Privacy-Preserving Biometric Authentication

§102 §103 §DP

DETAILED ACTION This action is in response to the amendment filed on October 16, 2025. Claims 1 and 10 have been amended and Claims 19-21 have been previously canceled. Claims 1-18 are pending. Of such, Claims 1-9 represent a method and claims 10-18 represent a system directed to privacy-preserving biometric authentication. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on October 16, 2025 has been entered. Double Patenting The double patenting rejection has been withdrawn in view of the Terminal Disclaimer submitted on October 16, 2025. Response to Arguments Applicant's arguments filed October 16, 2025 have been fully considered but they are not persuasive. On pages 7-8 of the Remarks, the applicant states that Patey fails to disclose a method for authentication and rather discloses filtering because the applicant claims that Patey does not disclose a yes/no determination for “whether the subject is authenticated as an individual”. This argument is not persuasive. Patey discloses the concept of biometric authentication and authenticating an individual by comparing the biometric capture to a previously captured biometric obtained during enrollment. In ¶ 52, Patey discloses “A user wanting to authenticate himself goes to the authentication station. The method carries out a biometric capture on the user. This capture can be carried out in a manner similar to that of the step of obtaining SENSE of the corresponding method of enrolment. This biometric capture is supposed to correspond to a biometric print of the user that the user captured beforehand during an enrolment phase, having led to the distributed storage of this prior biometric print on the N servers. This is at least what the secure access method aims to establish. The method then carried out an extraction of an approximated short representation (qualified hereinbelow as a first approximated short representation) corresponding to the captured biometric print.” And further in ¶ 105 “The method then comprises (after regenerating pertinent biometric data by the obtaining electronic circuit GEN_FGPRN) a comparison of the candidate biometric print with each one of the prints of all of the biometric prints generated using the shares received. If one of them is the correct one, the user is authenticated, otherwise (if none of the biometric prints correspond), the user is not authenticated.” Patey explicitly discloses the concept of biometric authentication. Patey further discloses the use of multiple servers to identify the individual (multi-party computation). Patey does use the terminology of “filtering” however that terminology references an distance algorithms used when comparing the biometric template obtained from enrollment to the authentication template (see Patey ¶ 61). On pages 9-17, the applicant states that Teranishi states that the same device must be used for both enrollment and authentication and that Teranishi requires device authentication to occur in every embodiment. This argument is not persuasive. The concept of apparatus authentication as disclosed by Teranishi occurs after the user authentication has taken place. The concept of apparatus authentication may be disclosed in every embodiment however there is not a requirement of apparatus authentication to occur prior to user authentication. The claimed limitations as disclosed in the instant application is related to the concept of user authentication using biometric samples. The Teranashi reference, references only the user authentication concepts as the device authentication does not have bearing on the claims. The examiner acknowledges Teranishi does disclose the concept the verification information as well as the authentication information captured by the same computing facility (i.e. Acquisition Part (4111)). However, Teranishi does disclose the concept of the verification information and authentication information captured by two distinct computer facilities. Teranishi does in fact disclose in Col. 31, lines 2-15, a “dedicated machine for recording verification information…in advance”. The applicant states that Teranishi fails to disclose the operation of the dedicated machine, how the recorded verification information of the new recruits is handled after it is recorded. However, in Col 31, Teranishi discloses a dedicated machine for recording verification information in advance would follow the same procedure of capturing the verification information, splitting the information into shares, and distributing the information to assistance devices to be later used for authenticating an individual. The “dedicated machine for recording verification information” requires a transducer (i.e. first transducer) to capture the verification information. Thus, Teranishi does in fact disclose the concept of two different and distinct devices capable to capturing the enrollment information and performing authentication of the user. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-3, 8, 10-12 and 17 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Teranishi et al. (US 11063941), hereinafter referred to as Teranishi. Regarding Claim 1, Teranishi discloses: A method for using biometric data to authenticate a subject as an individual (In the abstract, Teranishi discloses “An authentication system is provided with: a user device; user side assistance device(s) to assist user authentication that authenticates a user of the user device”) whose biometric data have been previously obtained using an enrollment computing facility that is coupled to a first transducer (In Col 31, Line 2, Teranishi further discloses “In the present exemplary embodiment, in user authentication advance preparation the user 44 records verification information in advance. Various methods may be used as a method of recording the verification information in advance. FIG. 4 shows a case where the verification information is recorded in advance by using the acquisition part 4111 of the user device 41. However, in a case where, for example, a company records all new recruits together in an authentication system, a dedicated machine for recording the verification information may be prepared and used to perform recording in advance in the verification part.”), the method utilizing computer processes comprising: under a condition wherein enrollment shards have been generated from the individual's biometric data received from the first transducer (In Col 31, Line 27, Teranishi discloses “Step 513: a verification information distribution part 41222 inputs verification information and the number M of user side assistance devices 43, and outputs distributed shares v[0], v[1], . . . , v[M] of the verification information.”) and distributed to a first plurality of servers in an array of servers (In Col 31, Line 34, Teranishi discloses “Step 515: the assistance communication part 4141 of the communication part 414 transmits the distributed share v[1] to the user side assistance device 43[1], and . . . , distributed share v[M] to the user side assistance device 43[M].”): causing generation of authentication shards from a digital electronic signal characterizing a biometric of the subject (In Col 32, Line 27, Teranishi discloses “Step 713: the authentication information distribution part 41212 inputs authentication information and the number M of user side assistance devices 43, and outputs distributed shares s[0], s1], . . . , s[M] of the authentication information.”), such signal obtained using an authentication computing facility that is coupled to a second transducer (In Col 32, Line 22, Teranishi discloses “Step 711: the acquisition part 4111 obtains user unique information from the user 44.”) that is distinct from the first transducer (In Col 31, lines 2-15, Teranishi disclose “a dedicated machine for recording verification information…in advance” further in Figure 4, Teranishi discloses two different acquisition parts (4111)) and causing distribution of the authentication shards to a second plurality of servers in the array of servers (In Col 32, Line 31, Teranishi discloses “Step 714: for i=1, . . . , M, the assistance communication part 4141 of the communication part 414 transmits the distributed share s[i] of the authentication information to the user side assistance device 43[i].”); causing performance of a data exchange process, which includes multiparty computation that involves direct communication among a subset of servers in the array and that also involves a subset of enrollment shards and a subset of the authentication shards to develop authentication information relating to authentication of the subject (In Col 32, Line 59, Teranishi discloses “For i=1, . . . , M, the user side assistance device 43[i] inputs distributed share s[i] of the authentication information, distributed share v[i] of the verification information, advance computation data p[i] (if it exists), and verification protocol for user authentication, to the user side assistance device user authentication MPC part 4311[i]. In this way, “user authentication MPC” is executed. As an execution result, the user device 41 obtains the user authentication result share a[0]. For i=1, . . . M, the user side assistance device 43[i] obtains the user authentication result share a[i]. It is to be noted that details of the “user authentication MPC” are described later.” and further discloses in Col 25, Line 30, Teranishi discloses “The i-th user side assistance device performs user authentication by using v[i], f[i], the authentication information derivation algorithm, the verification information derivation algorithm, and the user authentication algorithm to perform MPC while carrying out intercommunication with other user side assistance devices.”); and following development of the authentication information, causing processing of the authentication information to generate an output value indicating whether the subject is authenticated as the individual (In Col 38, Line 14, Teranishi discloses “an authentication result is outputted. The user side assistance device 43[1] transmits GC to the user device 41 using the communication part 433[1].”). Regarding Claim 2, Teranishi discloses: A method according to claim 1, wherein the computer processes are performed by computing entities configured as information-sharing restricted with respect to a set of items of information selected from the group consisting of the output value, the digital electronic signal, the individual's biometric data, the subject's biometric, the authentication shards, and combinations thereof (In Col 37, Line 17, Teranishi discloses “In the present exemplary embodiment, by employing a server machine as the user side assistance device, deviation from the MPC protocol by the user side assistance device is prevented. At this time, the user device only creates a legitimacy proof, and it is possible to omit generation of legitimacy proof by the server side assistance device.”). Regarding Claim 3, Teranishi discloses: A method according to claim 1, wherein the data exchange process includes the multiparty computation under conditions wherein none of the servers in the array of servers obtains intermediate values of the multiparty computation. (In Col 25, Line 30, Teranishi discloses “The i-th user side assistance device performs user authentication by using v[i], f[i], the authentication information derivation algorithm, the verification information derivation algorithm, and the user authentication algorithm to perform MPC while carrying out intercommunication with other user side assistance devices.”) Regarding Claim 8, Teranishi discloses: A method according to claim 1, wherein causing distribution of the authentication shards includes extracting a confident subset of a set of biometric values of the subject in the digital electronic signal. (In Col 29, Line 54, Teranishi discloses “The authentication information derivation part 41211 and the verification information derivation part 41221 extract a characteristic amount of biometric information from the image data, and use the extracted characteristic amount as the authentication information and verification information.”) Claims 10-12 and 17 are directed to a system having functionality corresponding to the method of Claims 1-3 and 8 respectively, and is rejected by a similar rationale, mutatis mutandis. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 4-7 and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Teranishi et al. (US 11063941), hereinafter referred to as Teranishi, in view of Al Shahri et al (NPL: A secure network access protocol (SNAP)), hereinafter referred to as Al Shahri. Regarding Claim 4, Teranishi discloses the limitations of Claim 1. However, Teranishi does not explicitly teach the limitation of generation of new shares. Al Shahri discloses: wherein a selected group of the array of servers causes generation of new shards based on the authentication shards. (In section 4.1, Al Shahri discloses “The share revocation mechanism is important if the NSM is required to update or inform the network nodes about share revocation by providing new shares to be used instead of old shares.”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Al Shahri’s approach of revocation of shares as the motivation would be not only the use of multi-party computation to reduce the load and increase efficiency across multiple nodes as well as protecting the data (shares) by allowing for revocation if compromised (see Al Shahri section 4). Regarding Claim 5, Teranishi discloses the limitations of Claim 1. However, Teranishi does not explicitly teach the limitation of revocation of shares. Al Shahri discloses: Wherein, a shard is revocable by a revocation process that includes the data exchange process (In section 4.1, Al Shahri discloses “The share revocation mechanism is important if the NSM is required to update or inform the network nodes about share revocation by providing new shares to be used instead of old shares.”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Al Shahri’s approach of revocation of shares as the motivation would be not only the use of multi-party computation to reduce the load and increase efficiency across multiple nodes as well as protecting the data (shares) by allowing for revocation if compromised (see Al Shahri section 4). Regarding Claim 6, the combination of Teranishi and Al Shahri disclose the limitations of Claim 5. However, Teranishi does not explicitly teach the limitation of revocation of shares. Al Shahri discloses: Wherein the revocation process includes performing the data exchange process using a subset of the subset of authentication shards from a subset of the array of servers (In section 4.1, Al Shahri discloses “Thereafter, the AC is divided into n pieces (shares) and distributed to n selected nodes among the network nodes such that a quorum of k nodes is qualified to reconstruct the secret share from their shares.”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Al Shahri’s approach of revocation of shares as the motivation would be not only the use of multi-party computation to reduce the load and increase efficiency across multiple nodes as well as protecting the data (shares) by allowing for revocation if compromised (see Al Shahri section 4). Regarding Claim 7, the combination of Teranishi and Al Shahri disclose: A method according to claim 6, wherein performing the data exchange process includes separately processing, by each server, its enrollment shards of the individual along with its authentication shards of the subject to generate a new set of shards, the new set of shards constituting the output value. (In Col 32, Line 59, Teranishi discloses “For i=1, . . . , M, the user side assistance device 43[i] inputs distributed share s[i] of the authentication information, distributed share v[i] of the verification information, advance computation data p[i] (if it exists), and verification protocol for user authentication, to the user side assistance device user authentication MPC part 4311[i]. In this way, “user authentication MPC” is executed. As an execution result, the user device 41 obtains the user authentication result share a[0].”) Claims 13-16 are directed to a system having functionality corresponding to the method of Claims 4-7 respectively, and is rejected by a similar rationale, mutatis mutandis. Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Teranishi et al. (US 11063941), hereinafter referred to as Teranishi, in view of Carmignani et al. (US 2020/0259638), hereinafter referred to as Carmignani. Regarding Claim 9 Teranishi discloses the limitations of Claim 1: However, Teranishi does not disclose the storing of future data. Carmignani discloses: wherein the computer processes further comprise: receiving and storing by the second plurality of servers in the array of servers a set of values to enable efficient subsequent generation of shards including receiving and storing items selected from the group consisting of Beaver triples, authentication shares, message authentication code shards, random shards, other shards, and combinations thereof. (In ¶ 120, Carmignani discloses “At operation 448, each generated new set of authentication circuit information ACI.sub.Cid_1, . . . , n for each new unique circuit identifier C.sub.id may be sent as a portion data 448d to respective nodes 70.sub.1, . . . , for storing each new set of authentication circuit information ACI.sub.Cid_1, . . . , n with publication keys pk.sub.u and pk.sub.d for enabling additional authentication attempts by the enrolled user and device in the future.”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Teranishi’s approach by utilizing Carmignani’s approach of storing future shards as the motivation would be enhance the efficiency of the process by storing data for future authentication (see Carmignani ¶ 120). Claim 18 is directed to a system having functionality corresponding to the method of Claims 9, and is rejected by a similar rationale, mutatis mutandis. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Chung et al. (US 20210167947) discloses a method for secret sharing authentication information. Ruffino et al. (US 20220286283) discloses secret sharing and recreation of authentication information. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHADI H KOBROSLI/ Examiner, Art Unit 2492 /AMIR MEHRMANESH/ Supervisory Patent Examiner, Art Unit 2491