DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This Office Action is in response to the communication filed on 09/19/2025.
Claims 1 and 16 have been amended.
4. Claims 1-30 are currently pending and are considered below.
Continued Examination Under 37 CFR 1.114
5. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 09/19/2025 has been entered.
Claim Rejections - 35 USC § 101
6. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
7. Claims 1-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Representative claim 1, recites a method, which is a statutory class, executed by a first and a second server and memory: the method, comprising:
receiving, at a first server, a request to authenticate one or more persons, wherein the request comprises a data sequence that includes a resource locator, wherein the resource locator comprises at least one reference code, wherein the reference code is associated with an address of a memory that stores information about the one or more persons, and wherein the sequence comprises a data record;
retrieving from the memory at the first server, personal identifying information of the one or more persons based on the reference code;
determining , at the first server, an IP address of a second server based on the personal identifying information of the one or more persons, wherein the personal identifying information includes personal attributes and financial information of the one or more persons, and
transmitting a modified sequence of data that comprises the IP address to the second server.
The steps of
receiving, at a first server, a request to authenticate one or more persons, wherein the request comprises a data sequence that includes a resource locator, wherein the resource locator comprises at least one reference code, wherein the reference code is associated with an address of a memory that stores information about the one or more persons, and wherein the sequence comprises a data record;
retrieving from the memory at the first server, personal identifying information of the one or more persons based on the reference code;
determining , at the first server, an IP address of a second server based on the personal identifying information of the one or more persons, wherein the personal identifying information includes personal attributes and financial information of the one or more persons, and
transmitting a modified sequence of data that comprises the IP address to the second server,
as drafted, is a process that, under its broadest reasonable interpretation, covers a method of organizing human activity. Given the broadest reasonable interpretation, the claim recites a method for transmitting data for authentication. The above identified method steps recite commercial interactions such as sales activities and/or tailored personalized marketing relating to providing data associated with the person.
If a claim limitation, under its broadest reasonable interpretation, covers commercial interaction such as tailored personalized marketing, then it falls within the “certain methods of organizing human activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements of a first and a second server and memory. The a first and a second server is recited at a high-level of generality (i.e., as a generic processor performing a generic computer functions of receiving, a request to authenticate one or more persons; retrieving personal identifying information; determining an IP address of a second server, and transmitting a modified sequence of data) such that they amount to no more than mere instructions to apply the exception using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of a first and a second server and memory amount to no more than mere instructions to apply the exception using generic computer components. The additional elements are similar to the additional elements found by courts to be mere instructions to apply an exception because they do no more than merely invoke computers or machinery to perform an existing process such as: a common business method or mathematical algorithm being applied on a general purpose computer (Alice Corp. Pty. Ltd. V. CLS Bank Int’l, 573 US 208, 223; Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334); providing a user with tailored information like advertisements based on information known about the user such as a location, address, or personal characteristics and a time of day is a fundamental practice long prevalent in our system); In re Morsa, 809 F. App’x 913, 917 (Fed. Cir. 2020). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.
Thus, considered as an ordered combination, the additional elements add nothing that is not already present when the steps are considered separately. That is, a first and a second server and memory, performing commercial interactions including: receiving, a request to authenticate one or more persons; retrieving personal identifying information; determining an IP address of a second server, and transmitting a modified sequence of data, amount to mere instructions to apply the steps to a computer comprising of a processor.
Thus, claims 1 and 16 are not eligible.
As for dependent claims 2-15 and 17-30, these claims recite limitations that further define the same abstract idea noted in claims 1 and 16. Therefore, they are considered patent ineligible for the reasons given above. The additional limitations of the dependent claims, when considered individually and as an ordered combination, do not amount to significantly more than the abstract idea itself.
Claims 1-30 are therefore not drawn to eligible subject matter as they are directed to an abstract idea without significantly more.
Claim Rejections - 35 USC § 103
8. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
9. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
10. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
11. Claims 1-30 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Loughlin-McHugh et al. (U.S. Pub. No. 2016/0239653) (hereinafter ‘Loughlin’) in view of Edelstein et al. (U.S. Pub. No. 2018/0158061) (hereinafter ‘Edelstein’).
Claims 1 and 16: Loughlin discloses methods of transmitting data using at least one server, comprising:
retrieving from the memory at the first server, personal identifying information of the one or more persons based on the reference code, Loughlin teaches providing access to digital profiles held in persistent electronic storage of a digital identity system comprises: receiving from a requesting entity an electronic request message identifying a target entity; in response to the request, publishing: (i) a digital profile of the target entity by storing a version of that profile in an addressable memory location, and (ii) a digital profile of the requesting entity by storing a version of that profile in another addressable memory location; generating two non-matching receipts, each comprising a transaction identifier, a first of which comprises a link identifying the memory location to which the target entity's profile is published, the second of which comprises a link identifying the other memory location to which the requesting entity's profile is published; transmitting the first receipt to an address associated with the requesting entity; and transmitting the second receipt to an address associated with the target entity (see at least paragraphs 0009 and 0012);
determining, at a first server, an IP address of a second server based on the personal identifying information of the one or more persons , Loughlin teaches the link may be generated from a random sequence and/or the addressable memory location may be selected based on a random sequence. Random generation of links/ selection of memory addresses ensures efficient use of the memory address/link space (see at least the Abstract and paragraphs 0009, 0012 and 0163), furthermore, Loughlin teaches an attribute of the document may be received in the message, and the credential may be generated and transmitted only if the attribute meets a predetermined criteria (see at least paragraph 0483), wherein the personal identifying information includes personal attributes and financial information of the one or more persons, Loughlin teaches a transaction can be performed with the particular intent of increasing the confidence value assigned to a target entity’s profile, in which a vouching entity vouches for the target entity. The vouching entity collects a credential from the target entity and presents it to the uPass system with their own credential in an electronic vouching message. The vouching entity's credential is bound to a profile of the vouch ing entity to which is allocated a relatively high confidence value (relative to the target's profile as bound to their credential). On the basis of that higher confidence value, the transaction causes the confidence value of the target entity's profile to be increased. Being a transaction, this uses up the vouching and target entity's one-time use credentials and fresh credentials, bound to the respective profiles, are issued accordingly (see at least paragraphs 0017, 0021, 0383-0384); and
transmitting a modified sequence of data that comprises the IP address to the second server, Loughlin teaches when a new device goes online, server asks if the credential is valid (see at least paragraphs 0009, 0046, 0086, 0156 and 0166), without identifying the identity of the one or more persons, Loughlin teaches user of the uPass system is able to upload and register copies of their identity documents and in return they receive an anchored digital ID which can be used to verify their identity to third parties without needing to present these identity documents (see at least paragraphs 0016, 0043, 0263 and 0355).
While Loughlin teaches the limitations mentioned above, Loughlin does not explicitly teach receiving, at a first server, a request to authenticate one or more persons, wherein the request comprises a data sequence that includes a resource locator, wherein the resource locator comprises at least one reference code, wherein the reference code is associated with an address of a memory that stores information about the one or more persons, and wherein the sequence comprises a data record. However, Edelstein teaches the authentication manager 128 can also increase the authentication score in response to detecting that the mobile device accessed an internet protocol address or uniform resource locator associated with the remote service provider, and further teaches for example, the authentication manager 128 can also indicate to a remote server to request additional authentication information from the user via a text message, a phone call, or a notification (see at least paragraphs 0026, 0033-0037). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention for Loughlin to modify to include the teaching of Edelstein in order to authorize transactions of users.
Claims 2 and 17: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the data record is a reference identifier for a financial attribute, money, points, incentive, reward, credit, debit, crypto, monetary value, payment, commission, donation, advertisement, financial service, and combinations thereof, Loughlin teaches another possible application of uPass is a digital wallet which allows a sum of money to be associated with a particular device and used to purchase goods or services (see at least paragraph 0383).
Claims 3 and 18: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the data sequence comprises a function, interface, or code that executes, calculates, determines, displays, generates, renders, retrieves, transacts, triggers, displays, causes an action, and combinations, Loughlin teaches receiving from a requesting entity an electronic request message identifying a target entity; in response to the request, publishing: (i) a digital profile of the target entity by storing a version of that profile in an addressable memory location, and (ii) a digital profile of the request ing entity by storing a version of that profile in another addressable memory location; generating two nonmatching receipts, each comprising a transaction identifier, a first of which comprises a link identifying the memory location to which the target entity's profile is published, the second of which comprises a link identifying the other memory location to which the requesting entity's profile is published; trans mitt ing the first receipt to an address associated with the transmitting the second receipt to an address associated with the target entity, (see at least the Abstract and paragraphs 0009-0014, 0163 and 0456-0458);
Claims 4 and 19: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the reference code comprises at least one of an alphanumeric character, symbol, signifier, cifer, encryption, and combinations thereof, Loughlin teaches a digital signature is generated on the sum of unencrypted by encrypting block 44. The digital signature is used to annotate each separate encrypted data item before it is submitted to the registration service (see at least paragraphs 0130-0132 and 0167).
Claims 5 and 20: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the reference code comprises personal identifying information, Loughlin teaches at no point is the asserting party's digital identity
identifier 26 exposed. This is essential to the integrity of the system, even for casual use cases. Likewise, no personal information regarding the asserting party is revealed beyond that necessary to broker trust (see at least paragraph 0243).
Claims 6 and 21: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the reference code is further linkable to at least one good, service, entity, organization, group, device, and combinations thereof, Loughlin teaches while uPass credentials are anchored by a passport they can be caused to expire when the passport expires. This requires that uPass users be advise d to update their registered documents as soon as their new passport is issued ensure continuity of service (see at least paragraphs 0057, 0140 and 0389).
Claims 7 and 22: Loughlin in view of Edelstein disclose the methods according to claims 6 and 21, and Loughlin further teaches wherein the reference code is not identifiable to one or more persons, Loughlin teaches at no point is the asserting party's digital identity identifier exposed. This is essential to the integrity of the system, even for casual use cases. Likewise, no personal information regarding the asserting party is revealed beyond that necessary to broker trust (see at least paragraph 0243).
Claims 8 and 23: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the reference code is at least one of a calculated, determined, generated, rendered, retrieved, transacts, triggers, and combinations thereof by using at least one of a processor, chip, device, display, database, memory, clearinghouse, node, and combinations thereof, Loughlin teaches receiving from a requesting entity an electronic request message identifying a target entity; in response to the request, publishing: (i) a digital profile of the target entity by storing a version of that profile in an addressable memory location, and (ii) a digital profile of the request ing entity by storing a version of that profile in another addressable memory location; generating two nonmatching receipts, each comprising a transaction identifier, a first of which comprises a link identifying the memory location to which the target entity's profile is published, the second of which comprises a link identifying the other memory location to which the requesting entity's profile is published; trans mitt ing the first receipt to an address associated with the transmitting the second receipt to an address associated with the target entity, (see at least the Abstract and paragraphs 0009-0014, 0163 and 0456-0458);
Claims 9 and 24: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the reference code comprises at least one of a pointer, link, cifer, domain name, function, executable, device, hash, and combinations thereof, Loughlin teaches the link may be generated from a random sequence and/or the addressable memory location may be selected based on a random sequence. Random generation of links/ selection of memory addresses ensures efficient use of the
memory address/link space (see at least paragraph 0013).
Claims 10 and 25: Loughlin in view of Edelstein disclose the methods according to claims 5 and 20, and Loughlin further teaches wherein the personal identifying information comprises at least one of a second reference code, a credit score, taxable income, medical condition, biographical details, biometrics, zip code, credit card number, account number, identifier, email address, Social Security Number, Employer Identity Number, driver's license, advertisement, a customer number, a medical TD number, and combinations thereof, Loughlin teaches there are several ways in which the credential could be presented: a binary blob transferred by NFC; a barcode for scanning an email address; or, some form of QR code. uPass Connect (see at least paragraph 0058).
Claims 11 and 26: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the IP address comprises at least one of a domain name, IP address, device address, supply identifier, barcode, serial number, email address, payment device, account reference, username, identification number, telephone number, API, port, socket, software call, channel, postal address, and combinations thereof, Loughlin teaches there are several ways in which the credential could be presented: a binary blob transferred by NFC; a barcode for scanning an email address; or, some form of QR code. uPass Connect (see at least paragraph 0058).
Claims 12 and 27: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the IP address refers to at least one of a digital device, session, physical location, non-transient media, crypto processor, and combinations thereof, Loughlin teaches the metadata may be metadata of the device itself, e.g. a device identifier (ID) such as a serial number or MAC address of the device, or it may be related metadata such as (geo) location (e.g. GPS) data identifying a (geo)location of the device when the message was sent (see at least paragraph 0015).
Claims 13 and 29: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches where the first server comprises at least one of a network, internet, intranet, extranet, deepnet, cloud, processor, device, and combinations thereof, Loughlin teaches in on embodiment of the registration process, the registrant submits a photograph of the registrant taken with the same device us ed to capture registration data, time stamped and tagged with metadata comprising device type, operating system, geolocation and n et work address. The same metadata will be capture on registration data captured using the device (see at least paragraph 0163).
Claims 14 and 28: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein the step of determining an IP address comprises use of at least one of a token, hash, barcode, cifer, mapping, deconvolution, encryption, decryption, lookup table, database, data record, memory device, chip, stripe, processor, and combinations thereof, Loughlin teaches the link may be generated from a random sequence and/or the addressable memory location may be selected based on a random sequence. Random generation of links/ selection of memory addresses ensures efficient use of the memory address/link space (see at least paragraphs 0013 and 0014).
Claims 15 and 30: Loughlin in view of Edelstein disclose the methods according to claims 1 and 16, and Loughlin further teaches wherein transmitting the data sequence comprises sending at least one of authentication, notification, timestamp, reference, pointer, API, call, cifer, encryption, Static reference, dynamic reference, code, packet, executable, interpreter, key, quanta, piranha, rubrix, shibboleth, signal, token, encrypted data, data for a duration of time, and combinations thereof, Loughlin teaches the link may be generated from a random sequence and/or the addressable memory location may be selected based on a random sequence. Random generation of links/ selection of memory addresses ensures efficient use of the memory address/link space (see at least paragraphs 0012 and 0013).
Response to Arguments
12. Applicant's arguments filed to 09/19/2025 with respect to the rejection of claims 1-30, under 35 U.S.C. 101 have been fully considered but they are not persuasive. See new rejection above with respect to the amended independent claims 1 and 16.
13. Applicant's arguments filed 09/19/2025 with respect to the rejection of claims 1-30 under 35 U.S.C. 102 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of Edelstein (U.S. Pub. No.2018/0158061).
Conclusion
14. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
15. Feeney (U.S. Pub. No. 2016/0098723) discloses the server 122 and client 120 may communicate using a security combining public key encryption, private key encryption, and digital certificates. For instance, the client 120 may authenticate the server 122 using a digital certificate provided by the server 122. The server 122 may authenticate the client 120 using a digital certificate provided by the client 120. After successful authentication, the device that received the digital certificate possesses a public key that corresponds to the private key of the device providing the digital certificate; the device that performed the authentication may then use the public key to convey a secret to the device that issued the certificate. The secret may be used as the basis to set up private key cryptographic communication between the client 120 and the server 122; for instance, the secret may be a private key for a private key cryptographic system. The secret may be a datum from which the private key may be derived. The client 120 and server 122 may then uses that private key cryptographic system to exchange information until the in which they are communicating ends. In some embodiments, this handshake and secure communication protocol is implemented using the secure sockets layer (SSL) protocol. In other embodiments, the protocol is implemented using the transport layer security (TLS) protocol. The server 122 and client 120 may communicate using hyper-text transfer protocol secure (HTTPS) (see at least paragraph 0035).
16. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARILYN G MACASIANO whose telephone number is (571)270-5205. The examiner can normally be reached Monday-Friday 12:00-9:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, llana Spar can be reached on 571)270-7537. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MARILYN G MACASIANO/Primary Examiner, Art Unit 3622 09/30/2025