Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant's arguments filed February 20, 2026 have been fully considered but they are not persuasive.
On page 2 of the remarks, Applicant states that claims 1-12, and 14-21 were rejected under 35 U.S.C. 112(a) (“112(a)”) as failing to comply with the written description requirement, and states that the rejection is deficient, as the claims recite that the message comprises a cryptographic parameter used to encrypt biometric data, not that the message itself performing the encryption. Applicant further states that the rejection conflates enablement with Written Description support, with 35 U.S.C. 112(a) asserting that verbatim support is not necessary, and Applicant argues that the rejections do not establish the appropriate level of skill for a person having skill in the relevant art by which to gauge enablement. Applicant states that the rejection is improper and must be withdrawn.
Examiner states that Applicant does not address any of the rejections of the independent claim 1 regarding the sections of ‘a cryptographic parameter that encrypts biometric data […] and decrypts encrypted biometric data […]’, ‘discarding, […] the cryptographic parameter’, and ‘transmitting, […] a message to the user device indicating that the user’s account has been suspended’, and while verbatim support is not necessary for the Written Description (“WD”) requirement, the Applicant fails to point out where in the Specification where additional support for the claimed limitations can be found, as sections [Page 5, lines 15-21] and [Page 3, lines 5-8] for ‘a cryptographic parameter that encrypts biometric data […] and decrypts encrypted biometric data […]’, [Page 4, lines 18-21] for ‘discarding, […] the cryptographic parameter’, and [Page 4, lines 18-21] for ‘transmitting, […] a message to the user device indicating that the user’s account has been suspended.’, with further support from [Page 6, lines 29-32] for an account being in a suspended state, all of the above sections describe claimed limitations recited above, but do not explain in further detail how the invention performs the limitations of “a cryptographic parameter that encrypts biometric data […] and decrypts encrypted biometric data […]”, “discarding, […] the cryptographic parameter’”, and “transmitting, […] a message to the user device indicating that the user’s account has been suspended”, and a person of ordinary skill in the art would not understand how to make the invention without further detail on how the invention functions regarding the claimed limitations. Furthermore, the Examiner has never asserted an enablement rejection, as enablement is described in MPEP § 2164, where the enablement requirement of 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph, is separate and distinct from the written description requirement. Vas-Cath,Inc. v. Mahurkar, 935 F.2d 1555, 1563, 19 USPQ2d 1111, 1116-17 (Fed. Cir. 1991) (“the purpose of the ‘written description’ requirement is broader than to merely explain how to ‘make and use’”). See also MPEP § 2161. Therefore, the fact that an additional limitation to a claim may lack descriptive support in the disclosure as originally filed does not necessarily mean that the limitation is also not enabled. As a result of Applicant not clarifying on the limitations present in the independent claims, Examiner maintains the rejections under 35 U.S.C. 112(a) for failing to comply with written description made previously for independent claims 1, 14, and 15, and the dependent claims that depend on their respective independent claims.
On pages 2-3 of the remarks, Applicant states that the rejections under 35 U.S.C. 103 do not teach or suggest each and every feature of the claimed rejection. Claims 1-4, 7-10, and 12-17, and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Roh et al. (US20030076962), hereinafter "Roh", in view of Roth et al. (US 9,071,429), hereinafter "Roth", and further in view of Nguyen et al. (US20070038863), hereinafter "Nguyen". Claims 5 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Roh in view of Roth, and further in view of Jakobsson (US20160105285). Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Roh in view of Roth and Jakobsson, and further in view of Campagna (US 9,407,437). Applicant states that the claimed invention generally relates to user access control of the user’s biometric data at a biometric database, and stores the biometric data of the user for biometric authentication. At times, a user wishes to suspend the user’s account to make the data unavailable to avoid risk of theft or inappropriate use of the user’s data, but doing so typically deleted the data, and required a new registration process to add the user’s data back when ‘un-suspending’ the user account. The invention would address this by enabling a user to suspend the user’s account by encrypting the biometric data of the user using a cryptographic parameter used to both encrypt the user’s biometric data at the biometric database and decrypt the encrypted biometric data.
Furthermore, on page 4 of the remarks, Applicant has amended claim 1 to include “receiving, at the biometric database, a message from a user device […], which is authenticated via the biometric data of the user, the message comprising a cryptographic parameter that is used to encrypt […] and decrypt […] biometric data of the user”, with claims 14 and 15 including similar recitations. Applicant argues that the Office Action (“OA”) states that Roh at paragraph [0037] and Fig. 5 teaches the recitation prior to amendment, but that Roh’s disclosure relates to suspension of a digital certificate within a PKI framework, not suspension of a biometric-authenticated user account at a biometric database, with the suspension request concerning certificate validity, and the object being suspended being the certificate itself, an authentication credential, not a user account. Applicant states that none of the references cure this deficiency of Roh, and that the independent claims are allowable over the references relied upon in the OA.
Examiner disagrees with the Applicant regarding the aspect that Roh does not appear to suggest the amended limitation of “receiving, at the biometric database, a message from a user device to suspend a user's account, which is authenticated via the biometric data of the user, the message comprising a cryptographic parameter”, as paragraph [0037] of Roh states that suspension of an account in steps S516 and S518 in Fig. 5 is performed by receiving a certificate validity modification request message (Figure 5: S508) that indicates the certificate suspension, and this is also illustrated in paragraph [0031] describing a certificate suspension menu if the user wishes to suspend of an unneeded certificate to access the authentication system in S400 of Fig. 4, which then requests the user to input biometric information in S402 as described in paragraph [0032] as authentication to modify the certification validity in S404. Paragraph [0032] of Roh further describes that the user system 104 encrypts the generated certificate modification request message with a public key, or a cryptographic parameter, and sends the encrypted certificate modification request message to the certificate authority 108 over the Internet 106, which teaches the amended limitation of “receiving, at the biometric database, a message from a user device to suspend a user's account, which is authenticated via the biometric data of the user”. Furthermore, although the object being suspended is indeed a certificate, it is described in paragraph [0016] that a certificate is issued after a member is registered as a member in the certificate authority 108, in which the certificate corresponds to a user account of the Applicant, when also taking into account registration can be performed by having the user 100 register his/her unique biometric information, such as a fingerprint, for the user to be registered in the certificate authority 108, which corresponds to a biometric-authenticated user account at a biometric database. When taking into account block S516 in Fig. 5, “certificate suspension” that indicates a suspension of a user certificate that a user is registered to, and paragraph [0032] describing a user system 104 encrypting the generated certificate modification request message with a public key, or a cryptographic parameter, this shows that Roh suggests the limitation of “receiving, at the biometric database, a message from a user device to suspend a user's account, which is authenticated via the biometric data of the user, the message comprising a cryptographic parameter”.
Next, on page 5 of the remarks, Applicant has further amended claim 1 to include “encrypting, at the biometric database, the biometric data of the user […] using the cryptographic parameter that renders the biometric data temporarily inaccessible during suspension of the user’s account until re-activation by a user request to unsuspend the user’s account;”, with claims 14 and 15 including similar recitations. Applicant argues that the Office Action (“OA”) states that Roh at paragraph [0037] and Fig. 5 does not disclose encrypting biometric data at the biometric database in response to a suspension event, and that Roh’s suspension relates to certificate validity modification within a PKI framework. To add on to this, Roh does not disclose re-encrypting ‘already-stored’ biometric data upon suspension of an account, and that Roh’s biometric authentication and certificate management are distinct processes, with no teaching that suspension triggers cryptographic transformation of stored biometric templates at the biometric database, with Roh suspending the certificate, not the biometric data in the database. Applicant further states that Nyugen describes encrypting biometric templates using a key derived from a user-provided secret, but encryption occurs during enrollment or storage, not in response to a request to suspend a user account of the Applicant, with Nyugen’s system encrypting biometric data as part of its baseline storage architecture, not disclosing encrypting biometric data as a lifecycle control mechanism tied to suspension, nor teaching rendering biometric data temporarily inaccessible until reactivation. Applicant states that Nyugen does not implement a reversible suspension state that disables biometric authentication capability. Finally, Applicant states that Roth’s key management and destruction of encryption keys to control access to customer data, as stated in [Col. 2, lines 27-29] and [Col. 7, lines 6-11], but does not teach encrypting biometric data at a biometric database in response to a request to suspend a user account, nor does Roth teach biometric authentication capability being disabled by encrypting biometric templates associated with a user account. Rather, Roth only addresses destruction or restoration of master keys to control access to encrypted data, but is not equivalent to encrypting biometric data upon suspension of a biometric-authenticated service account. Finally, Applicant states in page 6 of the remarks that the claims require that the encryption renders the biometric data temporarily inaccessible during suspension of the user’s account, so that suspension is enforced by disabling biometric authentication capability itself, and that suspension is not merely a flag or status change, and that the references relied upon by the Examiner describe certificate suspension, encryption of biometric templates during storage, and destruction of encryption keys in a key management service, which do not collectively suggest encrypting biometric data at a biometric database as a reversible suspension mechanism tied to user account lifecycle control, and requests that the independent claims be rendered allowable over the references relied upon in the OA.
Examiner disagrees with the Applicant regarding the refrences of Roh, Roth, and Nyugen not teaching or suggesting the claimed limitations for claim 1 above. The Applicant appears to address each prior art reference individually, and not in combinations (such as Roh in view of Roth), and without addressing the combination of references for other claim limitations that Roth or Nyugen teach or suggest. Roh’s paragraph [0031] describing a certificate suspension menu if the user wishes to suspend of an unneeded certificate to access the authentication system in S400 of Fig. 4, and it is described in paragraph [0016] that a certificate is issued after a member is registered as a member in the certificate authority 108, in which the certificate corresponds to a user account of the Applicant, when also taking into account registration can be performed by having the user 100 register his/her unique biometric information, such as a fingerprint, for the user to be registered in the certificate authority 108, which corresponds to a biometric-authenticated user account at a biometric database. When taking into account block S516 in Fig. 5, “certificate suspension” that indicates a suspension of a user certificate that a user is registered to, and paragraph [0032] describing a user system 104 encrypting the generated certificate modification request message with a public key, or a cryptographic parameter, as described of Roh. Next, the argument that Roh does not suggest “re-encrypting ‘already-stored’ biometric data upon suspension of an account” as stated in page 5 of the remarks by the Applicant is not recited in the claimed limitations, but nevertheless, while Roh does not disclose “re-encrypting ‘already-stored’ biometric data”, Roth’s [Col. 7, lines 35-38] Fig. 3, step 316 describes that a master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, with the encryption being performed when suspending the ’already-stored’ data, which, in combination with Roh’s paragraph [0031] describing a suspension of a certificate and recovery of a suspended certificate, corresponding to biometric data being temporarily during suspension of the user's account until re-activation by a user request to unsuspend the user's account, is utilized to teach the “re-encrypt[ion] of biometric data” in the event of a suspension of a user account. Next, the Applicant stating that Nyugen in paragraphs [0027]-[0031] in which Nyugen’s system performs encryption occurring during enrollment or storage, not in response to a request to suspend a user account, and the Examiner describes that while Nyugen does not describe “in response to a request to suspend a user account“, the reference of Roh states in paragraph [0018] Fig. 1, a method of suspending a user’s account in which the certificate validity modification request from a user 100 can contain a certificate suspension to the certificate authority 108, and in combination with Roth’s [Col. 7, lines 35-38] Master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, discloses the limitation of “storing, at the biometric database in response to the message to suspend the user's account, the encrypted biometric data”.
Finally, Examiner states that the limitation of “encrypting biometric data at a biometric database in response to a request to suspend a user account” is stated by Roth in section [Col. 7, lines 35-38] Fig. 3, step 316, master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, and when taking into account Roh’s [0018] Fig. 1, a method of suspending a user’s account in which the certificate validity modification request from a user 100 can contain a certificate suspension to the certificate authority 108, teaches the combination of “encrypting biometric data at a biometric database in response to a request to suspend a user account”. However, the limitation of “encrypting […] the biometric data of the user associated with the user’s account using the cryptographic parameter” and “responsive to the message to suspend the user’s account” are separate limitations. Additionally, the statement that the prior art references do not ‘collectively suggest encrypting biometric data at a biometric database as a reversible suspension mechanism tied to user account lifecycle control’ as described by the Applicant is described in the passages above in Roh, Roth, and Nyugen. In particular, the passages of Roh paragraph [0031] describing a certificate suspension menu if the user wishes to suspend of an unneeded certificate to access the authentication system in S400 of Fig. 4, which then requests the user to input biometric information in S402 as described in paragraph [0032] as authentication to modify the certification validity in S404, paragraph [0031] also describing recovery of a suspended certificate, corresponding to biometric data being temporarily during suspension of the user's account until re-activation by a user request to unsuspend the user's account recites the primary aspect of “a reversible suspension mechanism tied to user account lifecycle control”, and the references of Roth [Col. 7, lines 35-38] Master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, and in combination with [0026] of Roh having customer data represented as user biometric information as a certificate maintained in the database, is utilized to teach the limitation of “encrypting, at the biometric database, biometric data of the user […] that renders the biometric data temporarily inaccessible during suspension of the user's account until re-activation by a user request to unsuspend the user's account, and can be considered a form of “reversible suspension mechanism tied to user account lifecycle control”, with Roth’s decryption and encryption of customer data using the restored master key being considered “reversible suspension mechanism” as described by the Applicant. As a result, Examiner maintains the rejections under 35 U.S.C. 103 made previously for independent claims 1, 14, and 15 over Roh in view of Roth and Nyugen. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Claim Objections
Claim 1 is objected to because of the following informalities:
Duplicate claim limitation of “encrypting, at the biometric database, the biometric data of the user associated with the user's account using the cryptographic parameter” in lines 10-11.
Appropriate correction is required.
Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-12, and 14-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 1 recites the limitations of ‘a cryptographic parameter that encrypts biometric data […] and decrypts encrypted biometric data […]’, ‘discarding, […] the cryptographic parameter’, and ‘transmitting, […] a message to the user device indicating that the user’s account has been suspended.’. In the specification of the Applicant, recitations on which are described in the claim limitations are stated in sections [Page 5, lines 15-21] and [Page 3, lines 5-8] for ‘a cryptographic parameter that encrypts biometric data […] and decrypts encrypted biometric data […]’, [Page 4, lines 18-21] for ‘discarding, […] the cryptographic parameter’, and [Page 4, lines 18-21] for ‘transmitting, […] a message to the user device indicating that the user’s account has been suspended.’, with further support from [Page 6, lines 29-32] for an account being in a suspended state. However, Applicant states that the message containing a cryptographic parameter/key can encrypt or decrypt biometric information in a database, and instead, the section of [Page 3, lines 5-8] in the specification states that the message can only act as a confirmation that biometric data has been successfully encrypted. There is no support in the disclosure regarding how the inventor intended to perform these various claimed functionalities. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function reciting in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention.
Independent claims 14 and 15 recite similar claim limitations to the aforementioned independent claim 1 above. As a result, the independent claims 14 and 15 are rejected for similar reasons as claim 1 above.
Furthermore, dependent claims 2-12, and 16-21 rely upon their respective independent claims, and as a result of rejections under 112(a) for the independent claims, the dependent claims inherit the rejections of their respective independent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 7-10, 14-17, and 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over Roh et al. (US 20030076962 A1), hereafter Roh, in view of Roth et al. (US 9071429 B1), hereafter Roth, and Nguyen et al. (US 20070038863 A1), hereinafter Nguyen.
Regarding claim 1, Roh discloses ‘a computer implemented method of managing user accounts at a biometric database, the biometric database comprising biometric data of a user, the method comprising’ ([0026] A method is taught that compares user biometric information in a certificate modification request message with the user biometric information stored in the biometric information database 312 in Fig. 3, within the database storage unit 310 in Figs. 1 and 3, as stated in paragraph [0026].):
‘receiving, at the biometric database, a message from a user device to suspend a user's account, which is authenticated via the biometric data of the user, the message comprising a cryptographic parameter’ ([0037] Suspension of an account in steps S516 and S518 in Fig. 5, by receiving a certificate validity modification request message (Figure 5: S508) indicating the certificate suspension, with paragraph [0031] describing a certificate suspension menu if the user wishes to suspend of an unneeded certificate to access the authentication system in S400 of Fig. 4, which then requests the user to input biometric information in S402 as described in paragraph [0032] as authentication to modify the certification validity in S404. [0032] User system 104 encrypts the generated certificate modification request message with a public key, or a cryptographic parameter, and sends the encrypted certificate modification request message to the certificate authority 108 over the Internet 106.);
‘responsive to the message to suspend, the user's account’ ([0018] Fig. 1, a method of suspending a user’s account in which the certificate validity modification request from a user 100 can contain a certificate suspension to the certificate authority 108. Certificate suspension corresponds to a message to suspend of the Applicant.):
‘transmitting, from the biometric database, a message to the user device indicating that the user's account has been suspended’ ([0037] A message generation module 304 in Fig. 3, at Step 514 (Figure 5) that generates an acknowledgement message for notifying the user that their certificate suspension request has been normally processed.).
‘biometric data’ ([0026] of Roh having customer data represented as user biometric information, is utilized to teach the limitation.);
‘biometric database’ ([0026] of Roh states the biometric information database 312 as being part of the database storage unit 110.);
Roh does not appear to disclose, but Roth teaches the limitations of ‘encrypting, at the biometric database, biometric data of the user associated with the user's account using the cryptographic parameter that renders the biometric data temporarily inaccessible during suspension of the user's account until re-activation by a user request to unsuspend the user's account’ ([Col. 7, lines 35-38] Fig. 3, step 316, master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, and in combination with [0026] of Roh having customer data represented as user biometric information and paragraph [0031] describing a suspension of a certificate and recovery of a suspended certificate, corresponding to biometric data being temporarily during suspension of the user's account until re-activation by a user request to unsuspend the user's account, is utilized to teach the limitation.);
‘storing, at the biometric database, the encrypted biometric data’ ([Col. 7, lines 35-38] Master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, and in combination with [0026] of Roh having customer data represented as user biometric information, is utilized to teach the limitation. [Col. 10, lines 64-65] teaches a method of storing production data 612 and user information 616 in Fig. 6.);
and ‘discarding, at the biometric database, the cryptographic parameter’ ([Col. 7, lines 6-11] Method of the cryptographic service marking or otherwise flagging the master key as pending deletion, and the cryptographic service shreds, in step 310 in Fig. 3, or otherwise destroys at least one copy of the master key stored by the cryptographic service.);
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh and Roth before them, to include Roth’s encrypting and storing of the biometric data, in Roh’s computer implemented method of managing user accounts at a biometric database. One would have been motivated to make such a combination ‘to access customer data encrypted under [the] key material’ to help improve the customer’s privacy when accessing their own data while preventing unauthorized access from other users or attackers when the data is compromised, as taught by Roth [Col. 2, lines 4-5], and to ensure that ‘the key material under control of the cryptographic service can be shredded or otherwise deleted’ to create a more secure system by ensuring that the customer data encrypted under the key material, that being the master key, cannot be accessed to safeguard against other users having access to the customer’s data, as taught by Roth [Col. 2, lines 27-29].
Roh and Roth do not teach the limitation of, but Nguyen teaches the limitations of ‘cryptographic parameter that is used to encrypt biometric data of the user at the biometric database and decrypts encrypted biometric data of the user at the biometric database’ ([0028] "In a symmetric encryption system, the encryption key 540 is the same as the decryption key 564", and in this scenario, an encryption key corresponds to a cryptographic parameter that can both be used to encrypt and decrypt biometric data of the user. Bins are subsets of biometric information in a database. Fig. 2, encryption function is shown with an encryption key 220 being used on biometric information stored in bin 240, described in paragraph [0022], wherein the bin itself is located in a database comprising biometric information.).
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, and Nguyen before them, to include Nguyen’s ‘cryptographic parameter that encrypts biometric data of the user at the biometric database and decrypts encrypted biometric data of the user at the biometric database’ in Roh’s computer implemented method of managing user accounts at a biometric database. One would have been motivated to make such a combination to increase security by reducing the risk of storing biometric information in a database, as an encryption key is known by the biometric access database to encrypt and decrypt the bins that are present in the database that contain biometric templates associated with a user, as stated in Nguyen [0007].
Regarding claim 2, Roh in view of Roth and Nguyen teaches the elements of claim 1 as outlined above. Roh also discloses the limitations of ‘receiving, at the biometric database, a message from the user device to re-activate the user's account, the message comprising the cryptographic parameter’ ([0017] and [0022] Fig. 1, a method of the user re-activating the user's account, which involves the user 100 sending a message to the certificate authority 108 though the user system 104 and then to the biometric database 312 in Fig. 3. [0026] also states that a biometric database is the biometric information database 312 in Roh, which is itself inside a database storage unit 110 in Fig. 1, which includes biometric data. [0025] Certificate validity modification request that contains a user biometric information used as a cryptographic parameter to verify a user. [0036] Server controller 302 in Fig. 3 checks the certificate validity modification request message to determine to restore various actions, including the recovery of the certificate in step S508 in Fig. 5.);
‘at the biometric database’ ([0026] Biometric database is the biometric information database 312 of Fig. 3, within the database storage unit 110 of Fig. 1, which can include biometric data.);
‘transmitting, from the biometric database, a message to the user device indicating that the user's account has been re-activated’ ([0037] teaches a method of notifying the user that the certificate recovery request has been normally processed in steps S514, S522, and S524 in Fig. 5. [0026] also teaches the biometric database is the biometric information database 312 in Fig. 3 within the database storage unit 110 of Fig. 1, which can include biometric data.);
Roh does not appear to disclose, but Roth teaches the limitations of ‘re-activating the user's account, wherein re-activating comprising: decrypting the biometric data of the user associated with the account using the cryptographic parameter’ ([Col. 4, lines 61-65] teaches that if the customer later desires to restore the key material in their possession, the customer can provide the key material to the service, wherein the service can decrypt the key material such that the key material can be used by the customer, effectively re-activating the user’s account in this scenario. [Col. 5, lines 6-8] also states a method of the customer invoking APIs on the cryptographic service in order to decrypt customer data using customer key material managed by the cryptographic service, and in combination with [0026] of Roh having customer data represented as user biometric information, is utilized to teach the limitation.);
‘discarding the cryptographic parameter’ ([Col. 7, lines 6-11] A method of the cryptographic service marks or otherwise flags the master key as pending deletion, and in response to the customer acknowledging receipt of the encrypted master key, the cryptographic service shreds 310 or otherwise destroys at least one copy of the master key stored by the cryptographic service.);
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, and Nguyen before them, to include Roth’s methods of re-activating the user’s account, decrypting the biometric data of the user with the cryptographic parameter, marking or flagging the master key as pending deletion, and discarding, at the biometric database, the cryptographic parameter with Roh’s computer implemented method of claim 1 to yield the predictable result of comprising receiving, at the biometric database, a message from the user device to re-activate the user's account, the message comprising the cryptographic parameter. One would have been motivated to make such a combination to ensure that the ‘customer subsequently desires to restore the key material’ by ‘using the restore key such that the key material can be used to access one or more resources and/or data secured by the key material’, as taught by Roth [Col. 2, lines 34-40], and that ‘the key material under control of the cryptographic service can be shredded or otherwise deleted’ to guarantee that while customer data is suspended or revoked by the customer, the access to the raw customer data is forbidden without the customer later restoring their account, as taught by Roth [Col. 2, lines 27-29].
Regarding claim 3, Roh in view of Roth and Nguyen teaches the elements of claims 1-2 as outlined above. Roh also discloses the limitations of ‘at the biometric database’ ([0026] A biometric information database 312 is in Fig. 3, which can include biometric data.);
Roh does not appear to disclose, but Roth teaches the limitations of ‘wherein the message from the user device to suspend a user's account is a first message and comprises a first cryptographic parameter, and the method further comprises’ ([Col. 6, lines 48-50] teaches a method to suspend the user account from the user device by calling the suspend API, at step 302 of Fig. 3, where the suspend API call is the first message, while the first cryptographic parameter is the customer’s key (a master key) which is used by the suspend API call, and in the passage of Roth, ‘In such a case, the customer can make a request at step 302 of Fig. 3 to the cryptographic service calling a suspend API (first message) to suspend storage of the cryptographic key by the key management service’. [Col. 6, lines 50-52] further teaches that in such a case, the customer’s key (i.e. a master key) can be encrypted and exported out of the cryptographic service.);
‘after re-activating the user's account: receiving, at the biometric database, a second message from a user device to suspend a user's account, the second message comprising a second cryptographic parameter’ ([Col. 7, lines 35-38] teaches that the master key is made available, at step 316, to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, which effectively allows the customer to call the suspend request again using the restored master key. [Col. 9, lines 45-46] teaches that the customer maintains in their possession the master key encrypted under the restore key, and the customer has the master key encrypted while the customer remains suspended from the service, in which the master key is decrypted once the user re-activates their account. [Col. 6, lines 52-55] teaches a method in response to the suspend request (the response is the second message), the cryptographic service generates, at step 304, a new key (e.g., a restore key, this being the second cryptographic parameter) to be associated with the customer.);
‘suspending the user's account, wherein suspending comprising’ ([Col. 6, lines 48-50] teaches a method to suspend a user's account, where the customer makes a request to the suspend API, in step 302, to suspend the storage of the cryptographic key by the key management service.):
‘encrypting, at the biometric database, biometric data of the user associated with the account using the second cryptographic parameter’ ([0026] of Roh states that a biometric information database 312, which can include biometric data. [Col. 7, lines 36-38] of Roth teaches a method of encrypting customer data using the restored master key.);
‘storing, at the database, the encrypted biometric data encrypted with the second cryptographic parameter’ ([Col. 7, lines 35-38] Master key is made available to the customer, where the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key (restore key, equating to second cryptographic parameter, encrypting the restored master key), and in combination with [0026] of Roh having customer data represented as user biometric information, is utilized to teach the limitation. [Col. 10, lines 64-65] teaches a method of storing production data 612 and user information 616 in Fig. 6.);
‘discarding, at the database, the second cryptographic parameter’ ([Col. 13, lines 48-49] teaches a method of destroying any copy of the cryptographic key stored by the key management service.);
‘transmitting, from the database, a second message to the user device indicating that the user's account has been suspended.’ ([Col. 5, lines 38-40] teaches a method that the cryptographic service creates a restore key, "K1_restore 244" or other such key in the account of the customer, with the stored cryptographic parameter in the message being a K1 encrypted under K1_restore 246 from a user device.).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, and Nguyen before them, to include Roth’s suspension of the user account using a cryptographic method, getting a second message from the user device in the form of a response to the suspension request made earlier which is the key generation step, which contains another cryptographic parameter, being the new key such as a restore key to be generated with Roh’s computer implemented method of claim 1 and claim 2 which discloses the biometric database to yield the results of suspending the user’s account with a first message with a first cryptographic parameter, a second message with a second cryptographic parameter after re-activating the user’s account, suspending the user's account, the step of suspending comprising, encrypting, at the biometric database, biometric data of the user associated with the account using the second cryptographic parameter, storing, the encrypted biometric data, discarding, at the biometric database, the second cryptographic parameter, and transmitting, from the biometric database, a second message to the user device indicating that the user's account has been suspended. One would have been motivated to make such a combination to ensure that ‘a customer may want to remove or otherwise suspend use of key material by the secret management service for some period of time, such as to limit the possibility of data exposure under various circumstances such as for licensing or other concerns. In such instances, a secret such as a restore key can be created and used to encrypt the key material, along with any metadata (e.g., policies) for the key material. The key material, encrypted with the restore key, then can be provided to the customer and the key material under control of the cryptographic service can be shredded or otherwise deleted’, as taught by Roth [Col. 2, lines 19-29], and that ‘if the customer subsequently desires to restore the key material to the secret management, the customer can provide the encrypted key material back to the secret management service, and the service can decrypt the encrypted key material using the restore key such that the key material can be used to access one or more resources and/or data secured by the key material’, as taught by Roth [Col. 2, lines 34-40].
Regarding claim 4, Roh in view of Roth and Nguyen teaches the elements of claims 1-3 as outlined above. Roh does not appear to disclose, but Roth teaches the limitation of ‘wherein the second cryptographic parameter is different to the first cryptographic parameter’ ([Col. 6, lines 62-66] teaches that in accordance with various embodiments, customer cryptographic keys (e.g., such as master keys, restore keys, rotate keys, among others, which are all different kinds of keys) can be associated with information usable to determine which of the cryptographic operations is supported.).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, and Nguyen before them, to include Roth’s method of the first and second cryptographic parameter in Roh’s computer implemented method of claim 1, and use of claim 3 to yield the result of the first and second cryptographic parameters being distinct from each other. One would have been motivated to include a ‘multi-tenant cryptographic service to store and manage customer cryptographic key material’ to create a more secure system by having different keys perform different functions, and having the restore key encrypt the master key so that a customer can restore their account at a later point without worrying about their own data while they remain suspended, as taught by Roth [Col. 1, lines 44-46].
Regarding claim 7, Roh in view of Roth and Nguyen teaches the elements of claim 1 as outlined above. Roh does not appear to disclose, but Roth teaches the limitation of ‘wherein encrypting biometric data of the user associated with the account using the cryptographic parameter further comprises using a security parameter known to the biometric database’ ([Col. 5, lines 56-58] teaches that by having created K1_restore 244 and encrypting K1 under K1_restore, the cryptographic service exports K1 as encrypted under K1_restore 246 to the client device. [Col. 7, lines 32-38] teaches that the copy of the master key encrypted under the restore key is decrypted 314 using the restore key, and the master key is stored in the cryptographic service on behalf of the customer, and the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, meaning that the cryptographic service considers the master key as a security parameter and that it is known to, or stored at, the database.).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claim invention, having the teachings of Roh, Roth, and Nguyen before them, to include Roth’s step of encrypting biometric data, and a security parameter known to the database with Roh’s computer implemented method of claim 1 to yield the result of the step of encrypting biometric data of the user associated with the account using the cryptographic parameter further comprises using a security parameter known to the biometric database. One would have been motivated to ‘use cryptographic key material, for example, to access customer data encrypted under that key material’ to help improve efficiency by using the keys already known and stored in the database to make the process of encrypting the customer data faster and more secure by performing the process at the biometric database, taught by Roth [Col. 2, lines 3-5].
Regarding claim 8, Roh in view of Roth and Nguyen teaches the elements of claims 1 and 7 as outlined above. Roh does not appear to disclose, but Roth teaches the limitation of ‘wherein the security parameter is a cryptographic key’ ([Col. 7, lines 32-38] teaches that the copy of the master key encrypted under the restore key is decrypted 314 using the restore key, and the master key is stored in the cryptographic service on behalf of the customer, and the customer can invoke APIs on the cryptographic service to decrypt/encrypt customer data using the restored master key, meaning that the cryptographic service considers the master key as a security parameter and that it is known to, or stored at, the database.);
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, and Nguyen before them, to include Roth’s method of the security parameter being a cryptographic key with Roh’s computer implemented method of claims 1 and 7 so that the security parameter is a cryptographic key, in this case being the master key. One would have been motivated to make such a combination to use cryptographic key material to ‘access customer data encrypted under that key material’ to provide efficiency by using the master key both as a way to access encrypted customer information and to restore the user’s data at a later point should they wish to restore their account, taught by Roth [Col. 2, lines 3-5].
Regarding claim 9, Roh in view of Roth and Nguyen teaches the elements of claim 1 as outlined above. Roh also discloses the limitation of ‘receiving, at the biometric database, a message from the user device to enroll the user with the biometric database’ ([0017] Fig. 1 shows a user 100 registering his/her unique biometric information, such as a fingerprint, as well as their user information to register himself or herself as a member in the certificate authority 108, which is then sent to the user. [0016] Fig. 1 also states that there is also a user system 104 that is a terminal device connectable to the Internet 106, and the user 100 can gain access to the certificate authority 108 through the user system 104 and perform online the certificate validity modification through user authentication using biometric information);
‘receiving, at the biometric database, biometric data of the user’ ([0018] teaches a controller 204 in Fig. 2 that further acts to input the user’s biometric information entered from the user via the fingerprint information input unit 102 in Fig. 2, and then sends the inputted user’s biometric information to the certificate authority 108, which then goes through the certificate modification process, which in this case, is the registration of the user.);
‘generating, at the biometric database, a user account associating the biometric data with a user identity thereby enrolling the user with the biometric database’ ([0015] teaches an authentication system that comprises a user system 104 and a certificate authority 108 for issuing a certificate to a user registered therein. [0003] further states that the users registered as members in the authentication system are issued with digital certificates from a corresponding certificate authority, which is equivalent to the step of generating a user account in the applicant).
Regarding claim 10, Roh in view of Roth and Nguyen teaches the elements of claims 1-3 as outlined above. Roh also discloses the limitation of ‘further comprising: authenticating the user at the biometric database, wherein authenticating comprising’ ([0034] teaches that first, if the certificate authority server 108 receives an encrypted certificate validity modification request message from the user system 104, and the analysis module 300 to decrypt the encrypted certificate validity modification request message and analyze a digital signature of the member user.):
‘receiving a request to authenticate the user, the request comprising biometric data of the user’ ([0034] further teaches that the server controller 302 determines whether the user biometric information contained in the certificate validity modification request message is the same as user biometric information stored in the biometric information database 312 in the database storage unit 110 in step S504 of Fig. 5.);
‘comparing the received biometric data of the user with the biometric data of the user associated with the account’ ([0034] At step S504 in Fig. 5, a certificate validity modification request message has user fingerprint information that is compared at a database.);
‘and based on the comparison, deciding whether to authenticate the user’ ([0035] Fig. 5, step S506 determines whether or not to authenticate the user based on if the user fingerprint information is compromised or if the fingerprint information does not match with the database.);
‘wherein authenticating is not permitted when the user's account is suspended’ ([0035] teaches a method that if it is determined at step 506 that the integrity of the certificate validity modification request message is compromised, or that the received user fingerprint information is not the same as preregistered user fingerprint information stored in the biometric information database 312, the server controller 302 controls the message generation module 304 to generate a certificate validity modification error message for notifying the user that the certificate validity modification cannot be normally performed, and sends the generated certificate validity modification error message to the user system 104 in step S507 of Fig. 5.).
Regarding claim 14, Roh in view of Roth and Nguyen teaches similar limitations also present in claim 1 above. Roh discloses ‘a user device, comprising at least one processing circuitry configured to’ ([0018] Fig. 2, user system 104 contains various components, including a communication unit 208 for communicating to the Internet to send certificate validity modification request message to a certificate authority 108 in paragraph [0019].):
Regarding claim 15, Roh in view of Roth and Nguyen teaches similar limitations also present in claim 1 above. Roh also discloses ‘a system, comprising:’ ([0015] also teaches that as shown in this drawing, the PKI-based authentication system comprises a user system 104 and a certificate authority 108 for issuing a certificate to a user registered therein.);
‘a biometric database’ ([0026] Fig. 3, biometric information DB 312 in 110);
‘and a processor programmed to’ ([0018] Fig. 2, controller 204 controls the entire operation of the user system 104, which corresponds to a processor of the applicant.):
Regarding claim 16, Roh in view of Roth and Nguyen teaches the system of claim 15 as recited above. Roh in view of Roth and Nguyen also teach similar limitations present in claim 2 above.
Regarding claim 17, Roh in view of Roth and Nguyen teaches the system of claim 15 and 16 as recited above. Roh in view of Roth and Nguyen also teach similar limitations present in claim 3 above.
Regarding claim 19, Roh in view of Roth and Nguyen teaches the system of claim 15 as recited above. Roh in view of Roth and Nguyen also teach similar limitations present in claim 7 above.
Regarding claim 20, Roh in view of Roth and Nguyen teaches the system of claim 15 as recited above. Roh in view of Roth and Nguyen also teach similar limitations present in claim 8 above.
Regarding claim 21, Roh in view of Roth and Nguyen teaches the system of claim 15 as recited above. Roh also discloses ‘receive a request to authenticate the user, the request comprising biometric data of the user’ ([0034] further teaches that the server controller 302 determines whether the user biometric information contained in the certificate validity modification request message is the same as user biometric information stored in the biometric information database 312 in the database storage unit 110 in step S504 of Fig. 5.);
‘and deny user authentication when the user's account is suspended’ ([0035] Fig. 5, step S506 determines whether or not to authenticate the user based on if the user fingerprint information is compromised or if the fingerprint information does not match with the database. If it is determined at step 506 that the integrity of the certificate validity modification request message is compromised, or that the received user fingerprint information is not the same as preregistered user fingerprint information stored in the biometric information database 312, the server controller 302 controls the message generation module 304 to generate a certificate validity modification error message for notifying the user that the certificate validity modification cannot be normally performed, and sends the generated certificate validity modification error message to the user system 104 in step S507 of Fig. 5.);
Regarding claim 22, Roh in view of Roth and Nguyen teaches the system of claim 15 as recited above. Roh also discloses “wherein suspension of the user's account does not delete the biometric data, and the biometric database is configured to restore biometric authentication capability upon re-activation without requiring a new biometric enrollment process” ([0031] Suspension of a certificate and recovery of a suspended certificate, corresponding to biometric data being temporarily during suspension of the user's account until re-activation by a user request to unsuspend the user's account without requiring a new biometric enrollment process. [0031] Certificate suspension “for a while” is different from a revocation “of an unneeded certificate”, where suspension does not delete the certificate.).
Claims 5, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Roh in view of Roth and Nguyen as applied to claims 1-4, 7-10, 14-17, and 19-22 above, and further in view of Jakobsson (US 20160105285 A1).
Regarding claim 5, Roh in view of Roth and Nguyen teaches the elements of claim 1 as outlined above. Roh in view of Roth does not appear to disclose, but Jakobsson teaches the limitation of ‘wherein the biometric data is a biometric template’ ([0029] and [0055] teaches a method where for each biometric reading, an associated biometric template is generated and stored in the database, and each biometric template is generated for each biometric parameter for different skin prints, such as fingerprints, thumbprints, among others in steps 602 and 604 in Fig. 6.).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, Nguyen, and Jakobsson before them, to include Jakobsson’s biometric template in Roh’s computer implemented methods of claim 1 to yield the result of where the biometric data is a biometric template. One would have been motivated to ensure that ‘for each biometric reading, an associated biometric template is generated and stored in a database’ to help improve the efficiency of comparing biometric readings by comparing the readings of the user to the closest templates in the database to determine whether or not the user is authenticated to access their user data, as taught by Jakobsson [0029].
Regarding claim 11, Roh in view of Roth and Nguyen teaches the elements of claims 1 and 10 as outlined above. Roh in view of Roth does not appear to disclose, but Jakobsson teaches the limitation of ‘wherein the authentication may be authentication of whether a user is permitted to perform a certain action, preferably said certain action may include any of: access to or within a building, transport system, and/or leisure facility, access to a controlled resource, and/or to make a payment’ ([0045] teaches a method of a more reliable authentication performed by biometric decryption/authentication controller 317 in Fig. 3 may be required in some examples only for accessing bank accounts or other sensitive information, changing fundamental hardware settings of the smartphone, or authorizing more significant purchases or other financial transactions.).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, Nguyen, and Jakobsson before them, to include Jakobsson’s authentication to perform a certain action with Roh’s computer implemented methods of claims 1 and 10 to yield the result of authentication of whether a user is permitted to perform a certain action, preferably said certain action may include any of: access to or within a building, transport system, and/or leisure facility, access to a controlled resource, and/or to make a payment. One would have been motivated to implement that ‘whenever the user needs to authenticate himself or herself for accessing one of those secure systems (so as to access sensitive information, perform a significant financial transactions, decrypt data, etc.,) the user enters fingerprints from several fingers/thumbs and/or performs an iris scan of one eye (or records suitable words for voiceprint recognition, etc.)’ to provide a more secure system by providing the most important actions and systems further security by having the user scanning their biometrics to ensure that only the customer with the correct biometrics performs these actions, as taught by Jakobsson [0044].
Claims 6, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Roh in view of Roth and Nguyen as applied to claim s 1-4, 7-10, 12-17, and 19-21 above, and further in view of Campagna (US 9407437 A1).
Regarding claim 6, Roh in view of Roth and Nguyen teaches the elements of claim 1 as outlined above. Roh in view of Roth does not appear to disclose, but Campagna teaches the limitation of ‘wherein the cryptographic parameter is an Initialization Vector’ ([Col. 2, lines 12-14] Initialization vector is then used along with the cryptographic key to encrypt the plaintext. [Col. 5, lines 9-14] Plaintext may be any data. In some examples, the plaintext is content (e.g. text, video, audio and/or other types of content). [Col. 19, lines 36, lines 44-47] A computer-implemented method for encrypting data, and comprises generating ciphertext by executing an encryption algorithm using the generated initialization vector, the plaintext, and the cryptographic key, and providing the generated ciphertext, the ciphertext being the encrypted data according to Campagna.).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Roh, Roth, Nguyen, and Campagna before them to include Campagna’s Initialization Vector with Roh’s computer implemented method of claim 1 to yield the result of the cryptographic parameter is an Initialization Vector. One would have been motivated to ensure ‘the initialization vector is then used along with the cryptographic key to encrypt the plaintext’ to improve security by using the initialization vector to make sure that the encrypted data isn’t always the same result and further enhancing security, as taught by Campagna [Col. 2, lines 12-14].
Regarding claim 18, Roh in view of Roth and Nguyen teaches the elements of claim 15 as outlined above. Roh in view of Roth and Nyugen, and further in view of Campagna also teach similar limitations present in claim 6 above.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOMMY MARTINEZ whose telephone number is (703)756-5651. The examiner can normally be reached Monday thru Friday 8AM-4PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571) 272-7624 on Monday thru Friday 7AM-7PM ET. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/T.M./ Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496