Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 4/01/2026. Claims 1-8, 17, 20, 22, 30-36, & 38-39 are currently pending in the filing of 4/01/2026, with claims 21 and 37 being cancelled and claims 38-39 being newly added in the filing of 4/01/2026. Claims 1-8, 17, 20-22, and 30-37 were pending in the previous filing of 01/05/2026.
Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 103
The applicant’s remarks, on pages 10-14 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
Applicant will note that the examiner has updated the rejection in light of the applicant’s remarks regarding the threshold. Additionally, the rejection has been updated to include an additional reference which explicitly teaches the use of two thresholds.
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
The applicant is encouraged to contact the examiner by telephone to discuss potentially allowable subject matter before filing another response.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 17, 20, 30-33, 36, and 38-39 are rejected under 35 U.S.C. 103 as being unpatentable over US 20220116231 to Choi (hereinafter Choi), in view of US 20190165951 to MacLeod Jr. et al. (hereinafter MacLeod), in view of US 20160048667 to Kao (hereinafter Kao), in view of US 20230344650 to Hojjati (hereinafter Hojjati), in view of US 20200387589 to Gehrmann et al. (hereinafter Gehrmann).
Regarding claim 1, Choi teaches,
A first device, comprising: (fig. 1, terminal 560)
a processor system comprising one or more processors; and ([0012] teaches IoT device, which inherently has a processor.)
storage accessible to the processor system and comprising instructions executable by the processor system to: ([0012] teaches IoT device, which inherently has a memory. Also, [0054] teaches device storage that is a “secure element.”)
at a certificate authority (CA) (fig. 2, [0046] teaches multiple CAs authorized to sign certificates, [0052-53] teaches the Parties and their private / public keys used to cross-sign certificates, where the final party assembles the X.509 extensions of fig. 1B, in total.) identify first biometric data from a digital certificate associated with an avatar currently loaded into an extended reality (XR) simulation, (fig. 7B(e), metaverse ID and [0107] teach an avatar being the metaverse ID, which may be associated with public key certificates. The metaverse ID may be a picture or issued in associated with voice command or gesture. [0003-4] teaches metaverse environment.) the first biometric data indicating one or more biometrics of a first user; (fig. 7B (e), metaverse ID in [0106-108] .)
at the CA (fig. 1B teaches a large amount of Extension information included in the Certificate. [0048] teaches using biometric data or a combination of pieces of biometric data, thus, teaching multiple biometrics. fig. 7B (e), biometric code and [0106-108] teaching inserting biometric data and metaverse ID. See also, fig. 1B, vaccination records, which are commonly government controlled.)
at the CA ([0048] teaches using biometric data or a combination of pieces of biometric data, thus, teaching multiple biometrics. fig. 7B (e), biometric code and [0106-108] teaching inserting biometric data and metaverse ID.) [0011] teaches different parties (fig. 2) using biometrics and driver’s license information identification codes. See also [0115] & [0175]. [0129] teaches the use of a virtual government certificate.)
the validation comprising validating that a first digital signature identified from the digital certificate matches a second digital signature . (Choi, [0050] teaches biometric data inserted into the certificate, and [0129] teaches an avatar certificate.[0009] & [0015] teaches chain authentication and cross signing different certificates. Fig.2 & [0008-9] teach the first and second signature, where the signatures are used to cross sign other certificates, via chain authentication. [0100] teaches the avatar in a virtual reality (VR) environment. [0024] teaches virtual representations of participants in VR and XR simulations. [0100] & [0120] teaches the virtual representation may be an avatar, of the user.)
Choi fails to teach the Certificate Authority performing biometric matching using a threshold, and issuing a certificate based on the matching,
However, MacLeod teaches,
at the CA (Abstract, teaches the registration and certificate authority performing biometric matching, based on a level of certainty, before issuing a biometric certificate. [0027] teaches one or more biometric sensors collecting different biometric data, such as fingerprints, facial features, voice data as the biometric data. Abstract teaches level of certainty of biometric match, where level of certainty corresponds to a “threshold”. Examiner also notes that biometric thresholds are well known in the art of biometric comparisons / authentication, and that biometric voice data and other biometric authentications would inherently include threshold comparisons because an enrollment biometric cannot exactly match a sample biometric and be expected to effectively indicate a match in real world conditions because a biometric of the same feature from the same person varies between scans.)
at the CA (Abstract, teaches the Certificate Authority issues the certificate after the biometric comparison.) (Choi, similarly, in [0110] CA signs the certificate.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi with the added ability to perform biometric matching at an authority, as taught by MacLeod, for the purpose of increasing security by authenticating a biometric and contextual information before issuing a biometric certificate that grants access to a system / resource.
Choi and MacLeod fail to teach using three authentication factors during a first instance of real time to validate the user,
However, Kao teaches,
([0010-11] teaches identify avatar.)
([0010-11] teaches a first of two factors of biometric (voice) authentication.)
([0011] teaches a second of two factors of biometric authentication.)
([0010-11] teaches identity avatar and two factors of biometric (voice) authentication. [0031] teaches comparing the biometrics. [0020 teaches that the biometric comparison is a voice biometric, which one of ordinary skill in the art would understand as a threshold comparison. Further, the examiner asserts that threshold comparisons of biometrics, including voice biometrics, utilizing thresholds is inherent, and that threshold comparisons are well know in the art of biometric comparisons / authentication. One of skill in the art understands that biometric comparison, where a registered biometric is compared to a sample biometric that is taken for authentication requires threshold comparisons because the biometrics are not exact matches, unlike passwords.)
([0024] teaches after performing the two factor biometric (voice) authentication, a digital certificate is generated to authorize a transaction. [0039] teaches the signatures being used to generate the certificate and authenticate the user. [0013] teaches using the certificate for authentication, including verifying the user prior to certifying a transaction.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi & MacLeod, the ability to perform avatar and multi-factor biometric authentication together with the use of certificates for authentication, as taught by Kao, to increase security by utilizing the avatar and multiple factors of biometrics in authentication before allowing a transaction.
Choi, MacLeod, and Kao fail to explicitly teach matching signed avatar / image data associated with a certificate with other signed data,
However, Hojjati teaches,
the validation comprising validating that a first digital signature identified from the digital certificate matches a second digital signature that signs file data for the . (Applicant’s printed publication at [0056] and [0060-61] teach signing file data of the avatar, and the first paragraph of page 14 of the applicants present filing of 01/05/2026 states that the previously cited references, including Kao, fail to teach “graphics data for an avatar being signed with a digital signature.” Thus, examiner interprets the above feature as including signing graphics data for the avatar.) (Hojjati, Abstract, teaches a validating a digital image using a certificate and a signed token that is a hash of a portion of the image, where the signed token is associated with the certificate. [0018-19] teaches publisher associates image with certificate. [0131] teaches matching the hash of the image to the signed token.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, and Kao with the added ability to match signed data associated with a certificate with other signed data, as taught by Hojjati, for the purpose of increasing security by matching signed data and increasing computational efficiency by associating the signed data with a certificate.
Choi, MacLeod, Kao, and Hojjati fail to explicitly teach the use of multiple thresholds in biometric matching,
However, Gehrmann teaches,
at the CA during the first instance, determine that the first biometric data matches the second biometric data to at least within a first threshold; ([0009-10] teaches multiple thresholds in biometric comparisons / authentications)
at the CA during the first instance, determine that the first biometric data matches the third biometric data to at least within a second threshold different from the first threshold; ([0009-10] teaches multiple thresholds in biometric comparisons / authentications)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract), with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, Kao, and Hojjati with the added ability to use multiple thresholds in biometric comparisons / authentications, as taught by Gehrmann, for the purpose of increasing security in biometric matching for authentication.
Regarding claim 2, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of Claim 1,
wherein the instructions are executable to:
prior to the determination, communicate, during the first instance, with a government electronic system to validate the third biometric data, and then execute the determination during the first instance at least in part based on the third biometric data being validated via communication with the government electronic system, the government electronic system being different from the CA. (Choi, [0011] teaches using biometric data or multiple / combinations of biometric data in a first code, that is associated with a driver’s license or passport or an eID, which may include a photo of the holder. [0114-115] teach both biometric data and identification information being used, such as driver’s license of person. [0129] teaches the use of virtual government certificate) (Kao fig. 3 & [0036] teaches using external data sources for the avatar and biometrics. Kao, [0010-11] teaches the use of authentication using the avatar and multiple biometrics.)
Regarding claim 17, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
A method, comprising:
identifying, during a first instance, first biometric data from a digital certificate associated with an avatar currently loaded into an extended reality (XR) simulation, the first biometric data indicating one or more biometrics of a first user;
identifying, during the first instance, second biometric data indicating one or more biometrics of the first user, the second biometric data generated in real time during the first instance based on input from at least one biometric sensor;
determining, during the first instance, that the first biometric data matches the second biometric data to at least within a first threshold;
communicating with a government electronic system during the first instance to identify, in real time during the first instance, third biometric data associated with a government-issued identity document, the third biometric data indicating one or more biometrics of the first user;
determining, during the first instance, that the first biometric data, the second biometric data, and matches the third biometric data match to at least within a first second threshold different from the first threshold;
based on the determinations and during the first instance, validating that the digital certificate is associated with the avatar currently loaded into the XR simulation.
Claim 17 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 20, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
At least one computer readable storage medium (CRSM) that is not a transitory signal, the at least one CRSM comprising instructions executable by a processor system comprising one or more processors to: (MacLeod, [0066] a non-transitory storage medium.)
The following features of claim 20 are rejected using the same basis of arguments used to reject claim 1 above.
identify, during a first instance, first biometric data from a digital certificate associated with an avatar currently loaded into an extended reality (XR) simulation, the first biometric data indicating one or more biometrics of a first user;
identify, during the first instance, second biometric data indicating one or more biometrics of the first user, the second biometric data generated in real time during the first instance based on input from at least one biometric sensor;
determine, during the first instance, that the first biometric data matches the second biometric data to at least within a first threshold;
communicate with a government electronic system during the first instance to identify, in real time during the first instance, third biometric data associated with a government-issued identity document, the third biometric data indicating one or more biometrics of the first user;
determine, during the first instance, that the first biometric data matches the third biometric data to at least within a second threshold different from the first threshold;
based on the determinations and during the first instance, validate that the digital certificate is associated with the avatar currently loaded into the XR simulation.
Regarding claim 30, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of Claim 1, wherein the graphics data comprises 3D modeling data for visually rendering the avatar. (Choi, [0100] teaches the virtual representative of the user, which may be an avatar. [0100] teaches any still images \ “graphics data” can represent the user in cyberspace, which would includes using 3-dimensional images. [0168] teaches presenting images in 3D.)
Regarding claim 31, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of Claim 1, wherein the graphics data comprises feature point data for visually rendering the avatar. (Choi, [0100] teaches the virtual representative of the user, which may be an avatar. [0100] teaches any still images \ “graphics data” can represent the user in cyberspace, which would includes using 3-dimensional images. [0168] teaches presenting images in 3D. [0138] teaches virtual representative \ avatar having animated motion, which would inherently require “feature point data”.)
Regarding claim 32, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of Claim 1, wherein the graphics data comprises image data for visually rendering the avatar. (Choi, [0100] teaches the virtual representative of the user, which may be an avatar. [0100] teaches any still images \ “graphics data” can represent the user in cyberspace, which would includes using 2 & 3-dimensional images. [0168] teaches presenting images in 2D & 3D. [0138] teaches virtual representative having animated motion, which would inherently require “image data” to generate the animation of the virtual representative \ avatar.)
Regarding claim 33, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of Claim 1, wherein the graphics data comprises texture data for visually rendering the avatar. (Choi, [0100] teaches the virtual representative of the user, which may be an avatar. [0100] teaches any still images \ “graphics data” can represent the user in cyberspace, which would includes using 3-dimensional images. [0168] teaches presenting images in 3D. [0138] teaches virtual representative \ avatar having animated motion, where animation data in 3D would inherently require “texture data”.)
Regarding claim 36, Choi, MacLeod, Kao, Hojjati, and Gehrmann,
The first device of Claim 1, wherein the graphics data is received based on upload of the graphics data from the first user. (Choi, [0100] teaches the virtual representative of the user, which may be an avatar. [0100] teaches any still images \ “graphics data” can represent the user in cyberspace, which would include uploaded data.)
Regarding claim 38, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The method of Claim 17, wherein the validating comprises validating that a first digital signature identified from the digital certificate matches a second digital signature that signs file data for the avatar, the file data comprising graphics data for rendering the avatar in the XR simulation. (See rejection of claim 1, regarding: Choi, [0050] teaches biometric data inserted into the certificate, and [0129] teaches an avatar certificate.[0009] & [0015] teaches chain authentication and cross signing different certificates. Fig.2 & [0008-9] teach the first and second signature, where the signatures are used to cross sign other certificates, via chain authentication. [0100] teaches the avatar in a virtual reality (VR) environment. [0024] teaches virtual representations of participants in VR and XR simulations. [0100] & [0120] teaches the virtual representation may be an avatar, of the user. Hojjati, Abstract, teaches a validating a digital image using a certificate and a signed token that is a hash of a portion of the image, where the signed token is associated with the certificate. [0018-19] teaches publisher associates image with certificate. [0131] teaches matching the hash of the image to the signed token.)
Regarding claim 39, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The at least one CRSM of Claim 20,
wherein the validation comprises validating that a first digital signature identified from the digital certificate matches a second digital signature that signs file data for the avatar, the file data comprising graphics data for rendering the avatar in the XR simulation.
Claim 39 is rejected using the same basis of arguments used to reject claim 38 above.
Claims 3-8 are rejected under 35 U.S.C. 103 as being unpatentable over Choi, in view of MacLeod, in view of Kao, in view of Hojjati, in view of Gehrmann, in view of US 20150312041 to Choi (hereinafter Choi2).
Regarding claim 3, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of claim 2,
wherein the government electronic system is associated with a government entity that issued the government-issued identity document. (Choi, [0048] teaches security agency issuing biometric id. [0129-130] teaches virtual government certificate being issued, which includes identifiers and biometrics.)
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to teach specific entities of government that issue documents being used for information retrieval,
However, Choi2 teaches,
wherein the government electronic system is associated with a government entity that issued the government-issued identity document. ([0177-179] teaches driver’s license passport ID in fig. 13. Fig. 14 teaches government application services that include government, where multiple biometrics are used. [0186] teaches the use of government agencies / specific government offices.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract), with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]), with Choi2, which also teaches X.509 certificates that include biometrics (Abstract & fig. 4A, S404-405), and additionally teaches the use of government agencies (entities) that issue identification documents, that are associated with biometrics in the certificate ([0177-179] & fig. 13). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, Kao, Hojjati, and Gehrmann with the added ability to utilized government documents for authentication, as taught by Choi2, for the purpose of increasing security by utilizing the services provided by government.
Regarding claim 4, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of claim 1,
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to teach biometric data expressed as a zero knowledge proof (ZKP),
However, Choi2 teaches,
wherein the first biometric data is expressed as a first zero-knowledge proof in the digital certificate. ([0186] and fig. 14 teach hashes of biometrics (e.g., ZKP) and the use of government databases. See also fig. 13, and rejection of claim 3 above. See also [0107])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract), with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]), with Choi2, which also teaches X.509 certificates that include biometrics (Abstract & fig. 4A, S404-405), and additionally teaches the use of government agencies (entities) that issue identification documents, that are associated with biometrics in the certificate ([0177-179] & fig. 13). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, Kao, Hojjati, and Gehrmann with the added ability to utilized government documents for authentication, as taught by Choi2, for the purpose of increasing security by utilizing the services provided by government, and utilizing hashes of biometrics, which cannot be used to retrieve the original biometric.
Regarding claim 5, Choi, MacLeod, Kao, Hojjati, Gehrmann, and Choi2 teach,
The first device of claim 4,
wherein the determination is made (Choi, fig. 2 teaches multiple servers / CAs updating the X.509 certificate. Fig. 1B teaches a large amount of Extension information included in the Certificate, including biometrics. [0048] teaches using biometric data or a combination of pieces of biometric data, thus, teaching multiple biometrics. See also rejection of claim 1.)
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to teach using zero knowledge proofs,
However, Choi2 teaches,
wherein the determination is made using zero-knowledge proofs that respectively establish the first, second, and third biometric data. ([0186] and fig. 14 teach hashes of biometrics (e.g., ZKP) and the use of government databases. See also fig. 13, and rejection of claim 3 above. Fig. 14 teaches a diverse combination of biometrics being used. See also [0107])
Regarding claim 6, Choi, MacLeod, Kao, Hojjati, Gehrmann, and Choi2 teach,
The first device of claim 5, wherein the instructions are executable to:
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to teach using zero knowledge proofs,
However, Choi2 teaches,
to make the determination, convert the input from the at least one biometric sensor to a second zero-knowledge proof, the second zero-knowledge proof establishing the second biometric data. ([0043] teaches a biometric sensor. Fig. 6 and [0107] teach biometric that is hashed. [0179] teaches for certain applications identity data is hashed.) (MacLeod, [0019] teaches biometric sensors, see also rejection of claim 1 regarding the determination taught by MacLeod.)
Regarding claim 7, Choi, MacLeod, Kao, Hojjati, Gehrmann, and Choi2 teach,
The first device of claim 5, wherein the instructions are executable to:
to make the determination, receive the second biometric data as a second zero-knowledge proof from a client device. (Choi2, as discussed above, teaches zero knowledge proofs / hashes. Fig. 12 and [0170] teach biometric sensor of client, [0179] teaches hashing identity data, and [0186] teaches specifically hashing biometric identity data.) (MacLeod, [0019] teaches biometric sensors, see also rejection of claim 1 regarding the determination taught by MacLeod. Fig. 1, [0027-28] teaches biometric sensors.)
Regarding claim 8, Choi, MacLeod, Kao, Hojjati, Gehrmann, and Choi2 teach,
The first device of claim 6, wherein the instructions are executable to:
to make the determination, receive the third biometric data in the form of a third zero-knowledge proof, the third zero-knowledge proof received from a government entity that issued the government-issued identity document. (Choi2, [0186] and fig. 14 teach hashes of biometrics (e.g., ZKP) and the use of government databases. See also fig. 13, and rejection of claim 3 above. See also [0107] Fig. 14, teaches multiple combinations of biometrics.) (Choi, as discussed in the rejection of claim 1, teaches multiple biometrics being included in the certificate.)
Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Choi, in view of MacLeod, in view of Kao, in view of Hojjati, in view of Gehrmann, in view of US 20100191830 to Kim et al. (hereinafter Kim).
Regarding claim 22, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The at least one CRSM of Claim 20, wherein the avatar is a first avatar, and wherein the instructions are executable to:
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to teach mutually authenticating, using certificates, two different users / avatars,
However, Kim teaches,
responsive to validating that the digital certificate is associated with the first avatar, allow physical interactions in the XR simulation between the first avatar and a second avatar loaded into the XR simulation, the second avatar being different from the first avatar and being associated with a second user different from the first user. (Kim, [0034-36] teaches mutual authentication using certificates ([0034]), where two different users / widgets are authenticated ([0035]), where widgets may be avatars ([0036]).) (Choi, [0003-4] teaches metaverse environment. Kao, [0040] teaches virtual reality content.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract), with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]), with Kim, which also teaches the use of avatars and certificates for authentication (0034-36]), and additionally teaches mutual authentication using a certificate ([0034]), where two different users / widgets are authenticated ([0035]), where widgets may be avatars ([0036]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, and Kao with the added ability to use the certificates of Choi, MacLeod, Kao, Hojjati, and Gehrmann to verify two different users / avatars, as taught by Kim, for the purpose of increasing security by applying the use of certificates to the (mutual) authentication between two different users / avatars.
Claims 34 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Choi, in view of MacLeod, in view of Kao, in view of Hojjati, in view of Gehrmann, in view of US 20160063588 to Gadre et al. (hereinafter Gadre).
Regarding claim 34, Choi, MacLeod, Kao, Hojjati, and Gehrmann teach,
The first device of Claim 1, wherein the graphics data comprises color data for visually rendering . (Choi, [0101] teaches the use of colors associated with the virtual representation \ avatar.)
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to explicitly teach use of color data for rendering the avatar,
However, Gadre teaches,
wherein the graphics data comprises color data for visually rendering the avatar. ([0240] teaches avatar color.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract), with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]), with Gadre, which also teaches a network using avatars (fig. 3, avatar server 118N and [0006]), and additionally teaches using color avatars ([0240]) and providing avatar data of a second user based on a request from a first user to share avatar data ([0263]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, Kao, Hojjati, and Gehrmann with the added ability to use color avatars and respond to requests from a user to share avatar data with another user, as taught by Gadre, for the purpose of increasing security by restricting avatars to users who may request access to avatars and increasing user experience by using color avatars.
Regarding claim 35, Choi, MacLeod, Kao, Hojjati, and Gehrmann,
The first device of Claim 1,
Choi, MacLeod, Kao, Hojjati, and Gehrmann fail to explicitly teach graphic data of an avatar being received based on a request from another user,
However, Gadre teaches
wherein the graphics data is received based on a request from a second user different from the first user. ([0263] teaches a request from a first user to share avatar data with a second user.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Hojjati, which also teaches the use of certificates, signatures, and images in verification (Abstract), and additionally teaches matching of signed image data associated with a certificate with another signed data (Abstract), with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]), with Gadre, which also teaches a network using avatars (fig. 3, avatar server 118N and [0006]), and additionally teaches using color avatars ([0240]) and providing avatar data of a second user based on a request from a first user to share avatar data ([0263]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, Kao, Hojjati, and Gehrmann with the added ability to use color avatars and respond to requests from a user to share avatar data with another user, as taught by Gadre, for the purpose of increasing security by restricting avatars to users who may request access to avatars and increasing user experience by using color avatars.
Claims 1-2, 17, 20, 30-33, 36, and 38-39 are rejected under 35 U.S.C. 103 as being unpatentable over US 20220116231 to Choi (hereinafter Choi), in view of US 20190165951 to MacLeod Jr. et al. (hereinafter MacLeod), in view of US 20160048667 to Kao (hereinafter Kao), in view of US 20240227728 to Carlsson et al. (hereinafter Carlsson), in view of US 20200387589 to Gehrmann et al. (hereinafter Gehrmann).
Regarding claim 1, Choi teaches,
A first device, comprising: (fig. 1, terminal 560)
a processor system comprising one or more processors; and ([0012] teaches IoT device, which inherently has a processor.)
storage accessible to the processor system and comprising instructions executable by the processor system to: ([0012] teaches IoT device, which inherently has a memory. Also, [0054] teaches device storage that is a “secure element.”)
at a certificate authority (CA) (fig. 2, [0046] teaches multiple CAs authorized to sign certificates, [0052-53] teaches the Parties and their private / public keys used to cross-sign certificates, where the final party assembles the X.509 extensions of fig. 1B, in total.) identify first biometric data from a digital certificate associated with an avatar currently loaded into an extended reality (XR) simulation, (fig. 7B(e), metaverse ID and [0107] teach an avatar being the metaverse ID, which may be associated with public key certificates. The metaverse ID may be a picture or issued in associated with voice command or gesture. [0003-4] teaches metaverse environment.) the first biometric data indicating one or more biometrics of a first user; (fig. 7B (e), metaverse ID in [0106-108] .)
at the CA (fig. 1B teaches a large amount of Extension information included in the Certificate. [0048] teaches using biometric data or a combination of pieces of biometric data, thus, teaching multiple biometrics. fig. 7B (e), biometric code and [0106-108] teaching inserting biometric data and metaverse ID. See also, fig. 1B, vaccination records, which are commonly government controlled.)
at the CA ([0048] teaches using biometric data or a combination of pieces of biometric data, thus, teaching multiple biometrics. fig. 7B (e), biometric code and [0106-108] teaching inserting biometric data and metaverse ID.) [0011] teaches different parties (fig. 2) using biometrics and driver’s license information identification codes. See also [0115] & [0175]. [0129] teaches the use of a virtual government certificate.)
the validation comprising validating that a first digital signature identified from the digital certificate matches a second digital signature . (Choi, [0050] teaches biometric data inserted into the certificate, and [0129] teaches an avatar certificate.[0009] & [0015] teaches chain authentication and cross signing different certificates. Fig.2 & [0008-9] teach the first and second signature, where the signatures are used to cross sign other certificates, via chain authentication. [0100] teaches the avatar in a virtual reality (VR) environment. [0024] teaches virtual representations of participants in VR and XR simulations. [0100] & [0120] teaches the virtual representation may be an avatar, of the user.)
Choi fails to teach the Certificate Authority performing biometric matching using a threshold, and issuing a certificate based on the matching,
However, MacLeod teaches,
at the CA (Abstract, teaches the registration and certificate authority performing biometric matching, based on a level of certainty, before issuing a biometric certificate. [0027] teaches one or more biometric sensors collecting different biometric data, such as fingerprints, facial features, voice data as the biometric data. Abstract teaches level of certainty of biometric match, where level of certainty corresponds to a “threshold”. Examiner also notes that biometric thresholds are well known in the art of biometric comparisons / authentication, and that biometric voice data and other biometric authentications would inherently include threshold comparisons because an enrollment biometric cannot exactly match a sample biometric and be expected to effectively indicate a match in real world conditions because a biometric of the same feature from the same person varies between scans.)
at the CA (Abstract, teaches the Certificate Authority issues the certificate after the biometric comparison.) (Choi, similarly, in [0110] CA signs the certificate.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi with the added ability to perform biometric matching at an authority, as taught by MacLeod, for the purpose of increasing security by authenticating a biometric and contextual information before issuing a biometric certificate that grants access to a system / resource.
Choi and MacLeod fail to teach using three authentication factors during a first instance of real time to validate the user,
However, Kao teaches,
([0010-11] teaches identify avatar.)
([0010-11] teaches a first of two factors of biometric (voice) authentication.)
([0011] teaches a second of two factors of biometric authentication.)
([0010-11] teaches identity avatar and two factors of biometric (voice) authentication. [0031] teaches comparing the biometrics. [0020 teaches that the biometric comparison is a voice biometric, which one of ordinary skill in the art would understand as a threshold comparison. Further, the examiner asserts that threshold comparisons of voice biometrics utilizing thresholds Further, the examiner asserts that threshold comparisons of biometrics, including voice biometrics, utilizing thresholds is inherent, and that threshold comparisons are well know in the art of biometric comparisons / authentication. One of skill in the art understands that biometric comparison, where a registered biometric is compared to a sample biometric that is taken for authentication requires threshold comparisons because the biometrics are not exact matches, unlike passwords.)
([0024] teaches after performing the two factor biometric (voice) authentication, a digital certificate is generated to authorize a transaction. [0039] teaches the signatures being used to generate the certificate and authenticate the user. [0013] teaches using the certificate for authentication, including verifying the user prior to certifying a transaction.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi & MacLeod, the ability to perform avatar and multi-factor biometric authentication together with the use of certificates for authentication, to increase security by utilizing the avatar and multiple factors of biometrics in authentication before allowing a transaction.
Choi, MacLeod, and Kao fail to explicitly teach matching signed avatar / image data associated with a certificate with other signed data,
However, Carlsson teaches,
the validation comprising validating that a first digital signature identified from the digital certificate matches a second digital signature that signs file data for the . (Applicant’s printed publication at [0056] and [0060-61] teach signing file data of the avatar, and the first paragraph of page 14 of the applicants present filing of 01/05/2026 states that the previously cited references, including Kao, fail to teach “graphics data for an avatar being signed with a digital signature.” Thus, examiner interprets the above feature as including signing graphics data for the avatar.) (Carlsson, [0008] teaches granting access based on a first digital signature matches a second digital signature. [0009] teaches the digital signature is linked to an identifier. [0012] teaches the digital signature linked to an identifier being included in the certificate.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Carlsson, which also teaches the use of digital signatures and certificates for authentication / granting access ([0008-9]), and a certificate that includes a digital signature linked to an identifier. One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, and Kao with the added ability to match signed data associated with a certificate with other signed data, as taught by Carlsson, for the purpose of increasing security by matching signed data and increasing computational efficiency by associating the signed data with a certificate.
Choi, MacLeod, Kao, and Carlsson fail to explicitly teach the use of multiple thresholds in biometric matching,
However, Gehrmann teaches,
at the CA during the first instance, determine that the first biometric data matches the second biometric data to at least within a first threshold; ([0009-10] teaches multiple thresholds in biometric comparisons / authentications)
at the CA during the first instance, determine that the first biometric data matches the third biometric data to at least within a second threshold different from the first threshold; ([0009-10] teaches multiple thresholds in biometric comparisons / authentications)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Choi, which teaches X.509 certificates being assembled from multiple Parties / certificates, where the certificates include biometric data, including Avatar data ([0046-53] teaching cross signing of certificates including data of fig. 2. fig. 7B(e), metaverse ID.), with MacLeod, which also teaches X.509 certificates including biometrics (Abstract & [0011]), and additionally teaches the Certificate Authority and other authorities performing biometric matching, and the certificate authority issuing a biometric certificate if the biometrics are authenticated / verified (Abstract & figs. 1-2), with Kao, which also teaches avatars and biometrics associated with digital certificates (Title & Abstract), and additionally teaches the use of avatar and multifactor biometric authentication ([0011]), with Carlsson, which also teaches the use of digital signatures and certificates for authentication / granting access ([0008-9]), and a certificate that includes a digital signature linked to an identifier, with Gehrmann, which also teaches biometric authentication / matching (Abstract), and additionally teaches multiple thresholds in biometric comparisons / authentications ([0009-10]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Choi, MacLeod, Kao, and Carlsson with the added ability to use multiple thresholds in biometric comparisons / authentications, as taught by Gehrmann, for the purpose of increasing security in biometric matching for authentication.
Claims 2-8, 17, 20, 22, and 30-36, and 38-39, are rejected using the same basis of argument above by replacing Hojjati with Carlsson.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942. The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/B.W.A./
/JASON K GEE/Primary Examiner, Art Unit 2495