Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 01/27/2026. Claims 1-2, 5-12, and 15-20 are currently pending in the filing of 01/27/2026, claims 1-20 were pending in the previous filing of 08/27/2025. Claims 3-4 and 13-14 are presently cancelled in the amendment filed on 01/27/2026.
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/27/2026 has been entered.
Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 103
The applicant’s remarks, on pages 6-9 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
The applicant is encouraged to contact the examiner by telephone to schedule an interview to discuss subject matter that is potentially allowable before filing of the next response.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 5, 11-12, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over US 20160364559 to Bali et al. (hereinafter Bali), in view of US 20170104752 to Sakemi et al. (hereinafter Sakemi), in view of US 20190327077 to Mandal et al. (hereinafter Mandal), in view of US 20190042756 to Lal et al. (hereinafter Lal).
Regarding claim 1, Bali teaches,
An electronic device comprising: (fig. 1, computing system 100)
a biometric sensor configured to acquire biometric data; (fig. 1, biometric sensor 114.)
a processor (fig. 1, 130) including a general region (fig. 1, 132) and a trust region, (fig. 1, 134. [0022-23] teach application execution environment 130 including untrusted application execution environment 132 and trusted execution application execution environment 134.)
a memory storing instructions and encryption information related to registered biometric data; and ([0023] teaches “protection keys” being isolated from different parts of memory. See also [0027] isolation of keys from untrusted areas. Also, fig. 1, data storage 122, last sentence [0025] teaches storing encrypted biometric data in data storage. [0023] also teaches the memory that processes for execution.)
a secure processor configured to encrypt the biometric data acquired by the biometric sensor, (fig. 1, security engine 116 described beginning in [0020] which provides encryption for data from sensors 112 /114.)
wherein the secure processor is physically separated from the processor and has a lower performance than the processor; and (fig. 1, security engine 116 described beginning in [0020] which provides encryption for data from biometric hub / sensors 112 /114.) (See also Mandal at [0044], which is further discussed below, regarding performance, and fig.1 & Abstract discussing separate secure and general processors.)
wherein the instructions, when individually or collectively executed by the processor, cause the electronic device to: (fig. 1, 130)
load, in the trust region, (fig. 1, trusted application execution environment 134 has access to encrypted biometric data in data storage 122, that is provided to the data storage 122 by security engine 116, which provides encryption of biometrics, as discussed above.)
Bail fails to teach using the un-secure processor to perform biometric authentication on encrypted biometric information,
However, Sakemi teaches,
wherein the processor is configured to:
load, in the trust region, the encrypted biometric data acquired from the secure processor; (fig. 4 and [0086-87] teach template 33 being provided to calculation server, which is less trusted with biometrics than the terminal that provides the biometrics in homomorphically encrypted format, and therefore receives the enrolled and current template that are both homomorphically encrypted. The server 100 \ “trust region” is less trusted than the terminal 310 \ “secure processor”.)
based on the encryption information acquired from (fig. 4 teaches receiving the registration and collation / sample homomorphically encrypted biometrics at the server 100. [0089] teaches decrypting the distances to authenticate the user, shown in authentication server 100 of fig. 4.)
wherein a security level of the trust region is (fig. 4 teaches the terminal 310 \ “secure processor” has higher security / higher trust than the authentication server 100 \ “trust region” because the authentication server 100 is not trusted with un-encrypted biometrics.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali with the added ability to utilize homomorphically encrypted biometrics, as taught by Sakemi, for the purpose of increasing security by using homomorphically encrypted biometrics for storage and authentication in less secure memories and processors to prevent an imposter / thief from stealing raw biometric information, and also to increase computational efficiency by allowing a more efficient (less secure) processor to perform computationally intensive homomorphic computations required for biometric matching.
Bali and Sakemi fail to explicitly teach an electronic device, where within the single device a secure processor and general processor communicate (homomorphically) encrypted information with each other,
However, Mandal teaches,
wherein the electronic device is a single device such that the secure processor and the processor communicate each other through a secure channel inside the single device. (Abstract and fig. 1 teach the TEE 104 and GPU / processing unit 106. See also [0037]. Additionally, fig. 1 & [0024] teaches that cipher text c is conveyed to the general processor / GPU 106 in encrypted form. See also, [0044] teaching the cost of the evaluation being less expensive on the GPU because of its increased efficiency.) (Additionally, Bali 0039 teaches a "secure or dedicated communication channel.”) (See also Lal, further discussed below, [0016] & [0057] teaching secure channel without homomorphic operations)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali and Sakemi with the added ability to evaluate the homomorphically encrypted internally in the same device, where the GPU performs the evaluation more efficiently than the TEE, as taught by Mandal, for the purpose of increasing computational efficiency of homomorphic evaluations while maintaining security by using homomorphically encrypted data in less secure areas, such as the GPU.
Bali, Sakemi, and Mandal fail to explicitly teach a secure processor with a security level higher than a trust region that has a security level higher than a general region,
However, Lal teaches,
based on the encryption information acquired from the memory and the encrypted biometric data acquired from the secure processor, perform the biometric authentication, (fig. 2 & [0031] teach manager 204 and controller 212 acquire the encrypted biometric information and provide to secure execution environment (SEE) 220 \ “trusted region” that performs biometric authentication.)
wherein a security level of the trust region is higher than a security level of the general region and lower than a security level of the secure processor, (fig. 2 & [0031] teaches the manager 204 \ “secure processor” that authenticates the manageability control 212, from which the biometric template is obtained, and authenticates the SEE 220 \ “trust region”, to which the secured template is provided. Manager 204 securely provisions the biometric template, which includes protecting the biometric template using the shared secret key 218. Thus, the manager 204 is higher security than the SEE 220 and controller 212, and SEE 220 is higher security than controller 212.)
wherein as a security level of an area is higher, access to the area is more restricted. ([0031] teaches that manager 204 provides access to controller 212, SEE 220, and to hardware components of computing device 100.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]), with Lal, which also teaches the use of secure execution environment (SEE) performing biometric authentication using biometrics that are encrypted (Abstract & [0031]), and additionally teaches different secure levels in different devices that perform portions of the biometric authentication (fig. 2 & [0031]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali, Sakemi, and Mandal with the added ability to utilize components with different levels of security, where authentication may be performed with a lower level of security (fig. 2 & [0031]), as taught by Lal, for the purpose of maintaining security by utilizing encrypted biometrics and increasing computational efficiency by using less secure components to provide authentication comparing \ computation in authentication.
Regarding claim 2, Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1, wherein the secure processor is configured to:
Sakemi teaches,
store a designated key; and (fig. 4, keys 36 and 37 are stored separately, and not stored in calculation server 200.)
encrypt, based on the designated key, the biometric data according to a homomorphic encryption scheme. ([0086] and fig. 4, teach homomorphic encryption, and encrypting feature vector 32.)
Regarding claim 5, Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1, wherein the encryption information comprises feature information of the registered biometric data, and
(Sakemi, fig. 4 and [0086-87] teach template 33 being provided to calculation server, which is untrusted, and therefore receives the enrolled and current template that are both homomorphically encrypted.) (Bali, [0042] teaches matching data that is enrolled and current. Also, Bali, [0034] teaches the secure processor extracting biometric template (“feature information”) from biometric data, which is either encrypted or compared / matched.)
wherein the processor (Bali, fig. 1, 130) is configured to:
obtain a matching value by comparing feature information for the biometric authentication extracted from the encrypted biometric data and the feature information of the registered biometric data acquired from the memory; and (Sakemi, fig. 4 “Distance Calculation” of calculation server 200, and [0089] teaches comparing the distances to authenticate the palms 31, using homomorphically encrypted biometrics.)
determine, based on a result of comparison between the matching value and a designated value, whether the biometric authentication is successfully performed. (Sakemi, [0089] teaches decrypting the distances to authenticate the user, shown in authentication server 100 of fig. 4.)
Regarding claim 11, Bali, Sakemi, Mandal, and Lal teach,
An operation method of an electronic device, the operation method comprising:
acquiring biometric data by a biometric sensor;
encrypting the biometric data by a secure processor;
acquiring the encrypted biometric data by a processor;
loading, by the processor, the encrypted biometric data in a trust region;
based on encryption information acquired from a memory of the electronic device and the encrypted biometric data acquired from the secure processor, performing, by the processor, the biometric authentication,
wherein the secure processor is physically separated from the processor and has a lower performance than the processor,
wherein the secure processor and the processor are disposed within a single device to communicate each other through a secure channel inside the single devices
wherein a security level of the trust region is higher than a security level of a general region other than the trust region in the processor and lower than a security level of the secure processor,
wherein as a security level of an area is higher, access to the area is more restricted.
Claim 11 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 12, Bali, Sakemi, Mandal, and Lal teach,
The operation method of claim 11,
further comprising:
storing a designated key by the secure processor; and (Sakemi, [0003] teaches public key and different keys.) (Lala, fig. 2, secret key.)
encrypting, based on a designated key, the biometric data according to a homomorphic encryption scheme by the secure processor. (Sakemi, [0086-87] teaches homomorphic encryption.)
Claim 12 is rejected using the same basis of arguments used to reject claim 2 above.
Regarding claim 15, Bali, Sakemi, Mandal, and Lal teach,
The operation method of claim 11, wherein the encryption information comprises feature information of the registered biometric data, and
wherein the operation method further comprises:
obtaining, by the processor, a matching value by comparing feature information for the biometric authentication extracted from the encrypted biometric data and the feature information of the registered biometric data acquired from the memory; and
determining, by the processor, whether the biometric authentication is successfully performed based on a result of comparison between the matching value and a designated value.
Claim 15 is rejected using the same basis of arguments used to reject claim 5 above.
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bali, in view of Sakemi, in view of Mandal, in view of Lal, in view of US 20210211291 to Jindal et al. (hereinafter Jindal).
Regarding claim 6 Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1,
Bali, Sakemi, Mandal, and Lal fail to teach training a model using encrypted biometrics and then performing matching using the trained model,
However, Jindal teaches,
wherein the memory is configured to store a model that is trained using the registered biometric data; and (fig. 3a, 210 and [0039-40] teaching learning using mapping of deep neural network.)
wherein the processor is configured to:
acquire a matching value by inputting feature information for the biometric authentication extracted from the encrypted biometric data to the model that is trained using the registered biometric data acquired from the memory; and (fig. 3b, 228 and [0048-49] teaching using the deep neural network to match different indices / feature that have been hashed, and to count the number of matches.)
determine, based on a result of comparison between the matching value and a designated value, whether the biometric authentication is successfully performed. ([0049] teaches successful validation based on the number of matches.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]), with Lal, which also teaches the use of secure execution environment (SEE) performing biometric authentication using biometrics that are encrypted (Abstract & [0031]), and additionally teaches different secure levels in different devices that perform portions of the biometric authentication (fig. 2 & [0031]), with Jindal, which also teaches homomorphically encrypted biometrics and trusted execution environments (TEE) ([0010], and additionally teaches the training, during enrollment, a deep convolution neural network (CNN) using homomorphically encrypted biometrics (Title & Abstract). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali, Sakemi, Mandal, and Lal with the added ability to use homomorphically encrypted biometrics, as taught by Jindal, for the purpose of increasing security by training a model with homomorphically encrypted biometrics, and thus, preventing leakages of the raw biometrics through the deep CNN being penetrated by an imposter / thief.
Regarding claim 16, Bali, Sakemi, Mandal, Lal, and Jindal teach,
The operation method of claim 11, further comprising:
acquiring, by the processor, a matching value by inputting feature information for the biometric authentication extracted from the encrypted biometric data to a model that is trained using the registered biometric data acquired from the memory; and
determining, by the processor, whether the biometric authentication is successfully performed based on a result of comparison between the matching value and a designated value.
Claim 16 is rejected using the same basis of arguments used to reject claim 6 above.
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Bali, in view of Sakemi, in view of Mandal, in view of Lal, in view of US 20170046531 to Roberts (hereinafter Roberts).
Regarding claim 7, Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1, wherein the secure processor is configured to:
Bali, Sakemi, Mandal, and Lal fail to teach inputting additional security information before performing encryption of data,
However, Roberts teaches,
request input of information for additional security authentication; and ([0036] teaches prompting the user to select data and input a password.)
in response to that the input information is identical to designated information, encrypt the biometric data. ([0036] teaches prompting the user to select data and input a password, where in response to the password, the data is encrypted.) (as discussed above in the rejection of claim 1, Bali and Sakemi both teach encrypting biometrics.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]), with Lal, which also teaches the use of secure execution environment (SEE) performing biometric authentication using biometrics that are encrypted (Abstract & [0031]), and additionally teaches different secure levels in different devices that perform portions of the biometric authentication (fig. 2 & [0031]), with Roberts, which also teaches encryption of data (Abstract), and additionally teaches that additional authentication (password entry) is required before the data is encrypted ([0036]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali, Sakemi, and Mandal with the added ability to require additional authentication, as taught by Roberts, for the purpose of increasing security by performing additional authentication before allowing a user to use computational resources to increase computational efficiency.
Regarding claim 17, Bali, Sakemi, Mandal, Lal, and Roberts teach,
The operation method of claim 11, further comprising:
requesting, by the secure processor, input of information for additional security authentication; and
in response to that the input information is identical to designated information, encrypting, by the secure processor, the biometric data.
Claim 17 is rejected using the same basis of arguments used to reject claim 7 above.
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bali, in view of Sakemi, in view of Mandal, in view of Lal, in view of US 20170126408 to Van Someren (hereinafter Van Someren).
Regarding claim 8, Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1, wherein the secure processor is configured to:
Bali, Sakemi, Mandal, and Lal fail to teach performing encryption, unless a time has elapsed,
However, Van Someren teaches,
determine whether a designated time has elapsed from a time at which the processor performs biometric authentication last; and ([0076] teaches a time limit since verification.) (Bali and Sakemi, both teach biometric authentication, as discussed above in the rejection of claim 1.)
in response to determining that the designated time has not elapsed, encrypt the biometric data. ([0076] teaches not encrypting data if a time limit has been exceeded.) (Bali and Sakemi, both teach biometric authentication, as discussed above in the rejection of claim 1.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]), with Lal, which also teaches the use of secure execution environment (SEE) performing biometric authentication using biometrics that are encrypted (Abstract & [0031]), and additionally teaches different secure levels in different devices that perform portions of the biometric authentication (fig. 2 & [0031]), with Van Someren, which also teaches encryption of data ([0076]), and additionally teaches encryption of data only being performed if authentication has happened withing a time period ([0076]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali, Sakemi, Mandal, and Lal with the added ability to not perform the encryption of data if a time limit has been exceeded, as taught by Van Someren, for the purpose of increasing security by preventing someone from using the biometric authentication system if a first authentication has not been performed, and no other operations are performed, which often indicates that someone has stepped away from their computer / device..
Regarding claim 18, Bali, Sakemi, Mandal, Lal, and Van Someren teach,
The operation method of claim 11, further comprising:
determining, by the secure processor, whether a designated time has elapsed from a time at which the processor performs biometric authentication last; and
in response to determining that the designated time has not elapsed, encrypting, by the secure processor, the biometric data.
Claim 18 is rejected using the same basis of arguments used to reject claim 8 above.
Claims 9-10 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bali, in view of Sakemi, in view of Mandal, in view of Lal, in view of US 20200274705 to Robison et al. (hereinafter Robison).
Regarding claim 9, Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1,
Bali teaches,
wherein the processor (fig. 1, application execution environment 130.) is configured to:
acquire raw data related to the biometric data from the biometric sensor in the trust region; and (Abstract, teaches acquiring biometric data using sensors, and fig. 1, teaches trusted application execution environment 134.)
Bali, Sakemi, Mandal, and Lal fail to teach using a secure channel to communicate biometric data to a secure processor,
However, Robison teaches,
further comprising a secure channel established between the trust region of the processor and the secure processor, (fig. 1, teaches processors 101 and secure processor 115. [0050] teaches transmitting a biometric print over a secure channel to the secure processor. See also biometric sensor 112b.)
wherein the processor is configured to:
transmit the acquired raw data related to the biometric data to the secure processor via the secure channel. (fig. 1, teaches processors 101 and secure processor 115. [0050] teaches transmitting a biometric print over a secure channel to the secure processor. See also biometric sensor 112b. [0050] also teaches that the transmission may be performed on the bus.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]), with Lal, which also teaches the use of secure execution environment (SEE) performing biometric authentication using biometrics that are encrypted (Abstract & [0031]), and additionally teaches different secure levels in different devices that perform portions of the biometric authentication (fig. 2 & [0031]), with Robison, which also teaches biometric sensing and the use of a secure processor (fig. 2), and additionally teaches the use of a secure channel to transmit the biometric to the secure processor ([0050]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali, Sakemi, Mandal, and Lal with the added ability to limit the transmission of biometrics to a secure channel, as taught by Robison, for the purpose of increasing security by preventing the un-secure transmission of biometrics within a device.
Regarding claim 10, Bali, Sakemi, Mandal, and Lal teach,
The electronic device of claim 1,
Bali teaches,
wherein the secure processor (fig. 1, application execution environment 130.) is configured to:
…
Sakemi teaches,
encrypt the acquired raw data related to the biometric data. (fig. 4 and [0086-87] teach template 33 being provided to calculation server, which is untrusted, and therefore receives the enrolled and current template that are both homomorphically encrypted.)
Bali, Sakemi, Mandal, and Lal fail to teach using a secure channel to communicate biometric data from a biometric sensor to a secure processor,
However, Robison teaches,
further comprising a secure channel established between the biometric sensor and the secure processor, (fig. 1, teaches processors 101 and secure processor 115. [0050] teaches transmitting a biometric print over a secure channel to the secure processor. See also biometric sensor 112b. [0050] also teaches in certain embodiments, biometric sensors may be coupled to the secure processor via an out-of-band signal pathway that is external to the operating system of an HIS.)
wherein the secure processor is configured to:
acquire raw data related to the biometric data from the biometric sensor via the secure channel; and (fig. 1, teaches processors 101 and secure processor 115. [0050] teaches transmitting a biometric print over a secure channel to the secure processor. See also biometric sensor 112b. [0050] also teaches that the transmission may be performed on the bus.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Bali, which teaches storage of biometrics in encrypted formats to secure the biometrics for authentication, using different memories and execution environments that are secure and un-secure (fig. 1, execution environment 130 and security engine 116 of biometrics hardware 110.), with Sakemi, which also teaches encryption of biometrics used for authentication (Abstract), and additionally teaches the use of homomorphic encryption to secure the biometrics and allow comparison of the homomorphically encrypted biometrics, without decryption (fig. 4 & [0086-87] teaching encrypted at terminal 310, while homomorphic calculations performed at 200), with Mandal, which also teaches using a secure environment (TEE) to generate a first ciphertext, then sending the first ciphertext to a GPU for homomorphic evaluation to generate a second ciphertext which is sent back to the secure environment (TEE) for decryption (Abstract & fig. 1), which additionally teaches performing the evaluation in the same device, where the GPU and TEE are in the same device ([0014]), with Lal, which also teaches the use of secure execution environment (SEE) performing biometric authentication using biometrics that are encrypted (Abstract & [0031]), and additionally teaches different secure levels in different devices that perform portions of the biometric authentication (fig. 2 & [0031]), with Robison, which also teaches biometric sensing and the use of a secure processor (fig. 2), and additionally teaches the use of a secure channel to transmit the biometric to the secure processor ([0050]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Bali, Sakemi, Mandal, and Lal with the added ability to limit the transmission of biometrics to a secure channel, as taught by Robison, for the purpose of increasing security by preventing the un-secure transmission of biometrics within a device.
Regarding claim 19, Bali, Sakemi, Mandal, Lal, and Robison teach,
The operation method of claim 11, further comprising:
acquiring, by the processor, raw data related to the biometric data from the biometric sensor in the trust region; and
transmitting, by the processor, the acquired raw data related to the biometric data to the secure processor via the secure channel established between the trust region of the processor and the secure processor.
Claim 19 is rejected using the same basis of arguments used to reject claim 9 above.
Regarding claim 20, Bali, Sakemi, Mandal, Lal, and Robison teach,
The operation method of claim 11, further comprising:
acquiring, by the secure processor, raw data related to the biometric data from the biometric sensor via the secure channel established between the biometric sensor and the secure processor; and
encrypting, by the secure processor, the acquired raw data related to the biometric data.
Claim 20 is rejected using the same basis of arguments used to reject claim 10 above.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942. The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/B.W.A./
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495