Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 6-11, and 13-20 of U.S. Patent No. 12,052,354. Although the claims at issue are not identical, they are not patentably distinct from each other because instant claims 1-20 overlap in scope with, and thus are anticipated by, respective claims 1-4, 6-11, and 13-20 of the ‘354 patent.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 9, and 15 each recite two instances of generat[ing] “a biometric key”, which creates an improper antecedent basis issue for the “biometric key”. Further, it’s unclear as to whether Applicant intended for there to be two unique biometric keys recited, however for the purposes of expediting prosecution, the examiner will interpret both instances of “a biometric key” to refer to a single biometric key.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 5, 6, 9, 13, 15, 19, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 2017/0005794) in view of “Shi” (US 2017/0177847) in further view of “Hu” (US 2018/0248689).
Regarding Claim 1:
Paddon teaches:
A method, comprising:
generating, by a processor based at least in part on a … string representing a plurality of biological characteristics of a user, a biometric key (Fig. 3 details generating a biometric key (306) via a bit string (element 312) that represents a plurality of biological characteristics of a user (elements 302, 304, 306 & 308 acquired at element 206);
generating a biometric key based on the … string (Fig. 3 details generating a biometric key (306) via a bit string (element 312));
…
Paddon does not disclose:
… a character string representing a plurality of biological characteristics of a user … ;
determining a hash function and a hash value based on a first predetermined time interval of a plurality of predetermined time intervals;
hashing the biometric key using the hash function and the hash value to generate a hashed biometric key;
selecting, based on a second predetermined time interval of the plurality of predetermined time intervals, a different hash function and a different hash value; and
hashing the biometric key based on the different hash value and the different hash function to generate a different hashed biometric key.
Shi teaches:
… a character string representing a plurality of biological characteristics of a user (¶0020, “Determining 72 a sequence of values from the detected biometric features…”; ¶0024, “… the feature value may include a number, a letter …”; i.e., create a string of character values that represent biometric features of a user) …
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon’s system for generating biometric keys by enhancing Paddon’s representation of biometric information to use alphanumeric formatting, as taught by Shi, in order to more uniquely represent various individual’s biometrics.
The motivation is to reduce potential false-positive matches in a biometric system by utilizing an alphanumeric string to represent biometrics of an individual, rather than a bitstring, which leads to more unique biometric strings.
Paddon in view of Shi does not disclose:
determining a hash function and a hash value based on a first predetermined time interval of a plurality of predetermined time intervals;
hashing the biometric key using the hash function and the hash value to generate a hashed biometric key;
selecting, based on a second predetermined time interval of the plurality of predetermined time intervals, a different hash function and a different hash value; and
hashing the biometric key based on the different hash value and the different hash function to generate a different hashed biometric key.
Hu teaches:
determining a hash function (Figure 2, element 221) and a hash value (Figure 2, element 223) based on a first predetermined time interval of a plurality of predetermined time intervals (¶0025, “… the derivation parameter engine 113 may determine the selected hash function 221 according to a particular selection scheme … may determine or specify a particular derivation parameter such as the selected hash function 221 through a specific selection mechanism (e.g., round-robin or weighted round-robin) … The selection mechanism applied by the derivation parameter engine 113 to specify a particular derivation parameter may be configurable or set on a parameter-specific basis”; i.e., determine when derivation parameters (the hash function and character set 223) are selected based on intervals defined by a round-robin scheme. The examiner interprets each “round” of the round-robin scheme to teach a predetermined time interval corresponding to a respective hash function, for example SHA256 / alphanumeric (Time Interval 1) -> SHA1 / Unicode (Time Interval 2) -> SHAKE128 / ASCII Printable (Time Interval 3) -> SHA256 / alphanumeric (Time Interval 4) -> SHA1 / Unicode (Time Interval 5) -> etc., as shown in paragraph 23 in view of “Derivation Parameter Engine 113” of Figure 2);
hashing the biometric key using the hash function and the hash value to generate a hashed biometric key (¶0030, “… the derivation parameter engine 113 may specify derivation parameters 220 for generating an application password 202 by determining a selected hash function 221 … selected character set 223, or combinations thereof”; ¶0032, “The generation engine 114 may generate the application password 202 from the user input string 201, key 210, and derivation parameters 220. In particular, the generation engine 114 may apply the selected hash function 221 to the user input string 201 and the key 210 to obtain a hash value … may concatenate or otherwise combine the user input string 201 and key 210 to obtain a combined data string and apply the selected hash function 221 to the combined data string”; i.e., apply a selected hash function 221 and character set 223, via a generative engine 114, in order to hash a user input string combined with a key. The examiner interprets the combined user input string and key as being a “biometric key” by virtue of the user input string being a voiceprint (see paragraph 19). The examiner further notes that the “application password 202” is being interpreted as the claimed “hashed biometric key” as the application password is derived via at least a hash function, a biometric input, and a key in accordance with Figure 2);
selecting, based on a second predetermined time interval of the plurality of predetermined time intervals, a different hash function and a different hash value (¶0036, “Then, the generation engine 114 may generate a different application password 202 from the different key 210, different derivation parameters 220, or both. The generation engine 114 may repeatedly generate application passwords with different keys 210 and/or different derivation parameters 220 until the generated application password 202 meets the character-specific password constraint or other password requirements”; i.e., repeatedly iterate through the round-robin scheme, where each “round” constitutes as a predetermined time interval, in order to select a new hash function 221 and character set 223 for deriving a new application password meeting specific password requirements); and
hashing the biometric key based on the different hash value and the different hash function to generate a different hashed biometric key (¶0036, “The generation engine 114 may repeatedly generate application passwords with different keys 210 and/or different derivation parameters 220 until the generated application password 202 meets the character-specific password constraint or other password requirements”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi’s system for generating biometric keys by enhancing Paddon in view of Shi’s biometric key to be hashed via a hash function and hash value selected based on a predetermined interval, such as round-robin, as taught by Hu, in order to enhance the security of the biometric key prior to being utilized and/or stored.
The motivation is to utilize hashing techniques that are not only dependent on authentication factors of an individual, but are resistant to the generation of weak hashes. Potentially utilizing multiple unique hash functions and hash values ensures that a strong hash is generated, reducing the likelihood an attacker may mount successful attacks (e.g., rainbow tables) against generated hashes.
Regarding Claim 5:
The method of claim 1, Paddon in view of Shi in further view of Hu further comprising storing the biometric key (Paddon, Fig. 2 details element 216 (used to generate biometric keys) is located in storage medium element 208).
Regarding Claim 6:
The method of claim 1, wherein Paddon in view of Shi in further view of Hu further teaches the character string is generated based on the plurality of biological characteristics (Shi, ¶0021, “For example, the collected texture information may include fingerprint information of different fingers of the user”).
The motivation to reject claim 6 by applying Shi to Paddon is the same motivation applied to the rejection of claim 1 above.
Regarding Claims 9 and 13:
Computer-readable storage medium claims 9 and 13 correspond to respective method claims 1 and 6, and contain no further limitations. Therefore claims 9 and 13 are rejected by applying the same rationale used to reject claims 1 and 6 above, respectively.
Regarding Claims 15, 19, and 20:
Computing apparatus claims 15, 19, and 20 correspond to respective method claims 1, 5, and 6, and contain no further limitations. Therefore claims 15, 19, and 20 are rejected by applying the same rationale used to reject claims 1, 5, and 6 above, respectively.
Claim(s) 2-4, 10-12, and 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 2017/0005794) in view of “Shi” (US 2017/0177847) in view of “Hu” (US 2018/0248689) in further view of “Kaufman” (US 5666415).
Regarding Claim 2:
Paddon in view of Shi in further view of Hu teaches:
The method of claim 1, …
Paddon in view of Shi in further view of Hu does not disclose:
… wherein a salt value is associated with the first time interval, the method further comprising: selecting a different salt value based on the second time interval.
Kaufman teaches:
… wherein a salt value is associated with the first time interval (Col. 7, lines 32-34, “As the nonce changes each time access is requested …”; i.e., the examiner interprets “each time access is requested” as being an “triggering event”, which is defined as being a predetermined time interval at paragraph 39 of Applicant’s Specification), the method further comprising: selecting a different salt value based on the second time interval (Col. 7, lines 32-34, “As the nonce changes each time access is requested …”; i.e., select a different salt value upon a receiving a subsequent access request).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in further view of Hu’s system for generating biometric keys by enhancing Paddon in view of Shi in further view of Hu’s method of hashing a biometric key to utilize a salt value, as taught by Kaufman, in order to enhance the security of the biometric key.
The motivation is to utilize a salt with a hash function to improve the security of a resultant hash, such as a hashed biometric key, such that the hashed biometric key is more robust against brute force attacks.
Regarding Claim 3:
The method of claim 2, Paddon in view of Shi in view of Hu in further view of Kaufman further comprising: applying the different salt value to the hashed biometric key to generate a salted and hashed biometric key (Kaufman, Col. 7, lines 30-42, “… and concatenates the current nonce, R, to the value”; i.e., salt the hashed password with currently generated a nonce value based on the time of the request received).
The motivation to apply Kaufman to the combination of Paddon, Shi, and Hu for the rejection of claim 3 is the same rationale applied in the rejection of claim 2 above.
Regarding Claim 4:
The method of claim 2, wherein Paddon in view of Shi in view of Hu in further view of Kaufman further teaches salt is applied to the hashed biometric key to generate a salted and hashed biometric key (Kaufman, Col. 7, lines 30-42, “… and concatenates the current nonce, R, to the value”; i.e., salt the hashed password with currently generated a nonce value based on the time of the request received).
The motivation to apply Kaufman to the combination of Paddon, Shi, and Hu for the rejection of claim 4 is the same rationale applied in the rejection of claim 2 above.
Regarding Claims 10-12:
Computer-readable storage medium claims 10-12 correspond to respective method claims 2-4, and contain no further limitations. Therefore claims 10-12 are rejected by applying the same rationale used to reject claims 2-4 above, respectively.
Regarding Claims 16-18:
Computer-readable storage medium claims 16-18 correspond to respective method claims 2-4, and contain no further limitations. Therefore claims 16-18 are rejected by applying the same rationale used to reject claims 2-4 above, respectively.
Claim(s) 7 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 2017/0005794) in view of “Shi” (US 2017/0177847) in view of “Hu” (US 2018/0248689) in further view of “Fukuda” (US 2019/0384904).
Regarding Claim 7:
Paddon in view of Shi in further view of Hu teaches:
The method of claim 6, … wherein the character string comprises a plurality of alphanumeric characters (Shi, ¶0024, “… the feature value may include a number, a letter …”; i.e., create a string of character values that represent biometric features of a user)…
The motivation to reject claim 6 by applying Shi to Paddon is the same motivation applied in the rejection of claim 1.
Paddon in view of Shi in further view of Hu does not disclose:
… wherein the … string comprises … a plurality of substrings, wherein a respective length of each substring is one of two or more different substring lengths.
Fukuda teaches:
… wherein the … string (Fig. 10, “Combined Bit String”) comprises … a plurality of substrings (Fig. 10 details that Bit substrings 1, 2, 3, 4, … n are used to generate the “Combined Bit String”), wherein a respective length of each substring is one of two or more different substring lengths (Fig. 6, steps S603-S608 & S610 detail, for each feature vector of a biometric, obtaining the number of elements v[i] and creating a bit string of a length corresponding to the number of those elements. Thus, the created bit strings are variable from each other based on the elements of their corresponding feature vectors).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in further view of Hu’s system for generating biometric keys by enhancing Paddon in view of Shi in further view of Hu’s generation of a character string that includes substrings to incorporate substrings that vary in length based on the elements of their corresponding biometric features, as taught by Fukuda, in order to create varied strings that more accurately portray a biometric scan.
The motivation is to enable Paddon in view of Shi in further view of Hu’s system to create a biometric key from a string that comprises varied-length substrings, each substring corresponding to a number of elements for a corresponding biometric feature vector. Enabling the create of a string from varied substrings allows the system to represent elements of biometric features in a more accurate manner, by including as many (or all) of the elements as scanned without artificially shrinking, or reducing, the substring length.
Regarding Claim 14:
Computer-readable storage medium claim 14 corresponds to method claim 7, and contains no further limitations. Therefore claim 14 is rejected by applying the same rationale used to reject claim 7 above.
Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Paddon” (US 2017/0005794) in view of “Shi” (US 2017/0177847) in view of “Hu” (US 2018/0248689) in view of “Fukuda” (US 2019/0384904) in further view of “Arad” (US 2018/0373885).
Regarding Claim 8:
Paddon in view of Shi in view of Hu in further view of Fukuda teaches:
The method of claim 7, …
Paddon in view of Shi in view of Hu in further view of Fukuda does not disclose:
… wherein the character string is character delimited and space delimited.
Arad teaches:
… wherein the character string is character delimited and space delimited (¶0053, “… the authentication token may be a string of randomly generated characters that are designed to be difficult to guess … The term “token” is not limited to a single sequence of characters delimited by white space…”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Paddon in view of Shi in view of Hu in further view of Fukuda’s system for generating biometric keys by enhancing Paddon in view of Shi in view of Hu in further view of Fukuda’s character string to be character delimited and space delimited, as taught by Arad, in order to create a character string that is difficult to guess.
The motivation is to delimit a character string by characters and spaces by utilizing white space and random characters to result in the characters string being difficult to guess by an unaffiliated entity (Arad, ¶0053, “… the authentication token may be a string of randomly generated characters that are designed to be difficult to guess…”) which enhances the security of the system by strengthening authentication of a user associated with the character string.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329. The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached on 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491
Prosecution Insights