DETAILED ACTION
This action is in response to the amendment filed on January 26, 2026. Claims 1 and 35 have been amended, and claims 18-34 have been canceled. Claims 1-17 and 35-48 are pending. Of such, Claims 1-17 and 35-48 represent methods directed to privacy-preserving key generation in biometric authentication.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 35 is objected to because of the following informalities:
In Claim 35, line 20, the claim discloses the limitations “a subset of the of the enrollment shards…” needs to be corrected to remove the duplicate “of the”.
Appropriate correction is required.
Response to Arguments
Applicant's arguments filed on January 26, 2026, has been fully considered but they are not persuasive.
The applicant discloses on Page 8 of the Remarks, that the prior art Teranishi fails to disclose the limitation that the enrollment and authentication occurs in different devices. The limitations disclose that the enrollment and authentication requires distinct transducers and Teranishi requires the same user device.
This argument is not persuasive.
The examiner acknowledges Teranishi does disclose the concept the verification information as well as the authentication information captured by the same computing facility (i.e. Acquisition Part (4111)). However, Teranishi does disclose the concept of the verification information and authentication information captured by two distinct computer facilities. The applicant acknowledges on page 18 of Remarks 1, that Teranishi does in fact disclose in Col. 31, lines 2-15, a “dedicated machine for recording verification information…in advance”. The applicant states that Teranishi fails to disclose the operation of the dedicated machine, how the recorded verification information of the new recruits is handled after it is recorded. However, in Col 31, Teranishi discloses a dedicated machine for recording verification information in advance would follow the same procedure of capturing the verification information, splitting the information into shares, and distributing the information to assistance devices to be later used for authenticating an individual. The “dedicated machine for recording verification information” requires a transducer (i.e. first transducer) to capture the verification information.
Further in ¶ 30 of the instant application’s specification, the applicant discloses the definition of a computing facility as follows: “A "computing facility" means an electronic system having components that include a computing processor and a memory storing instructions that can be executed by the computing processor. A computing facility may be found, for example, in a desktop computer, a smartphone, a tablet computer, a wearable, a smart watch, and similar electronic devices. A computing facility also may be found in embedded computing systems that perform specialized computations, for example point-of-sale machines, automated teller machines (ATMs), physical access barriers, video display kiosks, and similar electronic devices.”
A dedicated machine for recording verification information would be applicable to a computing facility as disclosed in the claims. Further, in Figure 4, Teranishi discloses two distinct Acquisition Parts (4111) which further could be represented as two distinct transducers (Teranishi Col 29, lines 25-35). Thus, Teranishi discloses two distinct computing facilities (dedicated machine for recording verification information and the user device 41) and two distinct transducers (4111 in Figure 1 containing two different acquisition parts).
On page 8 of the Remarks, the applicant further discloses the pending claims have been amended to track the independent claims of the allowed parent application serial number 17/116,483. However, the independent claims of the parent application includes the limitations of encoding of a digital electronic signal as a set of vectors in metric space, causing generation of authentication shards from the encoded digital electronic signal, using machine learning. The parent application further discloses performing a data exchange process that includes computing a set of distances in metric space and comparing the computed distances against a threshold to develop information regarding the authentication of a subject. These limitations are not described in this application.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-17 and 35-48 are rejected under 35 U.S.C. 103 as being unpatentable over Teranishi et al. (US 11063941), hereinafter referred to as Teranishi, in view of Carmignani et al. (US 20200259638), hereinafter referred to as Carmignani.
Regarding Claim 1, Teranishi discloses:
A method for using biometric data to authenticate a subject as an individual (In the abstract, Teranishi discloses “An authentication system is provided with: a user device; user side assistance device(s) to assist user authentication that authenticates a user of the user device”) whose biometric data has been previously obtained using an enrollment computing facility that is coupled to a first transducer (In Col 31, Lines 2-12, Teranishi further discloses “In the present exemplary embodiment, in user authentication advance preparation the user 44 records verification information in advance. Various methods may be used as a method of recording the verification information in advance. FIG. 4 shows a case where the verification information is recorded in advance by using the acquisition part 4111 of the user device 41. However, in a case where, for example, a company records all new recruits together in an authentication system, a dedicated machine for recording the verification information may be prepared and used to perform recording in advance in the verification part.” Examiner notes, wherein the previously obtained data was recorded using a dedicated machine), the method utilizing computer processes comprising: under a condition wherein enrollment shards have been generated from the individual's biometric data by the enrollment computing facility (In Col 31, Line 27, Teranishi discloses “Step 513: a verification information distribution part 41222 inputs verification information and the number M of user side assistance devices 43, and outputs distributed shares v[0], v[1], . . . , v[M] of the verification information.”) and the enrollment computing facility has effectuated distribution thereof to a first plurality of servers in an array of servers (In Col 31, Line 34, Teranishi discloses “Step 515: the assistance communication part 4141 of the communication part 414 transmits the distributed share v[1] to the user side assistance device 43[1], and . . . , distributed share v[M] to the user side assistance device 43[M].”): causing generation of authentication shards from a digital electronic signal characterizing a biometric of the subject (In Col 32, Lines 27-30, Teranishi discloses “Step 713: the authentication information distribution part 41212 inputs authentication information and the number M of user side assistance devices 43, and outputs distributed shares s[0], s1], . . . , s[M] of the authentication information.”), such signal obtained using an authentication computing facility that is coupled to a second transducer (In Col 32, Line 22, Teranishi discloses “Step 711: the acquisition part 4111 obtains user unique information from the user 44.”), the authentication computing facility being distinct from the enrollment computing facility and the second transducer being distinct from the first transducer (In Col 31, lines 2-15, Teranishi disclose “a dedicated machine for recording verification information…in advance” further in Figure 4, Teranishi discloses two different acquisition parts (4111)), and causing distribution of the authentication shards to a second plurality of servers in the array of servers (In Col 32, Line 31, Teranishi discloses “Step 714: for i=1, . . . , M, the assistance communication part 4141 of the communication part 414 transmits the distributed share s[i] of the authentication information to the user side assistance device 43[i].”); causing performance of a data exchange process which includes multiparty computation that involves communication among a subset of servers in the array and that also involves uses a subset of the enrollment shards and a subset of the generated authentication shards to develop information relating to authentication of the subject (In Col 32, Line 59, Teranishi discloses “For i=1, . . . , M, the user side assistance device 43[i] inputs distributed share s[i] of the authentication information, distributed share v[i] of the verification information, advance computation data p[i] (if it exists), and verification protocol for user authentication, to the user side assistance device user authentication MPC part 4311[i]. In this way, “user authentication MPC” is executed. As an execution result, the user device 41 obtains the user authentication result share a[0]. For i=1, . . . M, the user side assistance device 43[i] obtains the user authentication result share a[i]. It is to be noted that details of the “user authentication MPC” are described later.” and further discloses in Col 25, Line 30, Teranishi discloses “The i-th user side assistance device performs user authentication by using v[i], f[i], the authentication information derivation algorithm, the verification information derivation algorithm, and the user authentication algorithm to perform MPC while carrying out intercommunication with other user side assistance devices.”), and causing processing of the authentication information in a verification process to indicate whether the subject is authenticated as the individual (In Col 38, Lines 14-16, Teranishi discloses “an authentication result is outputted. The user side assistance device 43[1] transmits GC to the user device 41 using the communication part 433[1].”).
However, Teranishi does not explicitly disclose the generation of a key.
Carmignani discloses:
wherein the authentication information includes a key of the subject (In ¶ 48, Carmignani discloses “If an evaluation of a user's EBT and ABS is successful at a sufficient number (e.g., 1 or more (e.g., m-number for m out of n secret sharing)) of the network nodes (e.g., if user authentication with the APSP is successful at a sufficient number of the nodes), the APS user device may receive and further decrypt enough seed shares from the node(s) for recovering or reconstructing the seed (or receive and further decrypt the seed from a node). Such a recovered or reconstructed seed may then be used by the APS user device for any suitable purpose, such as for enabling any suitable secure operation (e.g., seamless authentication, unique identification, access control, key generation, e-signature, etc.)”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to (see Carmignani ¶ 48).
Regarding Claim 2, the combination of Teranishi and Carmignani disclose the limitations of claim 1.
However, Teranishi does not explicitly disclose the generation of a signature.
Carmignani discloses:
A method according to claim 1, wherein the processing of the authentication information includes causing the development of a signed message (In ¶ 48, Carmignani discloses “Such a recovered or reconstructed seed may then be used by the APS user device for any suitable purpose, such as for enabling any suitable secure operation (e.g., seamless authentication, unique identification, access control, key generation, e-signature, etc.)”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 3, the combination of Teranishi and Carmignani disclose the limitations of Claim 2.
However, Teranishi does not explicitly disclose the generation of another key for signing.
Carmignani discloses:
wherein the computer processes further comprise causing the data exchange process to use the authentication shards to develop a further key of the subject and to cause the further key of the subject to be used to develop a second signed message (In ¶ 92, Carmignani discloses “attempt to verify the signatures SVE.sub.j of the received authentication circuit information ACI.sub.Cid_j for each unique circuit identifier C.sub.id using public device signing key pk.sub.d of earlier received data 208d, generate a verification acknowledgment ack′.sub.CID_j that may be indicative of whether or not the node was able to verify the signatures SVE.sub.j of the received authentication circuit information ACI.sub.Cid_j for each unique circuit identifier C.sub.id (e.g., confirm or deny such verification)”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 4, the combination of Teranishi and Carmignani disclose the limitations of Claim 2.
However, Teranishi does not explicitly disclose the signing of the message using the subject key.
Carmignani discloses:
wherein the verification process includes using an authentication key of the individual in relation to the signed message to determine whether the subject is authenticated as the individual (In ¶ 144, Carmignani discloses “In response to receiving such a challenge (e.g., timestamped beacon data), APS user device 60a may be operative (e.g., at operations 614-620) to sign such a challenge with a private TPS key ski, and then store that signed challenge as unmodifiable information (e.g., on repository 80 (e.g., on a public blockchain)). This may be used for facilitating a secure operation, as the TP subsystem may then utilize that stored signed challenge (e.g., by confirming the signature with its public TPS key pk.sub.t) for securely determining that the user authenticated with the APSP to prove that APS user device 60a and user U received the challenge and thus was proximate beacon TPS user device 60c at the time of the timestamp.”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 5, the combination of Teranishi and Carmignani disclose the limitations of Claim 4.
However, Teranishi does not explicitly disclose the use of an ECDSA (Elliptical Curve Digital Signature Algorithm) public and private key.
Carmignani discloses:
wherein the authentication key of the individual is an ECDSA public key that is used in the verification process in relation to the signed message, signed using a ECDSA private key of the subject to determine whether the subject is authenticated as the individual. (In ¶ 57, Carmignani discloses “For example, private user key sk.sub.u may be used as a private key for an ECDSA, and the corresponding public counterpart is public user key pk.sub.u (e.g., pk.sub.u=sk.sub.u×G, where G may be the elliptic curve base point).”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 6, the combination of Teranishi and Carmignani disclose the limitations of Claim 1.
However, Teranishi does not explicitly disclose the use of a root private key.
Carmignani discloses:
wherein the key of the subject is a root private key (In ¶ 49, Carmignani discloses “Enrollment biometrics of a user may be captured and processed (e.g., by feature extraction through a neural network) as an EBT that, along with a secret seed, may then be split and one-way encrypted on the user device.”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 7, the combination of Teranishi and Carmignani disclose the limitations of Claim 1.
However Teranishi does not explicitly disclose the use of a ECDSA private key.
Carmignani discloses:
wherein the key of the subject is an ECDSA (Elliptic Curve Digital Signature Algorithm) private key (In ¶ 57, Carmignani discloses “For example, private user key sk.sub.u may be used as a private key for an ECDSA, and the corresponding public counterpart is public user key pk.sub.u (e.g., pk.sub.u=sk.sub.u×G, where G may be the elliptic curve base point).”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 8, the combination of Teranishi and Carmignani disclose the limitations of Claim 1.
However, Teranishi does not explicitly disclose the use of a major key.
Carmignani discloses:
wherein the key of the subject is a major key (In ¶ 49, Carmignani discloses “Enrollment biometrics of a user may be captured and processed (e.g., by feature extraction through a neural network) as an EBT that, along with a secret seed, may then be split and one-way encrypted on the user device.”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 9, the combination of Teranishi and Carmignani disclose the limitations of Claim 8.
However, Teranishi does not explicitly disclose the use of minor key.
Carmignani discloses:
wherein a set of minor keys of the subject is associated with the major key of the subject (In ¶ 48, Carmignani discloses “the APS user device may receive and further decrypt enough seed shares from the node(s) for recovering or reconstructing the seed (or receive and further decrypt the seed from a node)”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 10, the combination of Teranishi and Carmignani disclose the limitations of Claim 9.
However, Teranishi does not explicitly disclose the use of minor key.
Carmignani discloses:
wherein the data exchange process to develop the key of the subject includes causing a subset of the set of the minor keys of the subject to be used in developing the signed message (In ¶ 48, Carmignani discloses “the APS user device may receive and further decrypt enough seed shares from the node(s) for recovering or reconstructing the seed (or receive and further decrypt the seed from a node)”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 11, the combination of Teranishi and Carmignani disclose the limitations of Claim 10.
However, Teranishi does not explicitly disclose the use of minor key.
Carmignani discloses:
wherein the verification process includes determining whether the subset of the set of minor keys of the subject is associated with a major key of the individual (In ¶ 48, Carmignani discloses “If an evaluation of a user's EBT and ABS is successful at a sufficient number (e.g., 1 or more (e.g., m-number for m out of n secret sharing)) of the network nodes (e.g., if user authentication with the APSP is successful at a sufficient number of the nodes), the APS user device may receive and further decrypt enough seed shares from the node(s) for recovering or reconstructing the seed (or receive and further decrypt the seed from a node). Such a recovered or reconstructed seed may then be used by the APS user device for any suitable purpose, such as for enabling any suitable secure operation”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 12, the combination of Teranishi and Carmignani disclose the limitations of Claim 1.
However, Teranishi does not explicitly disclose the use of an individual’s public key.
Carmignani discloses:
Wherein the recited computer processes are carried out with access to a public key of the individual, but without access to the biometric data of the individual (In ¶ 47, Carmignani discloses “APS user device 60 may be configured to authenticate the device itself with the APSP (e.g., by properly signing, with a private key of the device, a challenge from each one of the various network nodes that may have access (e.g., locally and/or via repository 80) to a corresponding public key used during the device registration phase of the enrollment).”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Regarding Claim 13, the combination of Teranishi and Carmignani disclose:
A method according to claim 1, wherein the computer processes are performed by computing entities configured as information-sharing restricted with respect to a set of items of information selected from a group consisting of: the digital electronic signal; the biometric data of the individual; the biometric of the subject; the generated shards; the authentication information; the key of the subject; and a result of the verification process (In Col 37, Lines 17-22, Teranishi discloses “In the present exemplary embodiment, by employing a server machine as the user side assistance device, deviation from the MPC protocol by the user side assistance device is prevented. At this time, the user device only creates a legitimacy proof, and it is possible to omit generation of legitimacy proof by the server side assistance device.”)
Regarding Claim 14, the combination of Teranishi and Carmignani disclose the limitations of claim 1.
However, Teranishi does not explicitly disclose the encryption of the subject
Carmignani discloses:
A method according to claim 1, wherein the computer processes further comprise causing use of the key of the subject for encryption (In ¶ 51, Carmignani discloses “The ABS may be encrypted on the user's device, and may be matched against the encrypted EBT sent to the network node(s) during enrollment (e.g., using enrolled SMPC features (e.g., enrolled garbled circuits)).”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of encrypting the shares as the motivation would be ensure only authorized parties can obtain access to the subject data (see Carmignani ¶ 51).
Regarding Claim 15, the combination of Teranishi and Carmignani disclose the limitations of claim 1.
However, Teranishi does not explicitly disclose the encryption of the subject
Carmignani discloses:
A method according to claim 1, wherein the computer processes further comprise causing use of the key of the subject for decryption (In ¶ 128, Carmignani discloses “As another example, a single success key may be used to encrypt and decrypt multiple EBT shares provided to a single node, where each one of a first doubly encrypted EBT share of an EBT B and a second doubly encrypted EBT share of the same EBT B may be used along with a circuit to partially define ACI for a particular circuit identifier C.sub.id ”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of encrypting the shares as the motivation would be ensure only authorized parties can obtain access to the subject data (see Carmignani ¶ 48).
Regarding Claim 16, the combination of Teranishi and Carmignani disclose:
A method according to claim 1, wherein the computer processes further comprise: causing generation of generating further shards and causing distribution of the further shards to a subset of servers in the array to be used in a second authentication process (In Col 41, Lines 30-35, Teranishi discloses “In the present exemplary embodiment, for i=1, . . . , M, a counter for counting the number of times user authentication has been rejected is added to the user side assistance device 43[i] of the first exemplary embodiment, and in a case where the counter exceeds a determined threshold the user authentication is rejected.”, wherein the counter represents multiple authentication processes occurring repeating the steps outlined in Figure 7)
Regarding Claim 17, the combination of Teranishi and Carmignani disclose:
A method according to claim 1, wherein the computer processes further comprise, if the subject is authenticated as the individual, granting the subject access, based on a security policy, for a defined session, to a set selected from a group consisting of: one or more applications; a service; an operating system; a resource; a server; a computing facility; a set of data; an administrator configuration; and a transaction (In Col 27, Lines 63-66, Teranishi discloses “The apparatus authentication server device 42 is used in authentication when, for example, the user 44 uses the user device 41 to utilize some sort of web service.”)
Regarding Claim 35, Teranishi discloses:
A method for using biometric data to authenticate a subject as an individual (In the abstract, Teranishi discloses “An authentication system is provided with: a user device; user side assistance device(s) to assist user authentication that authenticates a user of the user device”) whose biometric data has been previously obtained using an enrollment computing facility that is coupled to a first transducer (In Col 31, Lines 2-12, Teranishi further discloses “In the present exemplary embodiment, in user authentication advance preparation the user 44 records verification information in advance. Various methods may be used as a method of recording the verification information in advance. FIG. 4 shows a case where the verification information is recorded in advance by using the acquisition part 4111 of the user device 41. However, in a case where, for example, a company records all new recruits together in an authentication system, a dedicated machine for recording the verification information may be prepared and used to perform recording in advance in the verification part.” Examiner notes, wherein the previously obtained data was recorded using a dedicated machine), the method utilizing computer processes comprising: under a condition wherein enrollment shards have been generated from the individual's biometric data by the enrollment computing facility (In Col 31, Line 27, Teranishi discloses “Step 513: a verification information distribution part 41222 inputs verification information and the number M of user side assistance devices 43, and outputs distributed shares v[0], v[1], . . . , v[M] of the verification information.”) and the enrollment computing facility has effectuated distribution thereof to a first plurality of servers in an array of servers (In Col 31, Line 34, Teranishi discloses “Step 515: the assistance communication part 4141 of the communication part 414 transmits the distributed share v[1] to the user side assistance device 43[1], and . . . , distributed share v[M] to the user side assistance device 43[M].”): causing generation of authentication shards from a digital electronic signal characterizing a biometric of the subject (In Col 32, Lines 27-30, Teranishi discloses “Step 713: the authentication information distribution part 41212 inputs authentication information and the number M of user side assistance devices 43, and outputs distributed shares s[0], s1], . . . , s[M] of the authentication information.”), such signal obtained using an authentication computing facility that is coupled to a second transducer (In Col 32, Line 22, Teranishi discloses “Step 711: the acquisition part 4111 obtains user unique information from the user 44.”), the authentication computing facility being distinct from the enrollment computing facility and the second transducer being distinct from the first transducer (In Col 31, lines 2-15, Teranishi disclose “a dedicated machine for recording verification information…in advance” further in Figure 4, Teranishi discloses two different acquisition parts (4111)), and causing distribution of the authentication shards to a second plurality of servers in the an array of servers (In Col 32, Line 31, Teranishi discloses “Step 714: for i=1, . . . , M, the assistance communication part 4141 of the communication part 414 transmits the distributed share s[i] of the authentication information to the user side assistance device 43[i].”); causing performance of a data exchange process which includes multiparty computation that involves communication among a subset of servers in the array and that also involves a subset of the of the enrollment shards (In Col 32, Line 59, Teranishi discloses “For i=1, . . . , M, the user side assistance device 43[i] inputs distributed share s[i] of the authentication information, distributed share v[i] of the verification information, advance computation data p[i] (if it exists), and verification protocol for user authentication, to the user side assistance device user authentication MPC part 4311[i]. In this way, “user authentication MPC” is executed. As an execution result, the user device 41 obtains the user authentication result share a[0]. For i=1, . . . M, the user side assistance device 43[i] obtains the user authentication result share a[i]. It is to be noted that details of the “user authentication MPC” are described later.” and further discloses in Col 25, Line 30, Teranishi discloses “The i-th user side assistance device performs user authentication by using v[i], f[i], the authentication information derivation algorithm, the verification information derivation algorithm, and the user authentication algorithm to perform MPC while carrying out intercommunication with other user side assistance devices.”) and causing processing of the signed message in a verification process to indicate whether the subject is authenticated as the individual (In Col 38, Lines 14-16, Teranishi discloses “an authentication result is outputted. The user side assistance device 43[1] transmits GC to the user device 41 using the communication part 433[1].”).
However, Teranishi does not explicitly disclose the generation of a signed message.
Carmignani discloses:
And that uses a subset of the authentication shards to develop a signed message (In ¶ 48, Carmignani discloses “If an evaluation of a user's EBT and ABS is successful at a sufficient number (e.g., 1 or more (e.g., m-number for m out of n secret sharing)) of the network nodes (e.g., if user authentication with the APSP is successful at a sufficient number of the nodes), the APS user device may receive and further decrypt enough seed shares from the node(s) for recovering or reconstructing the seed (or receive and further decrypt the seed from a node). Such a recovered or reconstructed seed may then be used by the APS user device for any suitable purpose, such as for enabling any suitable secure operation (e.g., seamless authentication, unique identification, access control, key generation, e-signature, etc.)”) and causing processing of the signed message in a verification process to indicate whether the subject is authenticated as the individual (In ¶ 48, Carmignani discloses “Such a recovered or reconstructed seed may then be used by the APS user device for any suitable purpose, such as for enabling any suitable secure operation (e.g., seamless authentication, unique identification, access control, key generation, e-signature, etc.)”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of a seed as the motivation would be that the recovered seed would act as an additional level of security by ensuring the seed or private key that has been recovered from the nodes allows a verification of a signature and for the use or access to the environment or interaction the user is attempting to authenticate to. (see Carmignani ¶ 48).
Claim 36 is directed to a method having functionality corresponding to the method of Claim 2, and are rejected by a similar rationale, mutatis mutandis.
Claims 37-46 are directed to a method having functionality corresponding to the method of Claims 4-13, and are rejected by a similar rationale, mutatis mutandis.
Claims 47-48 is directed to a method having functionality corresponding to the method of Claims 16-17, and are rejected by a similar rationale, mutatis mutandis.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHADI H KOBROSLI/Examiner, Art Unit 2492 /RUPAL DHARIA/Supervisory Patent Examiner, Art Unit 2492