DETAILED ACTION
This Office Action is in response to the application 18/838,520 filed on August 14th, 2024.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 08/14/2024, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C 103 as being unpatentable over Park et al. (Park), U.S. Pub. Number 2020/0382494, in view of Herder III et al. (Herder_III), U.S. Pub. Number 2019/0356491.
Regarding claim 1; Park discloses a method comprising:
generating, by a second user device, a second public key and a second private key of a second public-private key pair (par. 0076; fig. 3; generate a private key and a public key of the user according to a key generation method of a public key-based encryption algorithm.);
transmitting, by the second user device, the second public key to a first user device, which stores an encrypted biometric template, the encrypted biometric template being a biometric template encrypted with a first public key of a first public-private key pair, wherein the first user device encrypts the encrypted biometric template with the second public key to form a double encrypted biometric template (par. 0080; fig. 3; transmit a biometric information registration request including the ciphertext for the registration target biometric template, the user’s public key, and the double ciphertext for the user’s private key to the server 120.);
receiving, by the second user device, the double encrypted biometric template from the first user device (par. 0086; fig. 3; store ciphertext for the registration target biometric template, the user’s public key, and the double ciphertext for the user’s private key.);
decrypting, by the second user device, the double encrypted biometric template using the second private key to obtain the encrypted biometric template (par. 0109; acquire the registered biometric template by decrypting the ciphertext for the registered biometric template using the user’s identification information.);
determining, by the second user device, a test biometric template and encrypting the test biometric template (par. 0110; decrypt the ciphertext for registered biometric template using a symmetric key-based encryption algorithm, such as an AES algorithm, a DES algorithm, in which an encryption key for encrypting plaintext is the same as a decryption key of ciphertext encrypted using the corresponding encryption key.);
comparing, by the second user device, the encrypted test biometric template and the encrypted biometric template to obtain an encrypted biometric match score (par. 0095; compare the registered biometric template and the authentication target biometric template and determine whether the registered biometric template and the authentication target biometric template are biometric information for the same user; for instance, determine similarity between the registered biometric template and the authentication biometric template.).
Park fails to explicitly disclose transmitting, by the second user device, the encrypted biometric match score to a server computer, wherein the server computer decrypts the encrypted biometric match score to obtain a biometric match score, and allowing the second user device to perform a process if the biometric match score exceed a threshold.
However, in the same field of endeavor, Herder_III discloses system and method for securing personal information via biometric public key comprising transmitting, by the second user device, the encrypted biometric match score to a server computer, wherein the server computer decrypts the encrypted biometric match score to obtain a biometric match score, and allowing the second user device to perform a process if the biometric match score exceed a threshold (Herder: par. 0215; fig. 21; if templates I and II match above the predetermined confidence threshold 2112, then each device will have a secret session key as an output of the protocol that they can use for secure communications, such as for allowing user data stored on Device 1 to be securely transferred to Device 2; if templates I and II do not match 2112, then no session key is output.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Herder_III into the apparatus and method of Park comprising transmitting, by the second user device, the encrypted biometric match score to a server computer, wherein the server computer decrypts the encrypted biometric match score to obtain a biometric match score, and allowing the second user device to perform a process if the biometric match score exceed a threshold to verify the identity or authority of the user using biometric data of the user without the need for non-transient storage of the biometric data (Herder_III: par. 0002).
Regarding claim 2; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the encrypted biometric template is encrypted by the first user device using a homomorphic encryption scheme (Park: par. 0109; decrypting the ciphertext for the registered biometric template using the user’s identification information.).
Regarding claim 3; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the second public key is transmitted to the first user device via the server computer (Park: par. 0043; each of terminals 110-1, 110-2, and 110-n may be a device that provides biometric authentication information to a user in association with the server 120 through a wired or wireless network.).
Regarding claim 4; Park and Herder_III disclose the method of claim 1, wherein Herder_III further discloses the test biometric template is encrypted with the first public key of a first public-private key-pair (Herder_III: par. 0136; a public/private key pair for performing an asymmetric encryption algorithm.).
Regarding claim 5; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the test biometric template is derived from a facial scan, a fingerprint scan, a palm print, an iris scan, or a voice print (Park: par. 0045; biometric information of the user through one or more input devices, including various types of biometric recognition sensors, such as a camera, a fingerprint recognition sensor.).
Regarding claim 6; Park and Herder_III disclose the method of claim 1, wherein Herder_III further discloses the server computer decrypts the encrypted biometric match score using a first private key of the first public-private key pair (Herder_III: par. 0136; a public/private key pair for performing an asymmetric encryption algorithm.).
Regarding claim 7; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the first user device is a mobile phone of a user and the second user device is a wearable device of the user (Park: par. 0044; a smartphone.).
Regarding claim 8; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the first user device is a current mobile phone of a user and the second user device is a new mobile phone of the user (Park: par. 0044; a smartphone.).
Regarding claim 9; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the server computer generates the first public-private key pair, and wherein the double encrypted biometric template is received by the second user device via the server computer, and the server computer stores the double encrypted biometric template (Park: par. 0078; generating biometric information may generate ciphertext for the registration target biometric template and double ciphertext for the user’s private key using the user’s identification information.).
Regarding claim 10; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the server computer generates the first public-private key pair, and wherein the method further comprises: receiving, by the first user device, the first public key from the server computer (Park: par. 0080; transmit biometric information registration request including the ciphertext for registration target biometric template, the user’s public key, and the double ciphertext for the user’s private key to the server 120.); collecting, by the first user device, the biometric template; and encrypting, by the first user device, the biometric template with the first public key to form the encrypted biometric template (Park: par. 0047; registers and manages biometric information of the user and authenticates the user based on the biometric information matching result obtained from each terminal 110-1, 110-2, and 110-n.).
Regarding claim 11; Park and Herder_III disclose the method of claim 1, wherein Herder_III further discloses the server computer is remotely located with respect to the first user device and the second user device (Herder_III: par. 0171; standard remote attestation.).
Regarding claim 12; Park and Herder_III disclose the method of claim 1, wherein Herder_III further discloses the server computer is remotely located with respect to the first user device and the second user device, and the first user device and the second user device are proximate to each other (Herder_III: par. 0072; remote system for non-transitory storage of digital data.).
Regarding claim 13; Park and Herder_III disclose the method of claim 1, wherein Herder_III further discloses the second user device transmits the second public key directly to the first user device using a short range communication medium (Herder_III: par. 0181; shortcomings of cold wallets, particularly in the context of multiple-party authentication.).
Regarding claim 14; Park and Herder_III disclose the method of claim 1, wherein Park further discloses the second public key is transmitted to the first user device, and the double encrypted biometric template is received by the second user device from the first user device during a trusted communication session (Park: par. 0115; biometric authentication may transmit the electronic signature and the biometric information matching result to the server 120.).
Regarding claim 15; Claim 15 is directed to a second user device which has similar scope as claim 1. Therefore, claim 15 remains un-patentable for the same reasons.
Regarding claim 16; Claim 16 is directed to the second user device of claim 15 which has similar scope as claim 2. Therefore, claim 16 remains un-patentable for the same reasons.
Regarding claim 17; Claim 17 is directed to the second user device of claim 15 which has similar scope as claim 3. Therefore, claim 17 remains un-patentable for the same reasons.
Regarding claim 18; Claim 18 is directed to the second user device of claim 15 which has similar scope as claim 4. Therefore, claim 18 remains un-patentable for the same reasons.
Regarding claim 19; Claim 19 is directed to a method which has similar scope as claim 1. Therefore, claim 19 remains un-patentable for the same reasons.
Regarding claim 20; Claim 20 is directed to the method of claim 19 which has similar scope as claim 9. Therefore, claim 20 remains un-patentable for the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHOI V LE/
Primary Examiner, Art Unit 2436