference by Harding (US 2020/0329036). As the result of a new ground of rejection, the status of the current office action is made as non-final.
Specifically, the reference by Harding discloses a method where the user is authenticated by an identity server or engine. The user provides one or more biometric modalities to the IMS system in order to be authenticated and get access to the application residing on the service provider. Specifically, Harding discloses at Parag. [0061]; User device will capture a plurality of biometric probes including, but not limited to face, fingerprint, iris, and voice, among others, and any subset thereof. Then, mobile devices 314 submit one or more biometric probes 316 to biometric engine 100 for verification (i.e., biometric modalities not sent to service provider). Biometric engine matches the biometric probe against previously stored biometric templates. Matching may result in individual scores for each type of biometric template being compared. The biometric scores generated for the different modalities of biometric probes may be combined into a single fusion biometric score that can be used for validating the biometric authentication. Finally, Parag. [0064-0065] discloses Biometric probes may be analyzed by biometrics engine and stored in database to be used in further biometric authentication operations (service provider does not intervenes in the authentication process). IMS sends interactive messages requesting biometric probes to a client's mobile device. When receiving the message, the client may respond to the message providing the biometric probes requested. BAS sends the biometric probes to the biometrics engine for biometric matching. The biometrics engine compares biometric probes received by the BAS against biometric templates previously stored in database for the user at enrollment. The biometric matching may yield a score that represents the possibility that the biometric template and the biometric probe are from the same identity. Identity provider sends a response back to a service provider in order to verify if the client has been successfully authenticated. Therefore, the user is ready to access the requested service. See Fig. 3 and rejection below.
It is respectfully submitted that the previously applied reference by Alexian further discloses the user has chosen the first and second biometric modality to be used for the information access, and a level of security for the information access is chosen by the user. According to the Abstract, “a selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities.” In addition, col. 1, lines 40-42 and col. 4, lines 17-24 of Alexian disclose “the method also includes receiving a first selected authentication modality that is associated with a first security score” and “as described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate”. Finally, the Applicant is reminded that claim 1 recites, “receiving second user authentication data for the second biometric authentication modality”, and col. 9, lines 43-46 of Alexian discloses, “in some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user (emphasis added) rather than by the developers/administrators of the application 205A/205B/205C.”. Therefore, it is submitted that the applied reference by Alexian does disclose the amended features regarding user selection of the modality (biometric) and security level to be used for authentication and access to the service provider.
While Alexian does not expressly describe the process of fusing logically two or more biometric templates, another previously applied prior-art reference by Gudavalli discloses multimodal biometric authentication systems, which combine (i.e., fuse) information from multiple modalities to arrive at a decision (i.e., authenticate a user). Multimodal biometric systems are those which utilize, or capability of utilizing, more than one physiological or behavioral characteristic for enrollment, verification, or identification. Please refer to the abstract and section II on pg. 28 of the Gudavalli reference, which describes multimodal biometrics that involves use of a combination of two or more biometric modalities in a verification/identification system. Therefore, Examiner submits that the teaching from Gudavalli clearly cures the deficiency of Alexian by teaching the modalities are fused, and the combination of Alexian and Gudavalli teaches/suggests the claimed process of receiving, from a user, an identification of a first biometric modality and an identification of a second biometric modality for constructing, by logically combining at least the first biometric modality with the second biometric modality, one or more fusion templates.
Finally, Examiner respectfully submits that the combination of Alexanian, Gudavalli, Wang and Harding discloses the claim limitations in independent claim 1 and would render the features obvious.
Applicant further recites similar remarks as listed above for independent claims 10 and 19. See the aforementioned response on item 8, which addresses how the combination of prior-art references by Alexanian, Gudavalli, Wang and Harding would render the claimed limitations obvious.
Applicant further recites similar remarks as listed above for dependent claims. Please refer to the aforementioned response, which addresses how the combination of prior-art references by Alexanian, Gudavalli, Wang and Harding, along with Han and Miu, would render the claimed limitations obvious.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 4, 8-11, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Alexanian et al. (US 11,303,631) hereinafter Alexanian and in view of Gudavalli et al. (MULTIMODAL BIOMETRICS-SOURCES, ARCHITECTURE & FUSION TECHNIQUES: AN OVERVIEW; 2012) hereinafter Gudavalli and further in view of Wang et al. (US 11,190,355) and Harding (US 2020/0329036).
As per Claim 1, Alexanian teaches a method comprising: receiving, from a user, an identification of a first biometric modality (Alexanian, Abstract; “A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities.” … Col. 1, lines 40-42; “The method also includes receiving a first selected authentication modality that is associated with a first security score.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate.”);
receiving, from the user, an identification of a second biometric modality (Alexanian, Abstract; “A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities.” … Col. 1, lines 40-42; “The method also includes receiving a first selected authentication modality that is associated with a first security score.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate.” … Claim 1; “receiving second user authentication data for the second biometric authentication modality” … Claim 4; “wherein the second biometric authentication modality is selected by the user.”);
[constructing, by logically combining at least the first biometric modality with the second biometric modality, one or more fusion templates];
establishing one or more usage rules (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities.” Examiner submits that Alexanian discloses how a user can select or adjust rules and security for every biometric modality based on a condition or authentication mode.) [for the one or more fusion templates]; and
transmitting, based on the one or more usage rules, a digital verification package to a service provider over a network for information access, (Alexanian, Col. 4, lines 17-50; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate. In some embodiments, the service provider may select the option, and may require the user to authenticate via multiple modalities (e.g., to implement a multi-factor authentication arrangement). For example, for an online application where a high level of security is required, the user may be required to authenticate via both face and voice in order to enter the application. As another example, in an online banking application, however; if the user wishes to send a payment that exceeds a specified threshold, then the user may be required to authenticate again via second modality. The online banking application may also set different security thresholds for the first and second modalities (e.g., the first modality may be set with a lower security threshold than the second modality). In some implementations, different security levels may be set for different conditions (e.g., ambient conditions detected using sensors on a device). As another example, a user may try to authenticate via a first modality, but then may be given the option to authenticate via a second modality if the attempt to authenticate via the first modality was unsuccessful (e.g., due to noisy ambient conditions, the user's attempt to authenticate via voice was unsuccessful, and so another modality is attempted. Such a robust integration of multiple authentication modalities improves the operation of the user device in connection with authenticating the user.” … Col. 10, lines 1-10; “In an operation 315, a selected authentication modality is received. In an illustrative embodiment, the security threshold is received at the authentication service 210A/210B/210C (e.g., from the application 205A/205B/205C, from the application server 245A/245B/245C, or from device memory). Example authentication modalities include fingerprints, palm prints, face recognition, voice recognition, eye or iris recognition, etc. In an illustrative embodiment, the operation 315 includes receiving from the user a preferred authentication modality.” Examiner submits that the verification package is interpreted as the biometric templates sent from user to service provider.), [wherein the digital verification package at least includes the one or more fusion templates and a request for one or more of information access and a transaction, and the service provider is able to authenticate one or more of the request for information access and the transaction based on the digital verification package], wherein the user has chosen the first and second biometric modality to be used for the information access, the user has chosen a level of security for the information access (Alexanian, Abstract; “A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities.” … Col. 1, lines 40-42; “The method also includes receiving a first selected authentication modality that is associated with a first security score.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate.” … Claim 1; “receiving second user authentication data for the second biometric authentication modality”. … Col. 9, lines 43-46; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators of the application 205A/205B/205C.” … Col. 10, lines 6-10; “Example authentication modalities include fingerprints, palm prints, face recognition, voice recognition, eye or iris recognition, etc. In an illustrative embodiment, the operation 315 includes receiving from the user a preferred authentication modality.” … Col. 13, lines 10-55; “It is then determined whether the probability P exceeds the security threshold. As previously indicated, in some embodiments, the probability P associated with multiple authentication scans from multiple modalities may be combined (e.g., summed, weighted sum, averaged, weighted average, etc.) to create a composite score which may be evaluated against the security threshold. In other embodiments, a single authentication modality that has a probability P greater than the security threshold for a single biometric may be required. As discussed above, any suitable combination of security thresholds, selected authentication modalities, and types of scoring authentication modalities may be used. In some embodiments, the security threshold provided to the application developer for selection may be any suitable number of discrete levels. For example, the security threshold may be one of: high, medium, or low. In such an embodiment, each of the discrete options may be associated with a number within a range of probabilities. For example, the “low security” option may correspond with a probability (or other score) in the range of P1 to P2, the “medium security” option may correspond with a probability in the range of P2 to P3, and the “high security” option may correspond with a probability greater than P3, where 0<P1<P2<P3. In another example, the security threshold may be one of: confidential, secret, top secret, or compartmented. In some embodiments, the security thresholds may not be hierarchical based on an amount of security. In such embodiments, the selected security thresholds may be based on any other suitable feature, such as allowed authentication modalities. In alternative embodiments, any suitable options, number of options, and corresponding scores may be used. If, in the operation 320, the selected authentication modality is less than the security threshold, then in an operation 325, an additional and/or an alternate authentication modality is requested. Following the example above in which the user initially selects a fingerprint authentication modality to change account settings, an alternative (e.g., more secure) modality may be requested from the user. As shown in FIG. 3, the method 300 may return to the operation 315 in which a user may select a modality. For example, the user may select to authenticate using face recognition, which may be associated with a security level of seventy-eight. In the operation 320, it may be determined that the face recognition modality is greater than the security level for changing account settings.”), [and the first and second biometric modalities are not sent to the service provider].
Alexanian does not expressly teach:
constructing, by logically combining at least the first biometric modality with the second biometric modality, one or more fusion templates;
establishing … the one or more fusion templates;
transmitting, …, a digital verification package to a service provider wherein the digital verification package at least includes the one or more fusion templates and a request for one or more of information access and a transaction, and the service provider is able to authenticate one or more of the request for information access and the transaction based on the verification package,
the first and second biometric modalities are not sent to the service provider.
However, Gudavalli teaches:
constructing, by logically combining at least the first biometric modality with the second biometric modality, one or more fusion templates (Gudavalli, Abstract; “… use of multimodal biometric authentication systems, which combine information from multiple modalities to arrive at a decision.” … Section II, page 28; “Multimodal biometrics refers to the use of a combination of two or more biometric modalities in a verification/identification system. Identification based on multiple biometrics represents an emerging trend. The most compelling reason to combine different modalities is to improve the recognition rate. This can be done when biometric features of different biometrics are statistically independent. There are other reasons to combine two or more biometrics. One is that different biometric modalities might be more appropriate for the different applications. Another reason is simply customer preference.” … “Section VI, page 30; “Multimodal biometric fusion combines measurements from different biometric traits to enhance the strengths and diminish the weaknesses of the individual measurements.” … “Table II, page 32; “The decision of the subsystems are combined using techniques such as an AND rule, OR rule and Majority Voting.”).
establishing … for one or more fusion templates (Gudavalli, Abstract; “… use of multimodal biometric authentication systems, which combine information from multiple modalities to arrive at a decision.” … Section II, page 28; “Multimodal biometrics refers to the use of a combination of two or more biometric modalities in a verification/identification system. Identification based on multiple biometrics represents an emerging trend. The most compelling reason to combine different modalities is to improve the recognition rate. This can be done when biometric features of different biometrics are statistically independent. There are other reasons to combine two or more biometrics. One is that different biometric modalities might be more appropriate for the different applications. Another reason is simply customer preference.” … “Section VI, page 30; “Multimodal biometric fusion combines measurements from different biometric traits to enhance the strengths and diminish the weaknesses of the individual measurements.” … “Table II, page 32; “The decision of the subsystems are combined using techniques such as an AND rule, OR rule and Majority Voting.”);
Alexanian and Gudavalli are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gudavalli system into Alexanian system, with a motivation to provide a method to construct a biometric fuse template based on a logic combination (Gudavalli, Abstract and Table II).
The combination of Alexanian and Gudavalli does not expressly teach:
transmitting, …, a digital verification package to a service provider wherein the digital verification package at least includes the one or more fusion templates and a request for one or more of information access and a transaction, and the service provider is able to authenticate one or more of the request for information access and the transaction based on the verification package,
However, Wang teaches:
transmitting, …, a digital verification package to a service provider wherein the digital verification package at least includes the one or more fusion templates and a request for one or more of information access and a transaction, and the service provider is able to authenticate one or more of the request for information access and the transaction based on the verification package (Wang, Col. 5, lines 37-43; “According to embodiments, a computer of a resource provider, such as resource provider computer 120, may comprise authentication API 122 for authenticating a user of mobile device 110. Resource provider computer 120 may authenticate the user by receiving user data from mobile device 110, which may be forwarded to processing server computer 150 to receive an authentication result.” … Col 7, lines 13-30; “Resource provider computer 120 may comprise authentication API 122 for authenticating a user in an interaction (e.g. during a transaction, login attempt, security checkpoint, etc.). Authentication API may comprise instructions for communicating with processing server computer 150 through gateway 130. Authentication API may further comprise instructions for receiving user data in an interaction with the user, and for sending user data to processing server computer 150 to receive an authentication result. In one embodiment, authentication API 122 may comprise software that is provided by an entity of processing server computer 150. Authentication API 122 may comprise instructions for receiving the user data in an authentication request message, which may comprise a derived biometric template of a user and an electronic identity, and may further comprise instructions for forwarding the authentication request message to processing server computer 150 to receive the authentication result.” … Col. 6, lines 40-60; “The derivative of the biometric template (i.e., biometric fusion template) may relate to the biometric template, but may not be the entire biometric template. In one embodiment, the algorithm for altering data values may be a one way function in which it is computationally difficult to reverse the operation performed, thus making it nearly impossible to obtain the original template. For example, in one embodiment, biometric template data may be expressed as a string, in which unique and consistent features of the users biometric having a high probability of appearance in a captured sample are converted into a unique sequence of characters. To derive the biometric template, the string including the unique sequence of characters may be passed through a hashing algorithm to generate a unique hash. In another embodiment, the biometric template may be split into multiple parts and the multiple parts each may be passed through the one way function and collected together to form the derivative. For example, a string of characters representing a user's fingerprint template may be divided into 20 strings of equal length, which may each be hashed and the resulting hashes may be appended together to form a derivative.” … Col. 4, lines 6-10; “An “electronic identity” or “eID” (i.e., user information access) may refer to a unique string of characters or symbols used to identify an individual. In preferred embodiments, the electronic identity may be mathematically derived from information associated with a user.” Col. 4, lines 17-30; “For example, in some embodiments, an electronic identity may be derived from a combination of a country code, customer name, date of birth, and last four digits of a social security number such as SHA256(USA*JOHN SMITH*19700101*1234). Hashing this value may result in a seemingly random string of characters, such as 754WD2E2513BF546050C2D079FF5D65AB6E318E and this can be an electronic identity. In some embodiments, the electronic identity is associated with a passphrase that is provided in order to access any interaction record associated with the electronic identity. An electronic identity may sometimes be referred to as an “eID,” electronic identifier, or electronic identification data.” Examiner submits that, under the broadest reasonable interpretation, one or more biometric fusion templates has been interpreted as derivative of a biometric template of the user, the electronic identity has been interpreted as information of a user requesting access to a resource, and the user interaction with the resource provider as the authenticating transaction. All those elements grouped together are required to be sent to a resource provider in order to get access to the service. Therefore, Wang teaches all the elements necessary to authenticate the user (i.e., verification package), user access information, user biometric information, a request and transaction to authenticate the user.”)
Alexanian, Gudavalli and Wang are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wang system into Alexanian-Gudavalli system, with a motivation to authenticate/verify the identity of a user using more than one piece of data provided by the user (Wang, Col. 5).
The combination of Alexian, Gudavalli and Wang does not expressly teach:
the first and second biometric modalities are not sent to the service provider.
However, Harding teaches:
the first and second biometric modalities are not sent to the service provider (Harding, Parag. [0061]; “In one embodiment, mobile devices 314 support multimodal biometrics for capturing a plurality of biometric probes 316 including, but not limited to face, fingerprint, iris, and voice, among others, and any subset thereof. Mobile devices 314 submit one or more biometric probes 316 to biometric engine 100 for verification (i.e., biometric modalities not sent to service provider). Biometric engine 100 matches the biometric probe (which may first require converting the probe into a template) against previously stored biometric templates. Matching may result in individual scores for each type of biometric template being compared, for example, one score may be generated for the iris comparison, and another score for the voice comparison. The biometric scores generated for the different modalities of biometric probes 316 may be combined into a single fusion biometric score that can be used for validating the biometric authentication.” … Parag. [0063]; “Service provider 306 requests the enrollment of user 312 before being able to approve any transaction. For example, service provider 306 may be a bank, an online retailer, a cloud-based application, a store, a webpage, or a service company requiring the authentication of user 312 who may be using a credit card for acquiring goods or services.” … Parag. [0064-0065]; “Client 312 initiates a transaction with a computing device 318 in the cloud through a suitable network connection 302 with service provider 306. Authentication protocol 310 requests user 312 a username, password, and one or more biometric probes 316. Biometric probes 316 may be analyzed by biometrics engine 100 and stored in database 304 to be used in further biometric authentication operations. IMS 200 sends interactive messages requesting biometric probes 316 to a client's mobile device 314. When receiving the message, the client may respond to the message providing the biometric probes 316 requested. BAS 308 sends the biometric probes 316 to the biometrics engine 100 for biometric matching. The biometrics engine 100 compares biometric probes 316 received by the BAS 308 against biometric templates previously stored in database 304 for the user at enrollment. The biometric matching may yield a score that represents the possibility that the biometric template and the biometric probe 316 are from the same identity. Identity provider 320 sends a response back to a service provider 306 in order to verify if the client has been successfully authenticated. (i.e., only the result of the authentication is sent, as a response, to service provider”)”).
Alexanian, Gudavalli, Wang and Harding are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Harding system into Alexanian-Gudavalli-Wang system, with a motivation to provide a user with secure access to a service provider without providing one or more biometric modalities to the provider (Harding, Parag. [0053-0065] and Fig. 3).
As per Claim 2, the combination of Alexanian, Gudavalli, Wang and Harding teach the method of claim 1.
In addition, Alexanian teaches:
wherein one or more of: the one or more usage rules are changed based on a security value (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 43-60; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators. For example, a first user may use the application 205A/205B/205C to set up a virtual meeting (e.g., a video conference). The first user may send a meeting invitation to a second and third user (or any other number of users). The first user may set a security threshold and/or permitted authentication modality/modalities for the second and third users to join the virtual meeting. The first user may also specify whether multiple factors of authentication (i.e., multiple authentication modalities) are required. At the meeting time, each user may log into their respective accounts on their respective user devices 125, 225A/225B/225C and attempt to join the meeting. When joining the meeting, each respective user may provide the required authentication via the pre-approved modality or modalities.” … Col. 10, lines 6-10; “Example authentication modalities include fingerprints, palm prints, face recognition, voice recognition, eye or iris recognition, etc. In an illustrative embodiment, the operation 315 includes receiving from the user a preferred authentication modality.” … Col. 13, lines 10-55; “It is then determined whether the probability P exceeds the security threshold. As previously indicated, in some embodiments, the probability P associated with multiple authentication scans from multiple modalities may be combined (e.g., summed, weighted sum, averaged, weighted average, etc.) to create a composite score which may be evaluated against the security threshold. In other embodiments, a single authentication modality that has a probability P greater than the security threshold for a single biometric may be required. As discussed above, any suitable combination of security thresholds, selected authentication modalities, and types of scoring authentication modalities may be used. In some embodiments, the security threshold provided to the application developer for selection may be any suitable number of discrete levels. For example, the security threshold may be one of: high, medium, or low. In such an embodiment, each of the discrete options may be associated with a number within a range of probabilities. For example, the “low security” option may correspond with a probability (or other score) in the range of P1 to P2, the “medium security” option may correspond with a probability in the range of P2 to P3, and the “high security” option may correspond with a probability greater than P3, where 0<P1<P2<P3. In another example, the security threshold may be one of: confidential, secret, top secret, or compartmented. In some embodiments, the security thresholds may not be hierarchical based on an amount of security. In such embodiments, the selected security thresholds may be based on any other suitable feature, such as allowed authentication modalities. In alternative embodiments, any suitable options, number of options, and corresponding scores may be used. If, in the operation 320, the selected authentication modality is less than the security threshold, then in an operation 325, an additional and/or an alternate authentication modality is requested. Following the example above in which the user initially selects a fingerprint authentication modality to change account settings, an alternative (e.g., more secure) modality may be requested from the user. As shown in FIG. 3, the method 300 may return to the operation 315 in which a user may select a modality. For example, the user may select to authenticate using face recognition, which may be associated with a security level of seventy-eight. In the operation 320, it may be determined that the face recognition modality is greater than the security level for changing account settings.”), and the one or more fusion templates include one or more non-biometric modalities (Alexian, Col. 13, lines 59-63; “For example, the received authentication data (e.g., fingerprint, password, face scan, etc.) may be compared to an authentication database, such as the biometric database 115 or the biometric database 215.”).
As per Claim 4, the combination of Alexanian, Gudavalli, Wang and Harding teach the method of claim 1.
In addition, Alexanian teaches:
wherein the one or more usage rules are changed based on a usability value (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 43-60; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators. For example, a first user may use the application 205A/205B/205C to set up a virtual meeting (e.g., a video conference). The first user may send a meeting invitation to a second and third user (or any other number of users). The first user may set a security threshold and/or permitted authentication modality/modalities for the second and third users to join the virtual meeting. The first user may also specify whether multiple factors of authentication (i.e., multiple authentication modalities) are required. At the meeting time, each user may log into their respective accounts on their respective user devices 125, 225A/225B/225C and attempt to join the meeting. When joining the meeting, each respective user may provide the required authentication via the pre-approved modality or modalities.” Examiner submits that the usability rules are merely an alias of the security rules of Claim 2 only with an inverse relationship to the security value as they create functionally equivalent results. That is, increasing the security value decreases usability value and vice versa. Such an interpretation is supported by Applicant’s Specification [0066], “The security dial 404 and the usability dial 420 may operate in a dependent nature upon one another; a higher security level may reduce the usability of the IntelliVault 100, while a higher usability may be implemented at the cost of higher security.”)
As per Claim 8, the combination of Alexanian, Gudavalli, Wang and Boye teach the method of claim 1.
In addition, Alexanian teaches:
wherein the first biometric modality comprises one or more of a facial scan, a fingerprint scan, a palm scan, an iris scan, a voice scan, and a pulse rate scan (Alexanian, Abstract; “A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities.” … Col. 1, lines 40-42; “The method also includes receiving a first selected authentication modality that is associated with a first security score.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate.”).
As per Claim 9, the combination of Alexanian, Gudavalli, Wang and Harding teach the method of claim 1.
In addition, Alexanian teaches:
wherein the second biometric modality comprises one or more of a facial scan, a fingerprint scan, a palm scan, an iris scan, a voice scan, and a pulse rate scan (Alexanian, Abstract; “A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities.” … Col. 1, lines 40-42; “The method also includes receiving a first selected authentication modality that is associated with a first security score.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds for those modalities. In some embodiments, the service provider may provide the user with the option to select which modality to use to authenticate.” … Claim 1; “receiving second user authentication data for the second biometric authentication modality” … Claim 4; “wherein the second biometric authentication modality is selected by the user.”).
As per Claim 10, It is a system claim that recites limitations similar to the ones of the method claim 1. Therefore, claim 10 is rejected with the same rationale as stated in Claim 1 above. In addition, Alexanian teaches: a system comprising: a processor; and a memory storing instructions for execution by the processor that, when executed by the processor, cause the processor to (Alexanian, Col. 16, lines 16-21; “The “circuit” may also include one or more processors communicatively coupled to one or more memory or memory devices. In this regard, the one or more processors may execute instructions stored in the memory or may execute instructions otherwise accessible to the one or more processors.”).
As per Claim 11, the rejection of claim 10 it is incorporated. In addition, it is a system claim that recites similar limitations to those of claim 2, and therefore it is rejected for the same rationale applied to claim 2.
As per Claim 14, the rejection of claim 10 it is incorporated. In addition, it is a system claim that recites similar limitations to those of claim 4, and therefore it is rejected for the same rationale applied to claim 4.
As per Claim 19, It is a non-transitory computer readable medium claim that recites limitations that are similar to the ones of the method claim 1. Therefore, claim 19 is rejected with the same rationale as stated in Claim 1 above.
In addition, Alexanian teaches: a non-transitory computer-readable information storage medium comprising a set of instructions stored therein which, when executed by the processor, cause the processor to (Alexanian, Col. 15, lines 63-67; “As used herein, the term "circuit” may include hardware structured to execute the functions described herein. In some embodiments, each respective “circuit” may include machine-readable media for configuring the hardware to execute the functions described herein.” … Col. 17, lines 4-15; “In this regard, machine-executable instructions comprise, for example, instructions and data which cause a general-purpose computer, special purpose computer, or special purpose processing machines to perform a certain function or group of functions. Each respective memory device may able to maintain or otherwise store information relating to the operations performed by one or more associated circuits, including processor instructions and related data (e.g., data base components, object code components, script components, etc.), in accordance with the example embodiments described herein.”).
Claims 3, 5, 12-13, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Alexanian et al. (US 11,303,631) hereinafter Alexanian and in view of Gudavalli et al. (MULTIMODAL BIOMETRICS-SOURCES, ARCHITECTURE & FUSION TECHNIQUES: AN OVERVIEW; 2012) hereinafter Gudavalli and Wang et al. (US 11,190,355) and Harding (US 2020/0329036) as applied to claim 1, and further in view of Han et al. (US 2018/0041506) hereinafter Han.
As per Claim 3, the combination of Alexanian, Gudavalli, Wang and Harding teach the method of claim 2.
In addition, Alexanian teaches:
wherein the security value [is indicated by a dial] (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 43-60; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators. For example, a first user may use the application 205A/205B/205C to set up a virtual meeting (e.g., a video conference). The first user may send a meeting invitation to a second and third user (or any other number of users). The first user may set a security threshold and/or permitted authentication modality/modalities for the second and third users to join the virtual meeting. The first user may also specify whether multiple factors of authentication (i.e., multiple authentication modalities) are required. At the meeting time, each user may log into their respective accounts on their respective user devices 125, 225A/225B/225C and attempt to join the meeting. When joining the meeting, each respective user may provide the required authentication via the pre-approved modality or modalities.”);
The combination of Alexanian, Gudavalli, Wang and Harding does not expressly teach:
… indicated by a dial.
However, Han teaches:
… indicated by a dial (Han, Parag. [0030]; “In various implementations, the computing device 101 may be configured to evaluate various factors such as the trigger conditions that trigger capture of biometric information, the frequency at which the biometric information is captured, what the computing device does with captured biometric information, and so on based at least on one or more defaults, security policies, enterprise network policies, user preferences, and/or other such settings. In some cases, the computing device may adjust the basis for evaluation of such factors according to one or more machine learning processes. For example, the computing device may be configured to capture fingerprints whenever an application is accessed for the first time. If the application is successfully accessed without authentication failure for a particular number of times (such as three), the computing device may cease capturing fingerprints. In such a case, the computing device may resume capturing fingerprints when the application is accessed if a certain number of authentication failures associated with the application are received (such as four).” … Parag. [0094]; “I/O subsystem 2006 is coupled to touch I/O device 2012 and one or more other I/O devices 2014 for controlling or performing various functions … One or more other input controllers 2034 receives/sends electrical signals from/to other I/O devices 2014. Other I/O devices 2014 may include physical buttons, dials, slider switches, sticks, keyboards, touch pads, additional display screens, or any combination thereof.” Examiner submits that the I/O subsystem containing a dial may be used to change the various factors that trigger the frequency of biometric information is captured corresponding to the security/usability levels of Alexanian)
Alexanian, Gudavalli, Wang, Harding and Han are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Han into the invention of Alexanian-Gudavalli-Wang-Harding for the purpose of allowing a user-interface control of the security or usability value. Based on the KSR v. TELEFLEX rationale, such an addition uses known methods (a dial) to produce a predictable result (user control over a value).
As per Claim 5, the combination of Alexanian, Gudavalli, Wang and Harding teach the method of claim 4.
In addition, Alexanian teaches:
wherein the usability value [is indicated by a dial] (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 43-60; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators. For example, a first user may use the application 205A/205B/205C to set up a virtual meeting (e.g., a video conference). The first user may send a meeting invitation to a second and third user (or any other number of users). The first user may set a security threshold and/or permitted authentication modality/modalities for the second and third users to join the virtual meeting. The first user may also specify whether multiple factors of authentication (i.e., multiple authentication modalities) are required. At the meeting time, each user may log into their respective accounts on their respective user devices 125, 225A/225B/225C and attempt to join the meeting. When joining the meeting, each respective user may provide the required authentication via the pre-approved modality or modalities.” Examiner submits that the usability rules are merely an alias of the security rules of Claim 2 only with an inverse relationship to the security value as they create functionally equivalent results. That is, increasing the security value decreases usability value and vice versa. Such an interpretation is supported by Applicant’s Specification [0066], “The security dial 404 and the usability dial 420 may operate in a dependent nature upon one another; a higher security level may reduce the usability of the IntelliVault 100, while a higher usability may be implemented at the cost of higher security.”)
The combination of Alexanian, Gudavalli, Wang and Harding does not expressly teach:
… indicated by a dial.
However, Han teaches:
… indicated by a dial (Han, Parag. [0030]; “In various implementations, the computing device 101 may be configured to evaluate various factors such as the trigger conditions that trigger capture of biometric information, the frequency at which the biometric information is captured, what the computing device does with captured biometric information, and so on based at least on one or more defaults, security policies, enterprise network policies, user preferences, and/or other such settings. In some cases, the computing device may adjust the basis for evaluation of such factors according to one or more machine learning processes. For example, the computing device may be configured to capture fingerprints whenever an application is accessed for the first time. If the application is successfully accessed without authentication failure for a particular number of times (such as three), the computing device may cease capturing fingerprints. In such a case, the computing device may resume capturing fingerprints when the application is accessed if a certain number of authentication failures associated with the application are received (such as four).” … Parag. [0094]; “I/O subsystem 2006 is coupled to touch I/O device 2012 and one or more other I/O devices 2014 for controlling or performing various functions … One or more other input controllers 2034 receives/sends electrical signals from/to other I/O devices 2014. Other I/O devices 2014 may include physical buttons, dials, slider switches, sticks, keyboards, touch pads, additional display screens, or any combination thereof.” Examiner submits that the I/O subsystem containing a dial may be used to change the various factors that trigger the frequency of biometric information is captured corresponding to the security/usability levels of Alexanian)
Alexanian, Gudavalli, Wang, Harding and Han are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Han into the invention of Alexanian-Gudavalli-Wang-Harding for the purpose of allowing a user-interface control of the security or usability value. Based on the KSR v. TELEFLEX rationale, such an addition uses known methods (a dial) to produce a predictable result (user control over a value).
As per Claim 12, the rejection of claim 10 it is incorporated. In addition, it is a system claim that recites similar limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.
As per Claim 13, the combination of Alexanian, Gudavalli, Wang, Harding and Han teaches the method of claim 12.
In addition, Alexanian teaches:
wherein the security value changes from a low security level to a high security level, at least one usage rule of the one or more usage rules becomes available for use (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 20-25; “For example, a mobile banking application may have a relatively low security threshold to view account balances, a medium security threshold to transfer funds between accounts, and a relatively high security threshold to transfer funds out of an account to a third party or to change profile settings.” … Col. 13, lines 10-55; “It is then determined whether the probability P exceeds the security threshold. As previously indicated, in some embodiments, the probability P associated with multiple authentication scans from multiple modalities may be combined (e.g., summed, weighted sum, averaged, weighted average, etc.) to create a composite score which may be evaluated against the security threshold. In other embodiments, a single authentication modality that has a probability P greater than the security threshold for a single biometric may be required. As discussed above, any suitable combination of security thresholds, selected authentication modalities, and types of scoring authentication modalities may be used. In some embodiments, the security threshold provided to the application developer for selection may be any suitable number of discrete levels. For example, the security threshold may be one of: high, medium, or low. In such an embodiment, each of the discrete options may be associated with a number within a range of probabilities. For example, the “low security” option may correspond with a probability (or other score) in the range of P1 to P2, the “medium security” option may correspond with a probability in the range of P2 to P3, and the “high security” option may correspond with a probability greater than P3, where 0<P1<P2<P3. In another example, the security threshold may be one of: confidential, secret, top secret, or compartmented. In some embodiments, the security thresholds may not be hierarchical based on an amount of security. In such embodiments, the selected security thresholds may be based on any other suitable feature, such as allowed authentication modalities. In alternative embodiments, any suitable options, number of options, and corresponding scores may be used. If, in the operation 320, the selected authentication modality is less than the security threshold, then in an operation 325, an additional and/or an alternate authentication modality is requested. Following the example above in which the user initially selects a fingerprint authentication modality to change account settings, an alternative (e.g., more secure) modality may be requested from the user. As shown in FIG. 3, the method 300 may return to the operation 315 in which a user may select a modality. For example, the user may select to authenticate using face recognition, which may be associated with a security level of seventy-eight. In the operation 320, it may be determined that the face recognition modality is greater than the security level for changing account settings.”)
As per Claim 15, the rejection of claim 10 it is incorporated. In addition, it is a system claim that recites similar limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.
As per Claim 16, the combination of Alexanian, Gudavalli, Wang, Harding and Han teaches the method of claim 15.
In addition, Alexanian teaches:
wherein the usability value changes from a high usability level to a low usability level, at least one usage rule of the one or more usage rules becomes available for use (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 20-25; “For example, a mobile banking application may have a relatively low security threshold to view account balances, a medium security threshold to transfer funds between accounts, and a relatively high security threshold to transfer funds out of an account to a third party or to change profile settings.”)
As per Claim 20, the combination of Alexian, Gudavalli, Wang and Harding teach the non-transitory medium of claim 19. Alexian teaches wherein one or more of: the one or more usage rules are changed based on a security value (Alexanian, Col. 3, lines 54-59; “Accordingly, adjusting which type of biometric data is used (based on, e.g., level of security required in a specific situation, and/or on ambient conditions which may be determined using input devices such as a device's camera, microphone, etc.), and how much of a match is required for authentication has many advantages.” … Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 43-60; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators. For example, a first user may use the application 205A/205B/205C to set up a virtual meeting (e.g., a video conference). The first user may send a meeting invitation to a second and third user (or any other number of users). The first user may set a security threshold and/or permitted authentication modality/modalities for the second and third users to join the virtual meeting. The first user may also specify whether multiple factors of authentication (i.e., multiple authentication modalities) are required. At the meeting time, each user may log into their respective accounts on their respective user devices 125, 225A/225B/225C and attempt to join the meeting. When joining the meeting, each respective user may provide the required authentication via the pre-approved modality or modalities.” … Col. 10, lines 6-10; “Example authentication modalities include fingerprints, palm prints, face recognition, voice recognition, eye or iris recognition, etc. In an illustrative embodiment, the operation 315 includes receiving from the user a preferred authentication modality.” … Col. 13, lines 10-55; “It is then determined whether the probability P exceeds the security threshold. As previously indicated, in some embodiments, the probability P associated with multiple authentication scans from multiple modalities may be combined (e.g., summed, weighted sum, averaged, weighted average, etc.) to create a composite score which may be evaluated against the security threshold. In other embodiments, a single authentication modality that has a probability P greater than the security threshold for a single biometric may be required. As discussed above, any suitable combination of security thresholds, selected authentication modalities, and types of scoring authentication modalities may be used. In some embodiments, the security threshold provided to the application developer for selection may be any suitable number of discrete levels. For example, the security threshold may be one of: high, medium, or low. In such an embodiment, each of the discrete options may be associated with a number within a range of probabilities. For example, the “low security” option may correspond with a probability (or other score) in the range of P1 to P2, the “medium security” option may correspond with a probability in the range of P2 to P3, and the “high security” option may correspond with a probability greater than P3, where 0<P1<P2<P3. In another example, the security threshold may be one of: confidential, secret, top secret, or compartmented. In some embodiments, the security thresholds may not be hierarchical based on an amount of security. In such embodiments, the selected security thresholds may be based on any other suitable feature, such as allowed authentication modalities. In alternative embodiments, any suitable options, number of options, and corresponding scores may be used. If, in the operation 320, the selected authentication modality is less than the security threshold, then in an operation 325, an additional and/or an alternate authentication modality is requested. Following the example above in which the user initially selects a fingerprint authentication modality to change account settings, an alternative (e.g., more secure) modality may be requested from the user. As shown in FIG. 3, the method 300 may return to the operation 315 in which a user may select a modality. For example, the user may select to authenticate using face recognition, which may be associated with a security level of seventy-eight. In the operation 320, it may be determined that the face recognition modality is greater than the security level for changing account settings.”), the one or more usage rules are changed (Alexian, Col. 4, lines 17-24; “As described in greater detail below, an illustrative embodiment allows a service provider to allow a user to authenticate via various biometric modalities (e.g., recognition of face, voice, eye, palm, fingerprint, etc.) and to set various security thresholds (i.e. security value) for those modalities.” … Col. 9, lines 43-60; “In some embodiments, the security threshold and/or the permitted authentication modality/modalities may be specified by the user rather than by the developers/administrators. For example, a first user may use the application 205A/205B/205C to set up a virtual meeting (e.g., a video conference). The first user may send a meeting invitation to a second and third user (or any other number of users). The first user may set a security threshold and/or permitted authentication modality/modalities for the second and third users to join the virtual meeting. The first user may also specify whether multiple factors of authentication (i.e., multiple authentication modalities) are required. At the meeting time, each user may log into their respective accounts on their respective user devices 125, 225A/225B/225C and attempt to join the meeting. When joining the meeting, each respective user may provide the required authentication via the pre-approved modality or modalities.” Examiner submits that the usability rules are merely an alias of the security rules of Claim 2 only with an inverse relationship to the security value as they create functionally equivalent results. That is, increasing the security value decreases usability value and vice versa. Such an interpretation is supported by Applicant’s Specification [0066], “The security dial 404 and the usability dial 420 may operate in a dependent nature upon one another; a higher security level may reduce the usability of the IntelliVault 100, while a higher usability may be implemented at the cost of higher security.”) [based on a usability dial], and the one or more fusion templates include one or more non-biometric modalities (Alexian, Col. 13, lines 59-63; “For example, the received authentication data (e.g., fingerprint, password, face scan, etc.) may be compared to an authentication database, such as the biometric database 115 or the biometric database 215.”).
The combination of Alexian, Gudavalli, Wang and Harding does not expressly teach:
… usability of a dial
However, Han teaches:
… usability of a dial (Han, Parag. [0030]; “In various implementations, the computing device 101 may be configured to evaluate various factors such as the trigger conditions that trigger capture of biometric information, the frequency at which the biometric information is captured, what the computing device does with captured biometric information, and so on based at least on one or more defaults, security policies, enterprise network policies, user preferences, and/or other such settings. In some cases, the computing device may adjust the basis for evaluation of such factors according to one or more machine learning processes. For example, the computing device may be configured to capture fingerprints whenever an application is accessed for the first time. If the application is successfully accessed without authentication failure for a particular number of times (such as three), the computing device may cease capturing fingerprints. In such a case, the computing device may resume capturing fingerprints when the application is accessed if a certain number of authentication failures associated with the application are received (such as four).” … Parag. [0094]; “I/O subsystem 2006 is coupled to touch I/O device 2012 and one or more other I/O devices 2014 for controlling or performing various functions … One or more other input controllers 2034 receives/sends electrical signals from/to other I/O devices 2014. Other I/O devices 2014 may include physical buttons, dials, slider switches, sticks, keyboards, touch pads, additional display screens, or any combination thereof.” Examiner submits that the I/O subsystem containing a dial may be used to change the various factors that trigger the frequency of biometric information is captured corresponding to the security/usability levels of Alexanian)
Alexanian, Gudavalli, Wang, Harding and Han are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Han into the invention of Alexanian-Gudavalli-Wang-Harding for the purpose of allowing a user-interface control of the security or usability value. Based on the KSR v. TELEFLEX rationale, such an addition uses known methods (a dial) to produce a predictable result (user control over a value).
Claims 6-7 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Alexanian et al. (US 11,303,631) hereinafter Alexanian and in view of Gudavalli et al. (MULTIMODAL BIOMETRICS-SOURCES, ARCHITECTURE & FUSION TECHNIQUES: AN OVERVIEW; 2012) hereinafter Gudavalli and further in view of Wang et al. (US 11,190,355) and Harding (US 2020/0329036) as applied to claim 1, and further in view of Miu (US 2019/0166110).
As per Claim 6, the combination of Alexanian, Gudavalli, Wang and Harding teach the method of claim 1.
The combination of Alexanian, Gudavalli, Wang and Harding does not expressly teach:
conducting a first transaction with a third party, comprising:
determining that the user is conducting the first transaction;
determining that a first transaction rule of the one or more usage rules is associated with the first transaction;
determining that a first fusion template of the one or more fusion templates is required for the first transaction;
determining that a plurality of data from the first fusion template is required for the first transaction;
retrieving the plurality of data from a database; and
sending, over the network, the plurality of data to the third party.
However, Miu teaches further comprising:
conducting a first transaction with a third party (Miu, Abstract; “… the transaction request initially submitted by a user to access data managed by the relying party.” … Parag. [0004]; “receiving, from a participant entity, a request to determine a trustworthiness of a transaction request, the transaction request being submitted by a user to access data managed by the participant entity; submitting a first inquiry at an authentication verification engine to determine an authenticity of a purported identity of the user submitting the transaction request” … Parag. [0021]; “The method may further include: in response to determining that the transaction request being submitted by the user was solicited by the participant entity.” … Parag. [0079]; “As shown in FIG. 1, data request 102 may represent a transaction request submitted by a user in the capacity of a consumer.”); comprising:
determining that the user is conducting the first transaction (Miu, Abstract; “… the transaction request initially submitted by a user to access data managed by the relying party.” … Parag. [0004]; “receiving, from a participant entity, a request to determine a trustworthiness of a transaction request, the transaction request being submitted by a user to access data managed by the participant entity; submitting a first inquiry at an authentication verification engine to determine an authenticity of a purported identity of the user submitting the transaction request” … Parag. [0021]; “The method may further include: in response to determining that the transaction request being submitted by the user was solicited by the participant entity.” … Parag. [0079]; “As shown in FIG. 1, data request 102 may represent a transaction request submitted by a user in the capacity of a consumer.”);
determining that a first transaction rule of the one or more usage rules is associated with the first transaction (Miu, Parag. [0256]; “plurality token sets may be secured by authentication… During the enrollment process, the token unique identifier may be established,” … Parag. [0257]; “The level of authentication sophistication may vary with the underlying roles and permissions associated with each set of identity.” … Parag. [0234], “Some implementations may function as an access "gate” - requiring biometric (or biometrically fused data), alone, or in combination with real-time data – hashing algorithms to ensure the data request is authentic);
determining that a first fusion template of the one or more fusion templates is required for the first transaction (Miu, Parag. [0098]; “ The identity data stored in databases 130-142 and third-party trusted system 144 may be acquired after a vetting process, corresponding to acquisition methods layer 114. … Once the applicant has passed the tests, biometric information identifying the applicant may be taken from the applicant, including, for example, a portrait of the applicant, a fingerprint of the applicant, a signature of the applicant, etc.” … Parag. [0234]; “Some implementations may function as an access "gate” - requiring biometric (or biometrically fused data), alone, or in combination with real-time data – hashing algorithms to ensure the data request is authentic (and not hacked or spoofed)” See also, Parag. [0083]; “discrimination method may include threshold level of the transaction amount to trigger increased scrutiny. As an illustration, financial transaction over the amount of $500 may automatically trigger increased scrutiny and if the amount is over $100,000 then more than one source may be consulted to verify the identity of the requestor.” Examiner submits that the passing of the tests determines whether more biometric information is required. Furthermore, depending on the level of security needed, the system disclosed in MIU may need further sources of identity—i.e. more biometric templates.)
determining that a plurality of data from the first fusion template is required for the first transaction (Miu, Parag. [0098]; “The identity data stored in databases 130-142 and third-party trusted system 144 may be acquired after a vetting process, corresponding to acquisition methods layer 114. … Once the applicant has passed the tests , biometric information identifying the applicant may be taken from the applicant, including, for example, a portrait of the applicant, a finger print of the applicant, a signature of the applicant, etc.” … Parag. [0234]; “Some implementations may function as an access "gate” - requiring biometric (or biometrically fused data), alone, or in combination with real-time data – hashing algorithms to ensure the data request is authentic (and not hacked or spoofed)” Examiner submits that the real-time data in conjunction with the biometric comprise the claimed “plurality of data.”)
retrieving the plurality of data from a database (Miu, Parag. [0098]; “The identity data stored in databases 130-142 and third-party trusted system 144 may be acquired after a vetting process , corresponding to acquisition methods layer 114.”); and
sending, over the network, the plurality of data to the third party (Miu, Parag. [0098]; “The identity data stored in databases 130-142 and third-party trusted system 144 may be acquired after a vetting process, corresponding to acquisition methods layer 114. … Once the applicant has passed the tests , biometric information identifying the applicant may be taken from the applicant… “ … Parag. [0202]; “Some implementations may enable use of transactional data within a closed network, when embodied as a discrete instance. Other implementations may be established within a virtual private network (VPN) or may have an application programming interface (API) and sufficient system access to facilitate the system connections to asset(s) within the VPN. These implementations may additionally include the use of transactional data across general purpose IP networks such as cellular, WiFi, or wired access to the internet.” Examiner submits the third party disclosed in MIU receives the plurality of data via a network.)
Alexanian, Gudavalli, Wang, Harding and Miu are from similar field of technology. Prior to the instant application’s effective filling date, provide a method for using multi-modal biometrics (fusion templates) for user authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Miu system into Alexanian-Gudavalli-Wang-Harding system, with a motivation to provide a set of rules to be applied to the fusion template in order to complete a transaction (Miu, Parag. [0098]).
As per Claim 7, the combination of Alexanian, Gudavalli, Wang, Harding and Miu teach the method of claim 6.
In addition, Miu teaches wherein the conducting the first transaction further comprises:
accessing a secret token associated with the user device (Miu, Parag. [0032]; “Providing the foundation token associated with the first index of privileges and permissions may include: transmitting data encoding the foundation token associated with the first index of privileges and permissions to the requester.” … Parag. [0033]; “Providing the foundation token associated with the first index of privileges and permissions may further include: encrypting the foundation token with a digital key of the certification authority.” Examiner submits that for the public key cryptographic signature scheme of MIU, the private key (i.e. a secret key) of the holder is used to cryptographically sign the biometric data payload and corresponds to the instant application’s “secret token.”)
and signing, using the secret token, the plurality of data before sending the plurality of data to the third party (Miu, Parag. [0033]; “Providing the foundation token associated with the first index of privileges and permissions may further include: encrypting the foundation token with a digital key of the certification authority.” … Parag. [0085]; “The electronic proof of identity may be subject to additional encryption (for example, by the holder's private key)” Examiner submits that in a private/public key system a digital signature is accomplished by signing with the holder’s private key.).
As per Claim 17, the rejection of claim 10 it is incorporated. In addition, it is a system claim that recites similar limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.
As per Claim 18, the rejection of claim 10 it is incorporated. In addition, it is a system claim that recites similar limitations to those of claim 7, and therefore it is rejected for the same rationale applied to claim 7.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Schultz et al. (US 2013/0267204) relates to an approach for enabling multi-factor biometric authentication of a user based on different data capture modalities of a mobile device is described. A biometric enabler receives a request for authentication of a user via a network at a mobile device of the user. The biometric authentication further initiates a capture of media associated with the user at the mobile device based on the request, wherein the capture is based on a capture condition. The biometric enabler also determines, in response to the request, whether the media is associated with different types of biometric information of the user as maintained in association with a resource that requires authentication of the user.
Hassani et al. (2020/0027091) relates to systems, methods, and computer-readable media are disclosed for decentralized authentication for autonomous vehicles and associated transactions. Example system includes a secure distributed network of servers including a biometrics server configured to authenticate a user using biometric data and generate a biometrics server authentication token when the user is authenticated, a transactional server configured to perform the transaction for the user upon receiving the biometrics server authentication token, the transactional server being further configured to generate a transactional server authentication token when the trans action is approved, and a mobility service server configured to receive both the biometrics server authentication token and the transactional server authentication token and provide access to the mobility service.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.D.C./Examiner, Art Unit 2498
/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498