DETAILED ACTION
Acknowledgements
The amendment filed 3/16/2026 is acknowledged.
Claims 1, 9, 11, 14, 21, 35, 37-39, 41-45, 58-60 and 70-71are pending.
Claims 43-45 and 58-60 are withdrawn.
Claims 1, 9, 11, 14, 21, 35, 37-39, 41-42 and 70-71 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant’s election with traverse of Group I, claims 1, 9, 11, 14, 21, 35, 37-39, 41-42 and 70-71 in the reply filed on 03/16/2026 is acknowledged.
Claims 43-45 and 58-60 are withdrawn from consideration as being directed to a non-elected invention. See 37 CFR 1.142(b) and MPEP § 821.03.
Applicant timely traversed the restriction (election) requirement in the reply filed on 03/16/2026. The traversal is on the ground(s) that no “excessive burden” exists on examining the groups together because “the claims and/or subject matter are believed to bear sufficient relationship”. This is not found persuasive because the groups were shown to be distinct for the reasons given in the Restriction Requirement mailed on 01/16/2026 and have acquired a separate status in the art because of their recognized divergent subject matter, restriction for examination purposes as indicated is still deemed proper and is therefore made FINAL.
Claim Objections
Claim 37 recites “A security module, comprising:...a plurality of security devices as claimed in claim 1, connected to the at least one USB/UART hub...”. Claim 1 recites “A security device, comprising: a body complying to an ISO/IEC 7810 standard; a security controller (SC)...”. It is unclear to one of ordinary skill in the art that claim 37 claims the security module or security device. For the purpose of the examination, claim 37 is interpreted as an independent claim that is directed to a security module.
Claim 41 recites “A security vault, which includes a plurality of security modules as claimed in claim 39, ...” Claim 39 recites “The security module of claim 38, wherein the security devices are removably connectable to the security module, and in which each of the security devices are uniquely addressable by the controller via the Ethernet interface.” It is unclear to one of ordinary skill in the art whether claim 41 claims the security vault or security module. For the purpose of the examination, claim 41 is interpreted as an independent claim that is directed to a security vault.
Claim 42 recites limitation “A method of accessing security device,...addressing a single security device in the security vault as claimed in claim 41;” Claim 41 recites “A security vault, which includes...” It is unclear to one of ordinary skill in the art whether claim 42 claims a method or a security vault. For the purpose of the examination, claim 42 is interpreted as an independent claim that is directed to a method.
Claim 70 recites “A system comprising: one or more computers, processors, devices and/or computer readable media, one or more of which contain and/or are configured to execute computer-readable instructions, the computer-readable instructions comprising instructions that, upon when execution by at least one processor, cause the at least one processors to: perform a method of accessing the security device of claim 21.” Claim 21 recites “The security device of claim 14,...” Therefore, it is unclear to one of ordinary skill in the art whether the claim 70 claims a system or security device.
Claims 70-71 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim is directed to a transitory signal as recites “A system comprising: one or more computers, processors, devices and/or computer readable media, ...” rather than “memory”. “computer readable media” is broad enough to include transitory signals.
Transitory signals are defined according to the "Microsoft Press Dictionary Definition" or "IEEE Definition". According to MPEP § 2106, however, there are four categories of invention: process, machine, article of manufacture or composition of matter. Therefore, as "transitory signals" are neither a category of invention nor a subset of one of the categories it does not represent patent eligible subject matter. In re Nuijten, Docket no. 2006-1371 (Fed. Cir. Sept. 20, 2007) (slip. op. at 18).
Similarly, claim 71 is directed to a transitory signal as claim 71 recites “computer readable media” rather than "non-transitory computer readable media . . . .” “Computer readable media” is broad enough to include transitory signals.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 11, 14, 21, 35 and 70 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Insufficient Antecedent Basis
Claim 11 recites “...a display connected to the processor,…” in line 3 of claim 11. There is insufficient antecedent basis for this limitation in the claim.
Claim 21 recites “wherein the Micro Controller Unit (MCU) and the security controller (SC) are operable to manage the seed key ...” in line 2 of claim 21. There is insufficient antecedent basis for this limitation in the claim.
Claims 14, 21, 35 and 70 are also rejected as each depends from claims 11 and 21.
Claim Rejections - 35 USC §102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless -
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 37-39 and 41 are rejected under 35 U.S.C. 102 as being anticipated by US Grant Publication US11018861B2 (“Lo Conte”).
Regarding claim 37, Lo Conte discloses:
A security module, (¶0006; claim 1) comprising:
a controller in the form of a single-board computer; (Fig. 4; col 7 lines 4-27)
at least one Universal Serial Bus (USB)/UART hub to which a number of USB/UART devices are connectable; (Fig. 6; col 8 lines 7-29)
an Ethernet interface to which a plurality of Ethernet devices are connectable; (Fig. 7)
a plurality of security devices as claimed in any one of claim 1, connected to the at least one USB/UART hub. (Fig. 6; col 8 lines 7-29)
Regarding claim 41 Lo Conte et al. discloses:
A security vault, which includes a plurality of security modules as claimed in claim 39, connected via an Ethernet interface. (Fig. 7; col 8 lines 36-53)
Regarding claim 38, Lo Conte discloses all limitations as described above. Lo Conte further discloses:
a plurality of USB/UART hubs, each of the plurality of USB/UART hubs being connectable to a plurality of USB/UART devices. (Fig. 6; col 8 lines 7-29)
Regarding claim 39, Lo Conte discloses all limitations as described above. Lo Conte further discloses:
wherein the security devices are removably connectable to the security module, and in which each of the security devices are uniquely addressable by the controller via the Ethernet interface. (Fig. 6; col 8 lines 7-29)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over US Application Publication US20190020651A1 (“Soon-Shiong et al.”) in view of US Grant Publication US10313317B2 (“O’Regan et al.”).
Regarding claim 1, Soon-Shiong et al. discloses:
A security device, (Fig. 1 item 110) comprising:
a body complying to an ISO/IEC 7810 standard; (Fig.1 item 110; ¶0057)
a security controller (SC) arranged as a master processor, (Fig. 1 items 140 and 160)
a Bluetooth interface, connected to the security controller, operable to exchange data between the security controller and an external matched Bluetooth interface; and (Fig. 1 items 120 and 170; ¶0039)
Soon-Shiong et al. does not explicitly discloses:
the security controller operable to generate at least one secure random number from a seed generated from a feature vector of a user, the secure random number being in the form of an asymmetric cryptographic key pair known as Public/Private keys;
a biometric reader, operable to generate the seed for the secure random number, the seed being generated from a homomorphically encrypted feature vector of a biometric feature of a person.
However, O’Regan et al. discloses:
the security controller operable to generate at least one secure random number from a seed generated from a feature vector of a user, the secure random number being in the form of an asymmetric cryptographic key pair known as Public/Private keys; (col 17 line 65 – col 18 line 16; claim 14)
a biometric reader, operable to generate the seed for the secure random number, the seed being generated from a homomorphically encrypted feature vector of a biometric feature of a person.(Fig. 10; claims 14, 18 and 19)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Synthetic Genomic Variant-based Secure Transaction Devices, Systems and Methods of Soon-Shiong et al. by including deriving a seed for random number generator from biometric feature vector of a person and encrypting the seed in accordance with the teaching of O’Regan et al.. This modification improves the security of data accessing as user authentication is tied to user’s biometric data and the biometric data is securely guarded with encryption.
Claim 42 is rejected under 35 U.S.C. 103 as being unpatentable over US Grant Publication US11018861 B2 (“Lo Conte”) in view of US Application Publication US20190020651A1 (“Soon-Shiong et al.”), US Grant Publication US10313317B2 (“O’Regan et al.”), and in further view of US Application Publication US20070084925A1 (“Palmade”) .
Regarding claim 42, Lo Conte discloses:
A method of accessing a security device,(col 4 lines 10-20)
the security device (Fig 1a item 11) comprising:
a security controller (SC) arranged as a master processor, (Fig. 5 item 1221; col 7 lines 36-47)
a Micro Controller Unit (MCU), a USB interface, a UART interface, (Figs. 5-6);
wherein the Micro Controller Unit (MCU) and the security controller (SC) are operable for managing the seed key and private and public key pairs, said managing comprising: (col 5 lines 18-30)
creating, storing and using of a master seed key; (col 5 lines 18-47)
creating, storing and using blockchain private and public key pairs; (col 5 lines 18-47)
the method comprising;
providing a plurality of security devices connected together; (Fig. 1b; col 4 lines 28-30)
addressing a single security device in the security vault as claimed in claim 41; (Fig. 6; col 8 lines 7-29)
writing and reading data from the security device via an Ethernet interface and a USB/UART interface. (Fig. 6; col 8 lines 7-29)
Lo Conte does not explicitly disclose:
a body complying to an ISO/IEC 7810 standard;
the security controller operable to generate at least one secure random number from a seed generated from a feature vector of a user, the secure random number being in the form of an asymmetric cryptographic key pair known as Public/Private keys;
a Bluetooth interface, connected to the security controller, operable to exchange data between the security controller and an external matched Bluetooth interface;
a biometric reader, operable to generate the seed for the secure random number, the seed being generated from a homomorphically encrypted feature vector of a biometric feature of a person;
a display connected to the processor, operable to display data from the processor;
one or more of an ISO/IEC 7816 compliant interface (contact interface), an ISO/IEC 14443 compliant interface (contactless interface) and a Universal Serial Bus (USB) compliant interface, universal asynchronous receiver/ transmitter compliant interfaces (UART) additionally connected to the security controller, the interfaces operable to exchange data between the security controller and a matched interface device and being connected to the MCU;
an Apple Authentication coprocessor and a light emitting diode (LED), wherein the MCU is connected to a biometric reader, to the display, to the Bluetooth interface, to the USB/UART interface, to the Apple Authentication coprocessor and/or to a light emitting diode (LED);
creating a backup of the master seed key:
creating a backup of feature vectors of a user;
creating a backup of feature vectors of successor users;
retrieving a master seed key by means of the feature vector of a user;
creating multiple biometric feature vectors;
enrolling multiple biometric feature vectors;
comparing scanned biometric features with previously stored biometric feature vectors; and
updating previously stored biometric features with newly scanned biometric feature vectors:
However, Soon-Shiong et al. discloses:
the security device comprising:
a body complying to an ISO/IEC 7810 standard; (Fig.1 item 110; ¶0057)
a Bluetooth interface, connected to the security controller, operable to exchange data between the security controller and an external matched Bluetooth interface; (Fig. 1 items 120 and 170; ¶0039)
a display connected to the processor, operable to display data from the processor; (¶¶0057-58)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify System and Method for Storage and Management of Confidential Information of Lo Conte by including support for ISO/IEC 7810 standard, Bluetooth interface and a display in accordance with the teaching of Soon-Shiong et al.. This modification improves standardization of the device and support additional communication standard such as Bluetooth.
Lo Conte and Soon-Shiong et al. do not explicitly disclose:
the security controller operable to generate at least one secure random number from a seed generated from a feature vector of a user, the secure random number being in the form of an asymmetric cryptographic key pair known as Public/Private keys;
a biometric reader, operable to generate the seed for the secure random number, the seed being generated from a homomorphically encrypted feature vector of a biometric feature of a person;
one or more of an ISO/IEC 7816 compliant interface (contact interface), an ISO/IEC 14443 compliant interface (contactless interface) and a Universal Serial Bus (USB) compliant interface, universal asynchronous receiver/ transmitter compliant interfaces (UART) additionally connected to the security controller, the interfaces operable to exchange data between the security controller and a matched interface device and being connected to the MCU;
an Apple Authentication coprocessor and a light emitting diode (LED), wherein the MCU is connected to a biometric reader, to the display, to the Bluetooth interface, to the USB/UART interface, to the Apple Authentication coprocessor and/or to a light emitting diode (LED);
creating a backup of the master seed key:
creating a backup of feature vectors of a user;
creating a backup of feature vectors of successor users;
retrieving a master seed key by means of the feature vector of a user;
creating multiple biometric feature vectors;
enrolling multiple biometric feature vectors;
comparing scanned biometric features with previously stored biometric feature vectors; and
updating previously stored biometric features with newly scanned biometric feature vectors:
However, O’Regan et al. discloses:
the security controller operable to generate at least one secure random number from a seed generated from a feature vector of a user, the secure random number being in the form of an asymmetric cryptographic key pair known as Public/Private keys; (col 17 line 65 – col 18 line 16; claim 14)
a biometric reader, operable to generate the seed for the secure random number, the seed being generated from a homomorphically encrypted feature vector of a biometric feature of a person; .( Fig. 10; claims 14, 18 and 19)
creating multiple biometric feature vectors; (col 6 lines 31-67)
enrolling multiple biometric feature vectors; (col 6 lines 31-67)
comparing scanned biometric features with previously stored biometric feature vectors; and (col 3 lines 14-21)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined system of Lo Conte and Soon-Shiong et al. by including deriving a seed for random number generator from biometric feature vector of a person and encrypting the seed in accordance with the teaching of O’Regan et al.. This modification improves the security of data accessing as user authentication is tied to user’s biometric data and the biometric data is securely guarded with encryption.
Lo Conte, Soon-Shiong et al. and O’Regan et al. do not explicitly disclose:
one or more of an ISO/IEC 7816 compliant interface (contact interface), an ISO/IEC 14443 compliant interface (contactless interface) and a Universal Serial Bus (USB) compliant interface, universal asynchronous receiver/ transmitter compliant interfaces (UART) additionally connected to the security controller, the interfaces operable to exchange data between the security controller and a matched interface device and being connected to the MCU;
an Apple Authentication coprocessor and a light emitting diode (LED), wherein the MCU is connected to a biometric reader, to the display, to the Bluetooth interface, to the USB/UART interface, to the Apple Authentication coprocessor and/or to a light emitting diode (LED);
creating a backup of the master seed key:
creating a backup of feature vectors of a user;
creating a backup of feature vectors of successor users;
retrieving a master seed key by means of the feature vector of a user;
updating previously stored biometric features with newly scanned biometric feature vectors;
However, Palmade disclose:
one or more of an ISO/IEC 7816 compliant interface (contact interface), an ISO/IEC 14443 compliant interface (contactless interface) and a Universal Serial Bus (USB) compliant interface, universal asynchronous receiver/ transmitter compliant interfaces (UART) additionally connected to the security controller, the interfaces operable to exchange data between the security controller and a matched interface device and being connected to the MCU; (Figs.1 and 2; ¶¶0066-71; claim 1)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined system of Lo Conte, Soon-Shiong et al. and O’Regan et al.by supporting additional industry standardized interfaces such as contact and contactless interfaces in accordance with the teaching of Palmade. This modification improves flexibility and communication of the combined system by supporting additional interfaces. The modified system provides convenience and better user experience.
Lo Conte, Soon-Shiong et al., O’Regan et al. and Palmade do not explicitly disclose:
the security device comprising:
an Apple Authentication coprocessor and a light emitting diode (LED), wherein the MCU is connected to a biometric reader, to the display, to the Bluetooth interface, to the USB/UART interface, to the Apple Authentication coprocessor and/or to a light emitting diode (LED);
creating a backup of the master seed key:
creating a backup of feature vectors of a user;
creating a backup of feature vectors of successor users;
retrieving a master seed key by means of the feature vector of a user;
updating previously stored biometric features with newly scanned biometric feature vectors;
However, it has been held that structural limitations are not given weight in a method claim unless those limitations "affect the method in a manipulative sense and not amount to mere claiming of a particular structure." (See Ex Parte Pfeiffer, 135 USPQ 31 (Bd. App. 1961)).
Claims 9 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over US Application Publication US20190020651A1 (“Soon-Shiong et al.”) in view of US Grant Publication US10313317B2 (“O’Regan et al.”), and in further view of US Application Publication US20070084925A1 (“Palmade”).
Regarding claim 9, Soon-Shiong et al. in view of O’Regan et al. discloses all limitations as described above. Soon-Shiong et al. and O’Regan et al. do not explicitly disclose:
wherein the security device includes any one or more of an ISO/IEC 7816 compliant interface (contact interface), an ISO/IEC 14443 compliant interface (contactless interface) and a Universal Serial Bus (USB) compliant interface, universal asynchronous receiver/transmitter compliant interfaces (UART) additionally connected to the security controller, the interfaces operable to exchange data between the security controller and a matched interface device and being connected to the MCU.
However, Palmade discloses:
wherein the security device includes any one or more of an ISO/IEC 7816 compliant interface (contact interface), an ISO/IEC 14443 compliant interface (contactless interface) and a Universal Serial Bus (USB) compliant interface, universal asynchronous receiver/transmitter compliant interfaces (UART) additionally connected to the security controller, the interfaces operable to exchange data between the security controller and a matched interface device and being connected to the MCU. (Figs.1 and 2; ¶¶0066-71; claim 1)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined system of Soon-Shiong et al. and O’Regan et al.by supporting additional industry standardized interfaces such as contact and contactless interfaces in accordance with the teaching of Palmade. This modification improves flexibility and communication of the combined system by supporting additional interfaces. The modified system provides convenience and better user experience.
Regarding claim 11, Soon-Shiong et al. in view of O’Regan et al., and in further view of Palmade discloses all limitations disclosed as above. Soon-Shiong et al. further discloses:
a display connected to the processor, operable to display data from the processor.(¶¶0057-58)
Allowable Subject Matter
Claims 14, 21 and 35 are objected to as being dependent upon a rejected base claim, but would be allowable if the 112b rejection, set forth in this Office action, is overcome and if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim 70 is objected to as being dependent upon a rejected base claim, but would be allowable if the 101 and 112b rejections, set forth in this Office action, are overcome and if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim 71 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 101 set forth in this Office action. The reason for allowance will be furnished upon allowance of the application.
Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US10475025B2 (“Zarakas et al.”) discloses a system for securely updating an electronic transaction card held by an account holder with an additional account and/or account data. A dynamic transaction card may be securely updated with an additional account by using prestored shell data and/or inactive data, whereby the pre-stored shell data may be populated using data received from an issuer system and/or the inactive data may be activated via an activation signal received from an issuer system.
US20070180261A1(“Akkermans et al.”) discloses a method and a system of verifying the identity of an individual by employing biometric data associated with the individual while providing privacy of said biometric data. A basic idea of the present invention is to represent a biometric data set XFP with a feature vector. A number of sets Xpp1 , Xpp2 , ... XFPm of biometric data and hence a corresponding number of feature vectors is derived, and quantized feature vectors X1 , X2 , .. . , Xm are created. Then, noise robustness of quantized feature components is tested. A set of reliable quantized feature components is formed, from which a subset of reliable quantized feature components is randomly selected. A first set W1of helper data is created from the subset of selected reliable quantized components. The helper data W1 is subsequently used in a verification phase to verify the identity of the individual.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YINGYING ZHOU whose telephone number is (571)272-5308. The examiner can normally be reached Mon - Fri 9:00am - 5:00pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YINGYING ZHOU/Examiner, Art Unit 3697