Office Action Predictor
Last updated: April 17, 2026
Application No. 17/741,882

ELECTRONIC DEVICE FOR PROTECTING USER'S BIOMETRIC INFORMATION

Final Rejection §103
Filed
May 11, 2022
Examiner
NAHAR, SAYEDA S
Art Unit
2435
Tech Center
2400 — Computer Networks
Assignee
samsung electronics Co., Ltd.
OA Round
4 (Final)
67%
Grant Probability
Favorable
5-6
OA Rounds
3y 5m
To Grant
99%
With Interview

Examiner Intelligence

Grants 67% — above average
67%
Career Allow Rate
18 granted / 27 resolved
+8.7% vs TC avg
Strong +36% interview lift
Without
With
+35.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
25 currently pending
Career history
52
Total Applications
across all art units

Statute-Specific Performance

§101
14.0%
-26.0% vs TC avg
§103
61.6%
+21.6% vs TC avg
§102
4.4%
-35.6% vs TC avg
§112
17.6%
-22.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 27 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions 2. Claims 2, 3, 8-10, and 12-15 withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to nonelected Groups, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 11/26/2024. Response to Amendment 3. This is in response to the amendments filed on 11/13/2025. Claims 1, 16, and 17 have been amended. Claims 1,4-7, 11,16-20 are currently pending and have been considered below. Response to Arguments 4. Applicant’s arguments filed on 11/13/2025 have been fully considered but they are not persuasive. On the Remarks, Applicant argues that; The combination of the applied references fail to disclose the features of, "based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the first virtual machine to access the second application in the trusted execution environment, and based on the first virtual machine being allowed to access the second application, transmit, to the first application, the generated authentication result through the first virtual machine," as presently recited. The combination of the cited references fail to disclose (1) temporarily storing, in the trusted execution environment, the second biometric information acquired from the biometric sensor in the secure area, and (2) comparing, in the trusted execution environment, the second biometric information acquired from the biometric sensor with first biometric information stored in the secure area, (3) generating, in the trusted execution environment, an authentication result indicating whether the second biometric information is valid based on a result of the comparing, and (4) transmitting, to the first application, the generated authentication result through the first virtual machine, as presently recited. Hong fails to disclose the features of "based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the first virtual machine to access the second application in the trusted execution environment," as claimed. Park does not disclose “…..the second biometric information acquired from the biometric sensor….”. Applicant submits that the applied references fail to disclose or render obvious the presently claimed combination of features recited in independent claim 1. The examiner respectfully disagrees. First, in response to applicant's argument that Hoyos does not disclose (1) …. in the trusted execution environment, the second biometric information …. in the secure area, and (2) comparing, in the trusted execution environment, the second biometric information acquired from the biometric sensor with first biometric information stored in the secure area, (3) generating, in the trusted execution environment, an authentication result indicating whether the second biometric information is valid based on a result of the comparing, and (4) transmitting, to the first application, the generated authentication result through the first virtual machine. (1) it is noted that, Hoyos at Para.0086, Para.0074 discloses, “capture biometric data for the user, generate a biometric vector ….”, “The …. end-user device …. comprised of …. a secure area of …. a Trusted Execution Environment (TEE)”), which is equivalent to the claimed ‘…. in the trusted execution environment, the second biometric information …. in the secure area’. Also, (2) Hoyos at Para.0133, Para.0086, Para.0131, Para.0074 discloses, “the generated biometric vector can be compared to the ….enrollment vector, in step 930…... how well the generated biometric vector matches the enrollment vector”, “capture biometric data for the user, generate a biometric vector and verify the generated biometric vector against the user's stored biometric vector”, “the user's biometric data is captured via their end-user device”, “The …. end-user device …. comprised of … a Trusted Execution Environment (TEE)” which the examiner interpreted as being the claimed “comparing, in the trusted execution environment, the second biometric information …. with first biometric information …..”, because the broadest reasonable interpretation of the claimed “comparing, in the trusted execution environment, the second biometric information …. with first biometric information …..” includes the generated biometric vector equivalent to the claimed ‘second biometric information’ and the stored biometric vector equivalent to the claimed ‘the first biometric information’. In addition, (3) Hoyos at Para.0133, Para.0134 discloses, “a similarity score …. generated to quantify how well the generated biometric vector matches the enrollment vector…. if the …. similarity score meets a …. threshold value …...”, “When the similarity score meets the threshold…. the biometric authentication is deemed to be successful…...” which the examiner interpreted as being the claimed “generating, in the trusted execution environment, an authentication result indicating whether the second biometric information is valid based on a result of the comparing”, because the broadest reasonable interpretation of the claimed “generating, in the trusted execution environment, an authentication result indicating whether the second biometric information is valid based on a result of the comparing”, includes comparing the generated biometric vector with the enrollment vector/stored biometric vector of the user. A similarity score is generated when the generated biometric vector matches the enrollment vector/stored biometric vector, when the generated similarity score meets a threshold value, the biometric authentication is deemed to be successful, which is equivalent to the claimed ‘an authentication result indicating whether the second biometric information is valid based on a result of the comparing’. Moreover, (4) Hoyos at Para.0090, Para.0050, Para.0093 discloses, “… security service 460 …. used to secure communication functions (e.g., voice chat, text chat…. etc.) of a client software application 475 (e.g., SKYPE, FACEBOOK, INSTAGRAM, SNAPCHAT, etc.) …. provided …. to the ….. end-user device …For example, placing a phone call can require the user to pass voice recognition, allowing only the user of the …end-user device ….to make calls”, “require the user to successfully authenticate …. via their end-user device …in order to access any of the secure services …. ensuring that only the registered user is allowed access…. these services can include …. VoIP service ….”, “…. client software applications 475 within the … VM 470” which the examiner interpreted as being the claimed “transmitting, to the first application, the generated authentication result through the first virtual machine”, because the broadest reasonable interpretation of the claimed “transmitting, to the first application, the generated authentication result through the first virtual machine” includes successful' authentication of user which is required in order to access any of the secure services, when a user is successfully authenticated, they can use the VoIP service such as placing a phone call by using the claimed ‘first application’/client software application 475 (e.g., SKYPE, FACEBOOK, INSTAGRAM, SNAPCHAT, etc.), as first virtual machine VM 470 of Hoyos, contains the claimed ‘first application’ or client software applications 475, thus equivalent to the claimed ‘transmit, to the first application, the generated authentication result through the first virtual machine’. Second, in response to applicant's argument that the applied references fail to disclose the features of "based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the first virtual machine to access the second application in the trusted execution environment," as claimed. It is noted that, Hoyos at Para.0095, Para.0074 discloses, “VMs 470 can operate on the secure end-user device”, “The secure end-user device …. comprised of … software 435 components”, which is equivalent to the claimed ‘first virtual machine to …...the second application’, because VMs 470 is equivalent to the first virtual machine and software 435 is equivalent to the second application. Also, it is noted that, Hong at Para.0063, Para.0047, Para.0068, Para.0008 discloses, “secure application may be executed in …. one of the plurality of virtual machines 1010, 1020 and 1030”, “determine whether the access request …. is generated in the privilege virtual machine group”, “secure application …executed in TEE ….and …secure application …. executed in privilege virtual machine group”, “execute the normal application in the normal virtual machine group….execute the secure application in the privilege virtual machine group, and may block an access request from the normal virtual machine group for … resource allocated to the privilege virtual machine group” which the examiner interpreted as being the claimed “based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the ….virtual machine to access the ….application in the trusted execution environment", because the broadest reasonable interpretation of the claimed “based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the ….. virtual machine to access the …. application in the trusted execution environment” includes secure application which is executed in one of the plurality of virtual machines 1010, 1020 and 1030 (plurality of virtual machines 1010, 1020 and 1030 are equivalent to the claimed list of virtual machines), as the normal application in the normal virtual machine group cannot access the resource allocated in the privilege virtual machine group, only secure application in the privilege virtual machine group executed in one of the plurality of virtual machines can access the resource allocated in the privilege virtual machine group, thus equivalent to the claimed “based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the …. virtual machine to access the ….application”. Third, in response to applicant's argument that Park does not disclose “…..the …. biometric information acquired from the biometric sensor….” and the cited references fail to disclose “temporarily storing, …. the …. biometric information acquired from the biometric sensor….”, it is noted that, Park at Para.0090, Para.0099 discloses, “execute an application, acquire … biometric information of a user through the sensor”, “the application …. acquiring the …. biometric information”, which is equivalent to the claimed ‘…. the …application …. acquire biometric information from the biometric sensor….”. Also, Park at Para.0065, Para.0006 discloses, “of…the electronic device …. in the storage medium…data is semi-permanently stored in the storage medium and where the data is temporarily stored in the storage medium”, “data related to …. biometric information obtained …. in which the electronic device is used”, which is equivalent to the claimed “temporarily storing, …. the …. biometric information acquired from the biometric sensor….”. Finally, in response to applicant's argument that the applied references fail to disclose or render obvious the presently claimed combination of features recited in independent claim 1. it is noted that, Hoyos discloses “first virtual machine, first and second application” as well as “comparing, in the trusted execution environment, the second biometric information …. with first biometric information stored in the secure area, (3) generating, in the trusted execution environment, an authentication result indicating whether the second biometric information is valid based on a result of the comparing, and (4) transmitting, to the first application, the generated authentication result through the first virtual machine”. Hong discloses “based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the ….. virtual machine to access the …. application in the trusted execution environment” and Park discloses “…..the …. biometric information acquired from the biometric sensor….” and “temporarily storing, …. the …. biometric information acquired from the biometric sensor….”. Thus, the examiner concludes that a prima facie case of obviousness with respect to claim 1 is established by combining the references of Hoyos, Park and Hong for all the features. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. Claims 1,4-5, 11 and 16-20 are rejected under AIA 35 U.S.C. 103 as being unpatentable over Hoyos et al (US 20200296093 A1) in view of Hong et al. (US 20180129525 A1) and further in view of Park et al (US 20210012130 A1) Regarding Claim 1: Hoyos discloses: a. An electronic device (Para.0074; “The … end-user device”) comprising: a biometric sensor; (Para.0055; “… biometric sensors ….”) a processor connected to the biometric sensor; (Para.0074, Para.0055; “The …end-user device …. include one or more processors”, “biometric data… captured by the biometric sensors … attached to the end-user device”) a first memory connected to the processor (Para.0077, Para.0074; “The … end-user device …. comprised of …. A processor …. executes the …. instructions of software 435”, “The memory… store the … instructions of software 435… Memory…”) and configured to store a first virtual machine, (Para.0093; “… within … VM 470”) a first application, (Para.0090; “client software application 475 (e.g., SKYPE, FACEBOOK, INSTAGRAM, SNAPCHAT….”) and a second application (Para.0074; “software 435”) …. the biometric sensor; (Para.0078, Para.0053; “The I/O components 425 …include…. sensors…. included in …. end-user device”, “The end-user device …. include …. biometric sensors …. for capturing the user's …. biometric data”) and b. a second memory connected to the processor (Para.0074; “The …end-user device … comprised of hardware…. hardware 405 …include one or more processors…. memory) and divided into a general area providing a general execution environment (Para.0074; “The …end-user device …. include …. a central processor unit (CPU) …. performing arithmetical, logical…… operations….”) and a secure area providing a trusted execution environment (Para.0074; “The …end-user device …. include …. specialized or dedicated processors …. to handle specific functions… creating a Trusted Execution Environment (TEE)”) in which access by software executed in the general execution environment can be controlled, (Para.0036, Para.0049; “a biometric …. gateway …. used as the control point for allowing/denying end-user devices access to the secure services….”, “The biometric …gateway …. running …. based on users' biometric data…”, “Users …. register with the biometric …. gateway …. the biometric …. gateway…. run in the Trusted Execution Environment (TEE)….” biometric gateway is the control point between general and trusted execution environment, only the users with corresponding biometric provided can access to biometric authentication gateway which run in TEE) the secure area storing first biometric information, (Para.0127, Para.0053, Para.0074, Para.0055: “user's biometric enrollment vector….refer to the biometric vector created for the user during the enrollment process with the biometric authentication gateway”, “The end-user device … include ….a data store ….. for storing the user's …. biometric vector….”, “The …. end-user device …. comprised of …. to handle specific functions, such as a secure area of …. a Trusted Execution Environment (TEE)”, “perform functions that …. require the biometric authentication gateway ….to perform the …. verification of the user's …. biometric vector 227” user's biometric enrollment vector is construed as first biometric information) wherein the second memory stores instructions causing the electronic device to, (Para.0074; “The …. end-user device …. comprised of ….memory…. processor …used to handle specific functions, such as a secure area of a main processor”) when executed by the processor: load the first application to the general area from the first memory and execute the first application, (Para.0093, Para.0089; “The …. end-user device …. install …. client software applications 475 within the …. VM 470”, “the biometric security service …used to secure access to files stored in the memory….of the ….end-user device…..These files …. generated by client software applications 475.….” client software applications 475 is construed as the first application) load the first virtual machine to the general area from the first memory and execute the first virtual machine, (Para.0093, Para.0077; “end-user device …. install …. VM 470”, “The memory… store …. instructions of software 435”) c. load the second application to the secure area from the first memory and execute the second application (Para.0081, Para.0074; “The software 435 …of the … end-user device …. are stored in the memory…. and cause the …. end-user device …. to perform various tasks when executed by the processor 410….” the software 435 is construed as the second application, “executes …software 435…. specialized or dedicated processors …. such as a secure area”) …. second biometric information from the biometric sensor (Para.0086, Para.0055, Para.0078, Para.0079; “capture biometric data for the user, generate a biometric vector …. the generated biometric vector against the user's stored biometric vector”, “The biometric vector .… a unique digital file … from … user's … biometric data, as captured by the biometric sensors ….”,” The I/O components 425 …include… camera, sensors”, “I/O components 425 … include a camera to take the user's picture and …. software 435 to process the image” the generated biometric vector is construed as second biometric information) d. …. in the trusted execution environment, the second biometric information …. in the secure area, (Para.0086, Para.0074, Para.0055; “capture biometric data for the user, generate a biometric vector …. the generated biometric vector ….”, “The …. end-user device …. comprised of…… to handle specific functions, such as a secure area of …. a Trusted Execution Environment (TEE)”, “perform functions that …. require ….to perform the …. verification of the user's …. biometric vector 227”) compare, in the trusted execution environment, the second biometric information with the first biometric information (Para.0133, Para.0086, Para.0131, Para.0074; “the generated biometric vector can be compared to the ….enrollment vector, in step 930…... how well the generated biometric vector matches the enrollment vector”, “capture biometric data for the user, generate a biometric vector and verify the generated biometric vector against the user's stored biometric vector” the generated biometric vector is construed as the second biometric information and the stored biometric vector/enrollment vector is construed as the first biometric information, “the user's biometric data is captured via their end-user device”, “The …. end-user device …. comprised of … a Trusted Execution Environment (TEE)”) and generate, in the trusted execution environment, an authentication result indicating whether the second biometric information is valid based on a result of the comparing, (Para.0133, Para.0134; “In step 935, a similarity score …. generated to quantify how well the generated biometric vector matches the enrollment vector…. if the …. similarity score meets a …. threshold value …...”, “When the similarity score meets the threshold, step 945 …. the biometric authentication is deemed to be successful…...” when the generated biometric vector matches the enrollment vector/stored biometric vector, a similarity score is generated, when the generated similarity score meets a threshold value, the biometric authentication is deemed to be successful, which is construed as an authentication result indicating whether the second biometric information is valid based on a result of the comparing) ….. first virtual machine to ….. the second application (Para.0095, Para.0074; “VMs 470 can operate on the secure end-user device”, “The secure end-user device …. comprised of … software 435 components”) …. and e. ….transmit, to the first application, (Para.0090; “secure communication functions (e.g., voice chat, text chat, video chat, etc.) of a client software application 475 (e.g., SKYPE, FACEBOOK, INSTAGRAM, SNAPCHAT, etc.) … provided …to the ….end-user device …”) the generated authentication result (Para.0090, Para.0050, Para.0074; “….placing a phone call can require the user to pass voice recognition, allowing only the user of the ….end-user device ….to make calls”, “require the user to successfully authenticate …. via their end-user device …in order to access any of the secure services …. ensuring that only the registered user is allowed access…. these services can include …. VoIP service ….”, “The ….end-user device …. comprised of … software 435”) through the first virtual machine. (Para.0093, Para.0090; “…. client software applications 475 within the … VM 470”, “secure communication functions ….of a client software application 475…provided …to the ….end-user device … allowing only the user of the ….end-user device ….to make calls” successful authentication of user is required in order to access any of the secure services, when a user is successfully authenticated, they can use the VoIP service such as placing a phone call by using the first application/client software application 475 (e.g., SKYPE, FACEBOOK, INSTAGRAM, SNAPCHAT, etc.), as first virtual machine VM 470 contains the first application or client software applications 475, thus construed as transmit, to the first application, the generated authentication result through the first virtual machine) however, Hoyos does not explicitly disclose: a. a….application which can access the biometric sensor…. [Hoyos discloses first virtual machine, first application, second application and biometric sensor, but Hoyos does not disclose an application which can access the biometric sensor] c. execute the …application …. acquire biometric information from the biometric sensor…. [Hoyos does not disclose application acquires biometric information from the biometric sensor] d. temporarily store…..the ….. biometric information acquired from the biometric sensor ….. based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the …virtual machine to access the …..application in the trusted execution environment, and [Hoyos discloses first virtual machine to …. the second application, but Hoyos does not disclose “based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the …. virtual machine to access the …. application in the trusted execution environment”] e. based on the …. virtual machine being allowed to access the ….application, transmit…. the result …. [Hoyos discloses “transmit, to the first application, the generated authentication result through the first virtual machine”, but Hoyos does not disclose” based on the ….virtual machine being allowed to access the ….application, transmit… the result”] In an analogous reference Hong discloses: d. …..based on a list of virtual machines allowed to access at least one application in the trusted execution environment, (Para.0063, Para.0068; “secure application may be executed in …. one of the plurality of virtual machines 1010, 1020 and 1030”, “secure application … executed in TEE”) determine whether to allow the …virtual machine to access the …..application in the trusted execution environment, (Para.0047, Para.0068, Para.0008; “determine whether the access request …. is generated in the privilege virtual machine group”, “secure application …executed in TEE ….and …secure application …. executed in privilege virtual machine group”, “execute the normal application in the normal virtual machine group….execute the secure application in the privilege virtual machine group, and may block an access request from the normal virtual machine group for … resource allocated to the privilege virtual machine group” secure application is executed in one of the plurality of virtual machines 1010, 1020 and 1030 (plurality of virtual machines 1010, 1020 and 1030 are construed as list of virtual machines), as the normal application in the normal virtual machine group cannot access the resource allocated in the privilege virtual machine group, only secure application in the privilege virtual machine group executed in one of the plurality of virtual machines can access the resource allocated in the privilege virtual machine group which is construed as the claimed “based on a list of virtual machines allowed to access at least one application in the trusted execution environment, determine whether to allow the …. virtual machine to access the ….application”) and e. based on the …. virtual machine being allowed to access the …..application, transmit…. the result… (Para.0063; “a normal application … executed in … first one of the plurality of virtual machines …. a secure application …. executed in …. one of the plurality of virtual machines 1010, 1020 and 1030, and an access request for …. resource …. allocated to the ….one of the plurality of virtual machines 1010, 1020 and 1030 may be blocked when the access request is generated in the first one of the plurality of virtual machines …...” only secure application executed in one of the pluralities of virtual machines is allowed to access the allocated resources, when the normal application tries to access one of the resource allocated for a secure application executed in one of the plurality of virtual machines, the access request is blocked which is construed as based on the …. virtual machine being allowed to access the ….. application, transmit…. the result…) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hoyos’s method describing the biometric authentication process by enhancing Hoyos’s method to include Hong’s method for securely executing secure applications in trusted execution environments. The motivation: Determining whether to allow a first virtual machine (VM) to access a second application within a Trusted Execution Environment (TEE) based on a list of authorized VMs offers several key benefits like enhanced security, improved isolation and confidentiality, controlled resource access and dynamic access management. however, Hoyos in view of Hong does not explicitly disclose: a. a….application which can access the biometric sensor…. [Hoyos discloses first virtual machine, first application, second application and biometric sensor, but Hoyos does not disclose an application which can access the biometric sensor] c. execute the …application …. acquire biometric information from the biometric sensor….[Hoyos does not disclose application acquires biometric information from the biometric sensor] d. temporarily store…..the ….. biometric information acquired from the biometric sensor ….. In an analogous reference Park discloses: a. a….application which can access the biometric sensor (Para.0090; “execute an application, acquire … biometric information of a user through the sensor”) …. biometric authentication using biometric information acquired by the ….application; (Para.0099; “the application …. acquiring the …. biometric information”) c. execute the …application …. acquire biometric information from the biometric sensor…. (disclosed above) d. temporarily store…..the ….. biometric information acquired from the biometric sensor …..(Para.0065, Para.0006; “of…the electronic device …. in the storage medium…data is semi-permanently stored in the storage medium and where the data is temporarily stored in the storage medium”, “data related to …. biometric information obtained …. in which the electronic device is used”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hoyos in view of Hong’s method describing the biometric authentication process by enhancing Hoyos in view of Hong’s method to include Park’s method for measuring a user's biometric information in an electronic device. The motivation: An application that can access a biometric sensor offers significant benefits by providing a highly secure and convenient way to authenticate users, preventing fraud, improving access control, and enhancing user experience through features like easy logins without needing to remember passwords. With respect to independent claims 16 and 17, a corresponding reasoning was given earlier in this section with respect to claim 1; therefore, claims 16 and 17 rejected, for similar reasons, under the grounds as set forth for claim 1. Regarding Claim 4: Hoyos in view of Hong and in view of Park discloses: g. The electronic device of claim 1, wherein the instructions further cause the processor to; load a first virtual machine manager (Hoyos, Para.0081; “The software 435 … executed…. include …a secure multivisor…”) configured to manage access of the first virtual machine (Para.0086, Para.0093; “access to …biometric vector … enforced by the secure multivisor 445”, “The … end-user device …. install … VM 470”) to the trusted execution environment to the general area from the first memory, (Para.0081, Para.0074; “The software 435… instructions … stored in the memory…. 415…. executed by the processor 410”, “processors 410 …. handle specific functions…. a Trusted Execution Environment (TEE)”) and in response to a request for the biometric authentication of the first application, (Hoyos, Para.0090; “a client software application 475 (e.g., SKYPE, FACEBOOK, INSTAGRAM, SNAPCHAT, etc.) …as part of the secure services (e.g., voice communication ….provided … to the ….end-user device… For example, placing a phone call can require the user to pass voice recognition”) load the first virtual machine to the general area from the first memory (Para.0093; “end-user device …. install …. VM 470”) and execute the first virtual machine, (Para.0095; “VMs 470 ….representing …client software applications 475… the secure services … apply … to each … VM 470”) and wherein the first virtual machine manager is further configured to determine (Hoyos, Para.0086; “The user's biometric vector 420 … stored in a secure partition 450 ….access to the secure partition … enforced by the secure multivisor 445”) whether to allow the first virtual machine to access the trusted execution environment, (Para.0075, Para.0095; “processors 410 … supports Trusted Execution Environment (TEE)”, “multiple … VMs 470 …operate on the …end-user device 400”) … …. allow the first virtual machine to access the trusted execution environment, based on the list of virtual machines. (Hong, disclosed in claim 1) Regarding Claim 5: Hoyos in view of Hong and in view of Park discloses: h. The electronic device of claim 4, wherein the first virtual machine manager is further configured to perform an operation of determining whether to allow the first virtual machine to access the second application (Hoyos, Para.0086, Para.0095, Para.0079; “The user's biometric vector 420 … stored in a secure partition 450 ….access to the secure partition … enforced by the secure multivisor 445”, “multiple … VMs 470 …operate on … end-user device 400… the secure services … apply … to each …. VM 470”, “a biometric authentication service … utilize facial recognition…. a camera to take the user's picture and facial recognition software 435 to process the image”) …… allow the first virtual machine to access … the trusted execution environment, based on the list of virtual machines. (Hong, disclosed in claim 1) Regarding Claim 11: Hoyos in view of Hong and in view of Park discloses: k. The electronic device of claim 1, wherein the instructions further cause the processor to load a first virtual machine manager configured to manage access of the first virtual machine to the trusted execution environment to the general area from the first memory, (disclosed in claim 4) and wherein the first virtual machine manager is further configured to identify a basic authentication as a preceding condition, (Hoyos, Para.0115, Para.0086, Para.0050; “Registration with the biometric gateway …prompt the user to provide …username and password ….”, “access to the secure … enforced by the secure multivisor 445….” secure multivisor 445 is construed as the first virtual machine manager, “biometric …. gateway … require the user to successfully authenticate their biometric …. in order to access …. secure services …”) which should be performed before the biometric authentication, from information indicating the preceding condition, (FIG.11/Para.0141; “initiate … 1115 the user's username and password to the biometric gateway …. verify 1120 the user's identity” from later citations indicated that biometric gateway run in TEE, access to TEE requires registration of user, from FIG. 11, step 1115 requires user providing their user name/password first and after verifying that, at step 1135 user provides biometric authentication, thus construed as basic authentication (user name /password) a preceding condition, which should be performed before the biometric authentication) make a request for the basic authentication to the trusted execution environment, (Para.0097,Para.00115/ FIG.11; “Requested …specific privilege … require …. verification of the user …. corresponding biometric … gateway”, “Registration with the biometric gateway … user to provide …. a username and password as well as perform biometric enrollment”) and identify that the basic authentication is successful from the trusted execution environment, (Para.0049, Para.0141; “biometric authentication gateway … run in the Trusted Execution Environment (TEE)”, “The biometric gateway … verify 1120 the user's identity”) and make a request for the biometric authentication to the first virtual machine as the basic authentication is successful. (Para.0143, Para.0093; “the biometric gateway … send 1135 … a request for biometric authentication from the user. The user …. perform the biometric authentication 1140 …. 1140 …. sent 1145 to the biometric gateway …”, “user of the …end-user device …. install various …VM …”) Regarding Claim 18: Hoyos in view of Hong and in view of Park discloses: l. The non-transitory recording medium of claim 17, wherein … virtual machines is stored in …. the first memory, (Hoyos, Para.0081, Para.0093; “The software 435 …. stored in the memory…”, “software applications … within … VM”) and wherein the first memory comprises nonvolatile memory. (Hoyos, Para.0077; “Memory…include …. non-volatile elements”) …. the list of virtual machines is stored in a secure area of the first memory, (Hong, Claim 7, Para.0029, Para.0068; “a memory device … store …. privilege virtual machine group”, “virtual machine 132 and 134 in privilege virtual machine group”, “secure application …executed in TEE ….and …secure application …. executed in privilege virtual machine group”) Regarding Claim 19: Hoyos in view of Hong and in view of Park discloses: m. The non-transitory recording medium of claim 18, wherein … virtual machine is loaded into volatile memory (Hoyos, Para.0081, Para.0093, Para.0077; “…. end-user device …... executed by the processor ….”, “applications … within … VM”, “Memory… include volatile”) and a right to access the ….. virtual machines is assigned to a first virtual machine manager. (Para.0086; “The user's biometric vector 420 … stored in a secure partition 450 ….access to the secure partition … enforced by the secure multivisor 445”) ….. the list of virtual machines…. (Hong, disclosed in claim 1) Regarding Claim 20: Hoyos in view of Hong and in view of Park discloses: The electronic device of claim 1, wherein the instructions further cause the processor to: load, from the first memory, …. virtual machines to the secure area of the second memory, (Hoyos, Para.0074, Para.0094; “The ….end-user device … comprised of hardware 405 and software 435 components…hardware 405 can include …processors 410, memory ….processor 410 … used to handle specific functions, such as a secure area of a main processor 410 for creating a Trusted Execution Environment (TEE)”, “VMs 470 … instantiated on the …end-user device”) and …. list of virtual machines to the secure area …… (Hong, Para.0063, Para.0068; “secure application may be executed in …. one of the plurality of virtual machines 1010, 1020 and 1030”, “secure application … executed in TEE”) based on the first virtual machine being recorded as a virtual machine having a right to access the trusted execution environment in the list of virtual machines, allow the first virtual machine to access the trusted execution environment. (Hoyos and Hong, disclosed in claim 1) Claims 6 and 7 are rejected under AIA 35 U.S.C. 103 as being unpatentable over Hoyos et al (US 20200296093 A1) in view of Hong et al. (US 20180129525 A1) also in view of Park et al (US 20210012130 A1) and further in view of Quinn et. Al (US 20230376411 A1) Regarding Claim 6: Hoyos in view of Hong also in view of Park discloses: i. The electronic device of claim 1, wherein the instructions further cause the processor to load a …virtual machine manager configured to manage access of the first virtual machine …. from the first memory, (Hoyos, disclosed in claim 1 and 4) and wherein the …. virtual machine manager is further configured to perform an operation of determining whether to allow the first virtual machine to access the trusted execution environment…. (Hoyos, disclosed in claim 4) …. allow the first virtual machine to access the trusted execution environment, based on the list of virtual machines. (Hong, disclosed in claim 1) however, Hoyos in view of Hong also in view of Park does not explicitly disclose: …a second virtual machine manager configured to manage …. the first virtual machine … In an analogous reference Quinn discloses: ….a second virtual machine manager configured to manage … the first virtual machine (Para.0094; “a second hypervisor …servicing …VM …. of the one or more hypervisor applications”) …. Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hoyos in view of Hong also in view of Park’s method describing the biometric authentication process by enhancing Hoyos in view of Hong also in view of Park’s method to include Quinn’s method for executing multiple hypervisors. The motivation multiple hypervisors can provide benefits like improved resource management, increased flexibility in workload distribution, enhanced security isolation between different environments. Regarding Claim 7: Hoyos in view of Hong also in view of Park discloses: j. The electronic device of claim 6, wherein the …. virtual machine manager is further configured to perform an operation of determining whether to allow the first virtual machine to access the second application executed in the trusted execution environment, based on list of virtual machines. (disclosed in claim 5) however, Hoyos in view of Hong also in view of Park does not explicitly disclose: the second virtual machine manager …allow the first virtual machine … In an analogous reference Quinn discloses: the second virtual machine manager …allow the first virtual machine … (disclosed in claim 6) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hoyos in view of Hong also in view of Park’s method describing the biometric authentication process by enhancing Hoyos in view of Hong also in view of Park’s method to include Quinn’s method for executing multiple hypervisors. The motivation is same as claim 6. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAYEDA SALMA NAHAR whose telephone number is (703)756-4609. The examiner can normally be reached M-F 12:00 PM to 6:00 PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached on (571) 270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAYEDA SALMA NAHAR/Examiner, Art Unit 2435 /AMIR MEHRMANESH/Supervisory Patent Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

May 11, 2022
Application Filed
Dec 14, 2024
Non-Final Rejection — §103
Feb 18, 2025
Applicant Interview (Telephonic)
Mar 03, 2025
Examiner Interview Summary
Mar 10, 2025
Response Filed
May 09, 2025
Final Rejection — §103
Jul 02, 2025
Request for Continued Examination
Jul 08, 2025
Response after Non-Final Action
Aug 21, 2025
Non-Final Rejection — §103
Nov 13, 2025
Response Filed
Jan 29, 2026
Final Rejection — §103
Apr 01, 2026
Request for Continued Examination
Apr 08, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12537850
CONCEALED MONITOR COMMUNICATIONS FROM A TASK IN A TRUSTED EXECUTION ENVIRONMENT
2y 5m to grant Granted Jan 27, 2026
Patent 12506751
METHOD AND SYSTEM FOR SCORING SEVERITY OF CYBER ATTACKS
2y 5m to grant Granted Dec 23, 2025
Patent 12493681
PUF-RAKE: A PUF-BASED ROBUST AND LIGHTWEIGHT AUTHENTICATION AND KEY ESTABLISHMENT PROTOCOL
2y 5m to grant Granted Dec 09, 2025
Patent 12457490
ON-DEMAND SUBSCRIPTION CONCEALED IDENTIFIER (SUCI) DECONCEALMENT FOR SELECT APPLICATIONS
2y 5m to grant Granted Oct 28, 2025
Patent 12445469
USING A THREAT INTELLIGENCE FRAMEWORK TO POPULATE A RECURSIVE DNS SERVER CACHE
2y 5m to grant Granted Oct 14, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
67%
Grant Probability
99%
With Interview (+35.8%)
3y 5m
Median Time to Grant
High
PTA Risk
Based on 27 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month