BIOMETRIC AUTHENTICATION SYSTEM, BIOMETRIC AUTHENTICATION DEVICE, AND BIOMETRIC AUTHENTICATION METHOD

DETAILED ACTION Remarks 1. Pending claims for reconsideration are 1-15. Response to Arguments 2. Applicant's arguments filed 7/22/2025 have been fully considered but they are not persuasive. In the remarks, applicant argues in substance: That- Tussy’s process is focused on authenticating the user—not the device. The biometric data in Tussy is used solely to verify the identity of the individual operating the smart device. There is no disclosure or suggestion that this biometric data represents a security level of the server, nor that the smart device authenticates the server based on any such security level. Indeed, Tussy does not teach or suggest authenticating a device based on a received security level of that device. Therefore, Tussy fails to teach or suggest, at least, a first communicator configured to transmit the first security level to the information processing device and receive a second security level indicating a security level of the information processing device from the information processing device, and a first authenticator configured to perform authentication of a user based on the biometric information and perform authentication of the information processing device based on the second security level, as recited in amended independent claim 1 (emphases added). PNG media_image1.png 754 400 media_image1.png Greyscale In response to applicant’s argument- It is the combination of Tussy and Lee that teaches the claimed language, neither Tussy nor Lee alone. The claims have been examined in their broadest most reasonable interpretation in light of the applicant’s specification. Par.0021 of Tussy states that “The system may thus account for changing biometrics due to age , weight gain / loss , environment , user experience , security level , or other factors.” Tussy figure 5 also illustrates authenticating a device based on a received security level of that device. Tussy further discloses in paragraph 0003 that a second computing device is also provided which has a camera configured to , or the first computing device is further configured to capture a second image set of the user when the user is making a second financial transaction , process the second image set to create second biometric information , and store the second biometric information as part of a biometric trust profile for the user trust profile for the user. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Pub.No.: US 2020/0293644 A1 to Tussy in view of Pub.No.: US 2017/0244703 A1 to LEE et al(hereafter referenced as LEE). Regarding claim 1, Tussy discloses “a biometric authentication system comprising a biometric authentication device and an information processing device (facial recognition authentication system [Fig.4/item 410]), “wherein the biometric authentication device includes a first memory comprising a first secure element configured to store data related to biometric information and data related to a first security level indicating a security level of the biometric authentication device”(system may thus account for changing biometrics due to age , weight gain / loss , environment , user experience , security level , or other factors. [par.0021] also see capability of communicating with the mobile device 112. The server 120 and mobile device 112 are configured with a processor and memory and are configured to execute machine readable code or machine instructions stored in the memory [par.0070]) , “a first processing circuitry comprising a biometric information acquirer configured to read the data related to the biometric information from the first secure element and acquire the biometric information based on the data related to the biometric information” (i.e. biometric data is captured at smart device [Fig.18/item 1803]) , “a first security level acquirer configured to read the data related to the first security level from the first secure element and acquire the first security level based on the data related to the first security level”(processor 208 may process image data to perform image recognition , such as in the case of , facial detection , item detection , facial recognition , item recognition , or bar / box code reading [par.0092]) , “a first communicator configured to transmit the first security level indicating a security level of the information processing device (system may thus account for changing biometrics due to age , weight gain / loss , environment , user experience , security level , or other factors. [par.0021]) to the information processing device and receive a second security level from the information processing device”(smart device i.e. mobile phone transmits and receives information from the processing device [Fig.16]) , “and a first authenticator configured to perform authentication of a user based on the biometric information and perform authentication of the information processing device based on the second security level”(send Biometric Data from Root Identity to Authenticating Device[Fig.17/item 1705]) , “and the information processing device includes a second memory comprising a second secure element configured to store data related to the second security level indicating a security level of the information processing device”(second computing device is also provided which has a camera configured to , or the first computing device is further configured to capture a second image set of the user when the user is making a second financial transaction , process the second image set to create second biometric information , and store the second biometric information as part of a biometric trust profile for the user [par.0038]), “a second processing circuitry comprising a second security level acquirer configured to read the data related to the second security level from the second secure element and acquire the second security level based on the data related to the second security level” ”(second computing device is also provided which has a camera configured to , or the first computing device is further configured to capture a second image set of the user when the user is making a second financial transaction , process the second image set to create second biometric information , and store the second biometric information as part of a biometric trust profile for the user [par.0038]). Tussy does not explicitly disclose “a second communicator configured to transmit the second security level to the biometric authentication device and receive the first security level from the biometric authentication device, and a second authenticator configured to perform authentication of the biometric authentication device based on the first security level.” However, LEE in an analogous art discloses “a second communicator (second electronic device LEE [Fig.8/item 500]) configured to transmit the second security level to the biometric authentication device and receive the first security level from the biometric authentication device”(accept communication authentication information [Fig.8/item 809] from first device and authenticate LEE[Fig.8/item 828]),” and a second authenticator configured to perform authentication of the biometric authentication device based on the first security level.”(i.e. first authentication 803, 805, second authentication of control data LEE[Fig.8/item 821]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Tussy’s biometric verification system with LEE’s biometric authentication between devices in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Tussy teaches a biometric authentication process between devices, LEE additionally discloses in greater detail biometric authentication process between a first and second device, and both are from the same field of endeavor. Regarding claim 2 in view of claim 1, the references combined disclose “wherein the first authenticator of the biometric authentication device accepts the information processing device when the second security level is equal to or larger than a predetermined threshold value, and rejects the information processing device when the second security level is smaller than the predetermined threshold value”(method will authenticate the user when the comparing determines that the first authentication biometric information matches the second authentication biometric information within a threshold , but are not identical , and the comparing determines that the root biometric identity information matches the first authentication biometric information , the second authentication biometric information , or both within a threshold Tussy[par.0022]) Regarding claim 3 in view of claim 2, the references combined disclose “wherein the first communicator of the biometric authentication device transmits an authentication result of the information processing device to the information processing device” (receive Credentials from a User Attempting to Authenticate with the System Tussy[Fig.4/item 420]). Regarding claim 4 in view of claim 3, the references combined disclose “wherein the second authenticator of the information processing device performs operation setting of the information processing device based on the first security level” (i.e., first authentication 803, 805, second authentication of control data LEE[Fig.8/item 821]). Regarding claim 5 in view of claim 4, the references combined disclose “wherein the second authenticator of the information processing device restricts some or all functions of the information processing device based on the first security level” (grant or Deny Access Based on Verification Tussy [Fig.4/item 440]). Regarding claim 6 in view of claim 1, the references combined disclose “wherein the biometric information acquirer, the first security level acquirer, and the second security level acquirer are each implemented as an API” (application programming interface module LEE[Fig.1/item 145]). Regarding claim 7 in view of claim 1, the references combined disclose “wherein the biometric authentication device has a configuration that the first secure element is replaceable” (if the user wishes to replace the original device or add a second user device to the account , both the root identity image ( s ) and / or template ( s ) the device identity images and or templates captured on the device can be sent to the second device during set up or enrollment for comparison and matching Tussy[par.0259]). Regarding claim 8 in view of claim 7, the references combined disclose “wherein the biometric authentication device further includes a biometric information setter configured to write the data related to the biometric information to the first secure element”(mobile device 112 detects the user's face in each of the authentication images , crops the images , and sends/writes the images to the authentication server 120 Tussy [par.0117]), “a first security level setter configured to write the data related to the first security level to the first secure element, a verification information setter configured to write data related to verification information to the first secure element”(verify Received Credentials Sufficiently Correspond with Enrolled User Tussy[Fig.4/item 430]), “a verification information acquirer configured to read the data related to the verification information from the first secure element and acquire the verification information based on the data related to the verification information”(Grant or Deny Access Based on Verification Tussy[Fig.4/item 440]), “and a verifier configured to verify validity of the biometric authentication device by using the verification information” (Grant or Deny Access Based on Verification Tussy[Fig.4/item 440]), Regarding claim 9 in view of claim 8, the references combined discloses “wherein the verifier of the biometric authentication device verifies validity of the biometric authentication device by using the verification information when the biometric authentication device is powered on” (Grant or Deny Access Based on Verification Tussy[Fig.4/item 440]) Regarding claim 10 in view of claim 8, the references combined discloses “wherein the biometric authentication device is initialized or reactivated when the first secure element is replaced while the biometric authentication device is powered on, and the verifier of the biometric authentication device verifies validity of the biometric authentication device by using the verification information when the biometric authentication device is initialized or reactivated” (Grant or Deny Access Based on Verification Tussy[Fig.4/item 440]), Regarding claim 11 in view of claim 8, the references combined discloses “wherein the biometric authentication setter, the first security level setter, the verification information setter, and the verification information acquirer are each implemented as an API” (application programming interface module LEE[Fig.1/item 145]). Regarding claim 12 in view of claim 1, the references combined discloses “wherein the biometric authentication device includes a first biometric authentication (acquire and authenticate user information LEE[Fig.8/item 805]) device and a second biometric authentication device, and the second authenticator of the information processing device performs authentication of the first biometric authentication device based on the first security level of the first biometric authentication device (authenticate control data LEE[Fig.8/item 821]) and performs authentication of the second biometric authentication device based on the first security level of the second biometric authentication device”(authentication control data LEE[Fig.7/item 721]). Regarding claim 13 in view of claim 1, the references combined discloses “wherein the biometric authentication device includes a first biometric authentication device and a second biometric authentication device(acquire and authenticate user information LEE[Fig.8/item 805]), the first authenticator of the second biometric authentication device performs authentication of the first biometric authentication device based on the first security level of the first biometric authentication device(authenticate control data LEE[Fig.8/item 821]), and the second authenticator of the information processing device performs authentication of the second biometric authentication device based on the first security level of the second biometric authentication device” (authentication control data LEE[Fig.7/item 721]). Regarding claim 14, Tussy discloses “a biometric authentication device (facial recognition authentication system [Fig.4/item 410]), comprising: a memory comprising a first secure element configured to store data related to biometric information and data related to a first security level indicating a security level of the biometric authentication device” (system may thus account for changing biometrics due to age , weight gain / loss , environment , user experience , security level , or other factors. [par.0021] also see capability of communicating with the mobile device 112. The server 120 and mobile device 112 are configured with a processor and memory and are configured to execute machine readable code or machine instructions stored in the memory [par.0070]); “a processing circuitry comprising a biometric information acquirer configured to read the data related to the biometric information from the first secure element and acquire the biometric information based on the data related to the biometric information” (i.e. biometric data is captured at smart device [Fig.18/item 1803]); “a first security level acquirer configured to read the data related to the first security level from the first secure element and acquire the first security level based on the data related to the first security level” (processor 208 may process image data to perform image recognition , such as in the case of , facial detection , item detection , facial recognition , item recognition , or bar / box code reading [par.0092]); “a first communicator configured to transmit the first security level indicating a security level of the information processing device (system may thus account for changing biometrics due to age , weight gain / loss , environment , user experience , security level , or other factors. [par.0021]) to information processing device and receive a second security level from the information processing device” (smart device i.e. mobile phone transmits and receives information from the processing device [Fig.16]). Tussy does not explicitly disclose “and a first authenticator configured to perform authentication of a user based on the biometric information and perform authentication of the information processing device based on the second security level.” However, LEE in an analogous art discloses “and a first authenticator configured to perform authentication of a user based on the biometric information and perform authentication of the information processing device based on the second security level.” (i.e., first authentication 803, 805, second authentication of control data LEE[Fig.8/item 821]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Tussy’s biometric verification system with LEE’s biometric authentication between devices in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Tussy teaches a biometric authentication process between devices, LEE additionally discloses in greater detail biometric authentication process between a first and second device, and both are from the same field of endeavor. Regarding claim 15, Tussy discloses “a biometric authentication method (facial recognition authentication system [Fig.4/item 410]), comprising: reading data related to biometric information from a first secure element and acquiring the biometric information based on the data related to the biometric information(capable of communicating with the mobile device 112. The server 120 and mobile device 112 are configured with a processor and memory and are configured to execute machine readable code or machine instructions stored in the memory [par.0070]); reading data related to a first security level indicating its own security level (system may thus account for changing biometrics due to age , weight gain / loss , environment , user experience , security level , or other factors. [par.0021]) from the first secure element and acquiring the first security level based on the data related to the first security level (i.e., biometric data is captured at smart device [Fig.18/item 1803]). Tussy does not explicitly disclose transmitting the first security level to an information processing device; receiving a second security level indicating a security level of the information processing device from the information processing device, performing authentication of a user based on the biometric information; and performing authentication of the information processing device based on the second security level. However, LEE in an analogous art discloses “transmitting the first security level to an information processing device; receiving a second security level indicating a security level of the information processing device from the information processing device” (accept communication authentication information [Fig.8/item 809] from first device and authenticate LEE[Fig.8/item 828]), “performing authentication of a user based on the biometric information; and performing authentication of the information processing device based on the second security level” (i.e. first authentication 803, 805, second authentication of control data LEE[Fig.8/item 821]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Tussy’s biometric verification system with LEE’s biometric authentication between devices in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Tussy teaches a biometric authentication process between devices, LEE additionally discloses in greater detail biometric authentication process between a first and second device, and both are from the same field of endeavor. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MICHAEL D ANDERSON/Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433