DETAILED ACTION
The following NON-FINAL Office action is in response to Application 19103855 filed on February 14, 2025.
Acknowledgements
Claims 1-19 are canceled.
Claims 20-31 are pending.
Claims 20-31 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 20-31 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 20-24 are directed to a method and claims 25-31 are directed to a system. Therefore, these claims fall within the four statutory categories of invention.
The claims recite validating the authenticity of the user to provide access to assets which is an abstract idea. Specifically, the claim recites “generating and storing […] associated with an asset of primary user, wherein the […] provide access to the asset; extracting a biometric input associated with a user and generating a biometric signature from the extracted biometric input, wherein the biometric signature is generated from the biometric input of the user; linking the generated biometric signature to the […] for adding a security layer to access […], wherein linking the generated biometric signature to the […]provides security while accessing the […]; receiving a request for accessing the […] from the user in order to access the asset; extracting a real time biometric input associated with the user and generating a real time biometric signature from the extracted real time biometric input; verifying the generated biometric signature with the real time biometric signature; and providing access to the […] upon successful verification; establishing a secure connection of a remote backup […] with the primary user device…; and receiving and storing the […] and the generated biometric signature … on successful attestation...” which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test, classified under “fundamental economic principles or practices”, specifically “mitigating risk” as part of a transaction (See MPEP 2106, specifically 2106.04(a)) because – for example, in this case, the claims involve a series of steps for generating and comparing biometric information/signatures of the user to validate the authenticity of the user and enabling accessing of the stored information by users remotely. Accordingly, the claim recites an abstract idea (See MPEP 2106, specifically 2106.04(a)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See MPEP 2106.04(d)), the additional elements of the claims such as a public key and a private key, digital asset, a dedicated memory hardware of a primary user device, biometric interface, fuzzy biometric extractor and a remote backup server merely involves using a computer as a tool to perform an abstract idea and/or generally links the use of a judicial exception to a particular technological environment. The use of “public key and a private key, digital asset, a dedicated memory hardware of a primary user device, biometric interface, fuzzy biometric extractor and a remote backup server” to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment] does not render the claim patent eligible because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Specifically, the “public key and a private key, digital asset, a dedicated memory hardware of a primary user device, biometric interface, fuzzy biometric extractor and a remote backup server” perform the steps or functions of “generating and storing […] associated with an asset of primary user, wherein the […] provide access to the asset; extracting a biometric input associated with a user and generating a biometric signature from the extracted biometric input, wherein the biometric signature is generated from the biometric input of the user; linking the generated biometric signature to the […] for adding a security layer to access […], wherein linking the generated biometric signature to the […]provides security while accessing the […]; receiving a request for accessing the […] from the user in order to access the asset; extracting a real time biometric input associated with the user and generating a real time biometric signature from the extracted real time biometric input; verifying the generated biometric signature with the real time biometric signature; and providing access to the […] upon successful verification; establishing a secure connection of a remote backup […] with the primary user device…; and receiving and storing the […] and the generated biometric signature … on successful attestation...”. The additional claim elements are not indicative of integration into a practical application, because the claims do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See MPEP 2106, specifically 2106.05), the additional elements of “a public key and a private key, digital asset, a dedicated memory hardware of a primary user device, biometric interface, fuzzy biometric extractor and a remote backup server” to automate and/or implement the abstract idea of validating the authenticity of the user to provide access to assets. As discussed above, taking the claim elements separately “a public key and a private key, digital asset, a dedicated memory hardware of a primary user device, biometric interface, fuzzy biometric extractor and a remote backup server” perform the steps of Claim 1. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of validating the authenticity of the user to provide access to assets. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of “a public key and a private key, digital asset, a dedicated memory hardware of a primary user device, biometric interface, fuzzy biometric extractor and a remote backup server” to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims further describe details verifying signatures of a user, real-time biometric signature with the generated signature and acceptable types of digital assets and biometric inputs. The dependent claims recite additional elements such as “secondary user device and a virtual remote cloud storage server”, however, they do not integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 20-31 are rejected under 35 U.S.C. 103(b) as being- unpatentable over Chan et al. (US 2023/0177489 A1) in view of Lindemann (US 2019/0164156 A1)
Regarding Claims 20 and 25, Chan discloses: a method for securely managing a private wallet, the method comprising (¶0055, ¶0057, ¶0066, ¶0082):
[generating] and storing a public key and a private key associated with a digital asset in the private wallet in a dedicated memory hardware of a primary user device, wherein the public key and the private key provide access to the digital asset; (¶0037)
extracting, via a biometric interface, a biometric input associated with a user and generating a biometric signature from the extracted biometric input, wherein the biometric signature is generated from the biometric input of the user via a fuzzy biometric extractor; (¶0031, ¶0034, ¶0047, ¶0061, ¶0079, ¶0082)
linking the generated biometric signature to the private key for adding a security layer to access the private key, wherein linking the generated biometric signature to the private key provides security while accessing the private key; (¶0031, ¶0046, ¶0047, ¶0062, ¶0068, ¶0074)
receiving a request for accessing the private key from the user in order to access the digital asset; (¶0067, ¶0099)
extracting a real time biometric input associated with the user and generating a real time biometric signature from the extracted real time biometric input; (¶0031, ¶0032, ¶0034, ¶0047, ¶0062, ¶0068, ¶0074, ¶0079, ¶0081)
verifying the generated biometric signature with the real time biometric signature and providing access to the private key upon successful verification; (¶0039, ¶0057, ¶0063, ¶0067, ¶0082, ¶0083, ¶0087, ¶0089)
Chan does not disclose: [generating] a public key and a private key; establishing a secure connection of a remote backup server with the dedicated memory hardware of the primary user device using an SSL/TLS protocol and receiving and storing the public key and the private key and the generated biometric signature linked to the private key in a dedicated memory hardware of the remote backup server on successful attestation of the remote backup server.
Lindemann however discloses:
[generating] a public key and a private key (¶0653)
establishing a secure connection of a remote backup server with the dedicated memory hardware of the primary user device using an SSL/TLS protocol and (Fig. 8; Fig. 33; ¶0113, ¶0131, ¶0133, ¶0178, ¶0192, ¶0314, ¶0368, ¶0374, ¶0376, ¶0380, ¶0407)
receiving and storing the public key and the private key and the generated biometric signature linked to the private key in a dedicated memory hardware of the remote backup server on successful attestation of the remote backup server (¶0170, ¶0403, ¶0653)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the system of Chan to include “[generating] a public key and a private key; establishing a secure connection of a remote backup server with the dedicated memory hardware of the primary user device using an SSL/TLS protocol and receiving and storing the public key and the private key and the generated biometric signature linked to the private key in a dedicated memory hardware of the remote backup server on successful attestation of the remote backup server”, as disclosed in Lindemann, in order to provide a system for providing secure user authentication over a network using biometric sensors (see Lindemann ¶0003)
Regarding Claims 21 and 27, Chan in view of Lindemann disclose the invention as above.
Lindemann further discloses: wherein the remote backup server is a backup device or a virtual remote cloud storage server (¶0500)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the system of Chan to include “wherein the remote backup server is a backup device or a virtual remote cloud storage server”, as disclosed in Lindemann, in order to provide a system for providing secure user authentication over a network using biometric sensors (see Lindemann ¶0003)
Regarding Claims 22 and 28, Chan in view of Lindemann disclose the invention as above.
Lindemann further discloses:
sharing a hardware signature of a secondary user device and a real-time biometric signature extracted from a real-time biometric input of the user to the remote backup server; (¶00446)
verifying the hardware signature of the secondary user device and the real-time biometric signature with the generated biometric signature; and (¶00446)
receiving and storing the public key and the private key and the generated biometric signature linked to the private key in a dedicated memory hardware of the secondary user device on successful attestation of the second user device, wherein the hardware signature of the secondary user device contains information of the dedicated memory hardware of the secondary user device (¶0447)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the system of Chan to include “receiving and storing the public key and the private key and the generated biometric signature linked to the private key in a dedicated memory hardware of the secondary user device on successful attestation of the second user device, wherein the hardware signature of the secondary user device contains information of the dedicated memory hardware of the secondary user device”, as disclosed in Lindemann, in order to provide a system for providing secure user authentication over a network using biometric sensors (see Lindemann ¶0003)
Regarding Claims 23 and 30, Chan discloses wherein the digital asset comprises one or more of: cryptocurrencies, money or digital identities (¶0056, ¶0116, ¶0151).
Regarding Claims 24 and 31, Chan discloses wherein the biometric input is one of: a fingerprint, retinal scan, facial scan or voice (¶0046)
Regarding Claims 26, Chan discloses wherein the processor is further configured to track the dedicated memory hardware of the primary user device to enable the user to monitor if the primary user device is tampered from external influence (¶0056, ¶0057)
Regarding Claim 29, Chan in view of Lindemann disclose the invention as above.
Lindemann further discloses wherein the dedicated memory hardware of the secondary user device is connected with the remote backup server using an SSL/TLS protocol (¶0180, ¶0388, ¶0403).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the system of Chan to include “wherein the dedicated memory hardware of the secondary user device is connected with the remote backup server using an SSL/TLS protocol”, as disclosed in Lindemann, in order to provide a system for providing secure user authentication over a network using biometric sensors (see Lindemann ¶0003)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZEHRA RAZA/ Examiner, Art Unit 3697
/JOHN W HAYES/ Supervisory Patent Examiner, Art Unit 3697