Prosecution Insights
Last updated: July 17, 2026
Application No. 17/551,134

VACCINATION AND TESTING VALIDATION AND VERIFICATION

Non-Final OA §101§103
Filed
Dec 14, 2021
Priority
Dec 14, 2020 — provisional 63/125,227 +2 more
Examiner
BALAJ, ANTHONY MICHAEL
Art Unit
3682
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Azova, Inc.
OA Round
3 (Non-Final)
30%
Grant Probability
At Risk
3-4
OA Rounds
0m
Est. Remaining
63%
With Interview

Examiner Intelligence

Grants only 30% of cases
30%
Career Allowance Rate
36 granted / 120 resolved
-22.0% vs TC avg
Strong +33% interview lift
Without
With
+33.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
20 currently pending
Career history
153
Total Applications
across all art units

Statute-Specific Performance

§101
22.6%
-17.4% vs TC avg
§103
73.7%
+33.7% vs TC avg
§102
0.6%
-39.4% vs TC avg
§112
2.3%
-37.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 120 resolved cases

Office Action

§101 §103
DETAILED ACTION Notices to Applicant This communication is a Non-Final Action on the merits. Claims 2-11, 14-20, and 23 as filed 10/20/2025, are currently pending and have been considered below. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority The present Application claims priority to and benefit under 35 U.S.C. §119 to U.S. Provisional Patent Application No. 63/125,227, filed 12/14/2020, U.S. Provisional Patent Application No. 63/125,366. filed on 12/14/2020, and U.S. Provisional Patent Application No. 63/179,181, filed 4/23/2021. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/20/2025 has been entered. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 2-11, 14-20, and 23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., an abstract idea) without significantly more. Claim 2 is drawn to a system for health credential validation, which is within the four statutory categories (i.e. system). Independent Claim 2 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 2 recites: a processor; an account creation subsystem to generate a first graphical user interface for rendering on a personal computer device, the first graphical user interface to be utilized by a user to create a secure user account that includes personal identifying information; a health credential interface to generate a second graphical user interface to receive: (i) a user-provided health credential identifying a vaccination status of the user with respect to a specific disease, (ii) information identifying a first entity that provided the vaccination status of the user, (iii) a user-provided health credential identifying a test status of the user with respect to the specific disease, and (iv) information identifying a second entity that administered the test to the user for the specific disease; a verification subsystem configured to: (i) via a network, automatically transmit validation requests to a first third-party computing system for the vaccination status and to a second third-party computing system for the test status (ii) receive respective digital validation results, and (iii) store within at least one protected data structure of the secure user account a validated vaccination health credential and a validated test credential that are immutable by the user; and a code generation subsystem to generate a single scannable verification code that: (i) is generated devoid of personal identifying information, (ii) digitally associates the vaccination status of the user as validated with the first third-party computing system and the test status of the user as validated with the second third-party computing system, and (iii) when scanned by a verifying entity device, causes the verifying entity device to request, from the system via a remote verification service, a combined verification that both the validated vaccination health credential and the validated vaccination status exist in the secure user account, without transmitting personal identifying information to the verifying entity device. The limitations above, as drafted, is a system that, under its broadest reasonable interpretation, covers managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components. That is, other than reciting the above bolded limitations, nothing in the claim precludes the steps from practically managing personal behavior or interactions between people. For example, but for the above bolded limitations, create a secure user account that includes personal identifying information by a user; to receive: (i) a user-provided health credential identifying a vaccination status of the user with respect to a specific disease, (ii) information identifying a first entity that provided the vaccination status of the user, (iii) a user-provided health credential identifying a test status of the user with respect to the specific disease, and (iv) information identifying a second entity that administered the test to the user for the specific disease; receive respective digital validation results; generate a code devoid of personal identifying information that associates the vaccination status of the user as validated and the test status of the user as validated; request a combined verification that both the validated vaccination health credential and the validated vaccination status exist in the secure user account, without transmitting personal identifying information in the context of this claim encompasses the management of personal behavior or interactions between people through following rules or instructions for health credential validation. If a claim limitation, under its broadest reasonable interpretation, covers managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claim only recites the above bolded additional elements, such as using “a processor; an account creation subsystem to generate a first graphical user interface for rendering on a personal computer device,” “a health credential interface to generate a second graphical user interface,” “a verification subsystem configured to: (i) via a network, automatically transmit validation requests to a first third-party computing system for the vaccination status and to a second third-party computing system for the test status,” “store within at least one protected data structure of the secure user account,” “a code generation subsystem to generate a single scannable verification code and “when scanned by a verifying entity device, causes the verifying entity device to request, from the system via a remote verification service,” to perform the claim limitations. The elements in each of these steps are recited at a high-level of generality (i.e., a processor such as a microprocessor or the like, subsystems such as modules related to their function that is facilitates as part of a hardware system and/or computer-readable medium, and graphical user interfaces implemented and/or generated by a module or subsystems on personal computing devices, as they relate to general purpose computer components (Application Specification [0015], [0070], [0075])). As such, the limitations amount to no more than mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems are mere data gathering and output recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the above bolded additional elements, such as using “a processor; an account creation subsystem to generate a first graphical user interface for rendering on a personal computer device,” “a health credential interface to generate a second graphical user interface,” “a verification subsystem configured to: (i) via a network, automatically transmit validation requests to a first third-party computing system for the vaccination status and to a second third-party computing system for the test status,” “store within at least one protected data structure of the secure user account,” “a code generation subsystem to generate a single scannable verification code and “when scanned by a verifying entity device, causes the verifying entity device to request, from the system via a remote verification service,” to perform the claim limitations amounts to no more than mere instructions to apply the exception using a generic computer component. (i.e., a processor such as a microprocessor or the like, subsystems such as modules related to their function that is facilitates as part of a hardware system and/or computer-readable medium, and graphical user interfaces implemented and/or generated by a module or subsystems on personal computing devices, as they relate to general purpose computer components (Application Specification [0015], [0070], [0075])). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems amount to receiving or transmitting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. The claim is not patent eligible. Claim 3 is drawn to a non-transitory computer-readable medium for health credential validation, which is within the four statutory categories (i.e. manufacture). Independent Claim 3 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 3 recites: A non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing system, cause the computing system to implement operations to: facilitate the creation, by a user, of a secure user account that stores personal identifying information of the user in at least one protected data structure; receive, from the user, a user-provided health credential for a specific disease, wherein the user-provided health credential is stored as part of the secure user account; automatically transmit, over the network, an electronic validation request to a third-party computing system to validate the user-provided health credential; receive, from the third-party computing system, a digital validation result confirming the user-provided health credential; upon receiving the digital validation result confirming the user-provided health credential, replace, in the protected data structure, the user-provided health credential with a validated health credential based on the third-party validation, wherein the validation health credential stored in the secure user account is immutable by the user; receive a request by the user to share, with an external computing system, an indication that the user holds the validated health credential; and electronically transmit to the external computing system, in response to the user request, a confirmation that the validated health credential exists in the secure user account while withholding at least some personal identifying information from the external computing system. The limitations above, as drafted, is a manufacture that, under its broadest reasonable interpretation, covers managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components. That is, other than reciting the above bolded limitations, such as “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing system, cause the computing system to implement operations,” “stores personal identifying information of the user in at least one protected data structure,” “automatically transmit, over the network, an electronic validation request to a third-party computing system,” and “an external computing system … electronically transmit to the external computing system,” nothing in the claim precludes the steps from practically managing personal behavior or interactions between people. For example, but for the “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing system, cause the computing system to implement operations,” “stores personal identifying information of the user in at least one protected data structure,” “automatically transmit, over the network, an electronic validation request to a third-party computing system,” and “an external computing system … electronically transmit to the external computing system,” language, the creation of a user account by a user, receive, from the user, a user-provided health credential for a specific disease, validate the user-provided health credential, receive a validation result confirming the user-provided health credential; upon receiving the validation result confirming the user-provided health credential, replace the user-provided health credential with a validated health credential based on the third-party validation, receive a request by the user to share an indication that the user holds the validated health credential; and in response to the user request, a confirmation that the validated health credential exists in the secure user account while withholding at least some personal identifying information in the context of this claim encompasses the management of personal behavior or interactions between people through following rules or instructions for health credential validation. If a claim limitation, under its broadest reasonable interpretation, covers managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements of using “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing system, cause the computing system to implement operations,” “stores personal identifying information of the user in at least one protected data structure,” “automatically transmit, over the network, an electronic validation request to a third-party computing system,” and “an external computing system … electronically transmit to the external computing system,” to perform the claim limitations. The elements in each of these steps are recited at a high-level of generality (i.e., software executable on and located within or on a computer-readable storage medium such as a non-transitory computer-readable medium and a processor such as a microprocessor and the like, a distributed computing environment where tasks are performed by a remote processing device linked through a communications network and a database record may reside in the same computer-readable storage medium as they relate to general purpose computer components (Application Specification [0015], [0018]-[0019])). As such, the limitations amount to no more than mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems are mere data gathering and output recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing system, cause the system to implement operations,” “in at least one protected data structure,” “automatically transmit, over the network, an electronic validation request to a third-party computing system,” and “an external computing system … electronically transmit to the external computing system,” to perform the collecting, analyzing, storing, and generating limitations amounts to no more than mere instructions to apply the exception using a generic computer component. (i.e., software executable on and located within or on a computer-readable storage medium such as a non-transitory computer-readable medium and a processor such as a microprocessor and the like, a distributed computing environment where tasks are performed by a remote processing device linked through a communications network and a database record may reside in the same computer-readable storage medium as they relate to general purpose computer components (Application Specification [0015], [0018]-[0019])). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems amount to receiving or transmitting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. The claim is not patent eligible. Dependent claims 4-5 include limitations of the independent claim and are directed to the same abstract idea as discussed above and incorporated herein. The dependent claims are rejected under 35 U.S.C. § 101 because they are directed to non-statutory subject matter. These additional claims recite what the vaccination and test data is and how it is analyzed. These information characteristics do not integrate the judicial exception into a practical application, and, when viewed individually or as a whole, they do not add anything substantial beyond collecting and analyzing vaccination and test data. Claim 4 recites the additional element of “a third-party database,“ being a data tied or rendered together in a database record that may reside in a computer or several computer-readable storage media linked in fields of a record in a database across a network “via a remote verification service;” however, these elements are recited at a high level of generality such that it amounts to a generic computer component. See Application Specification at [0019], MPEP 2106.05(f). Furthermore, the combination of elements does not indicate a significant improvement to the functioning of a computer or any other technology. Therefore the dependent claims are rejected under 35 U.S.C. § 101. Claim 6 is drawn to a non-transitory computer-readable medium for health credential validation, which is within the four statutory categories (i.e. manufacture). Independent Claim 6 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 6 recites: A non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing device, cause the computing device to: generate a graphical user interface accessible by a user to facilitate the creation of a secure user account by the user that includes personal identifying information and to configure secure user account settings that specify entities or systems authorized by the user to view validated credentials; receive, from the user, user-provided details associated with a profile credential, wherein the profile credential comprises non-personal identifying information; add the profile credential to the user account as a user-provided profile credential; request third-party validation from a third party of the user-provided profile credential to a remote verification service; receive, from the third party via the remote verification service, validation of the user-provided profile credential; identify the user-provided profile credential within the user account as a validated profile credential based on the third-party validation, wherein the validated profile credential is not modifiable by the user; and restrict the display of the validated profile credential to only those entities or systems authorized by the user. The limitations above, as drafted, is a manufacture that, under its broadest reasonable interpretation, managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components. That is, other than reciting the above bolded limitations, such as “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing device, cause the computing device to: generate a graphical user interface accessible by a user,” and “a remote verification service,” nothing in the claim precludes the steps from practically managing personal behavior or interactions between people. For example, but for the “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing device, cause the computing device to: generate a graphical user interface accessible by a user,” and “a remote verification service,” language, the creation of a user account by the user that includes personal identifying information, receive user-provided details associated with a profile credential, wherein the profile credential comprises non-personal identifying information, add the profile credential to the user account as a user-provided profile credential, request third-party validation from a third party of the user-provided profile credential, receive, from the third party, validation of the user-provided profile credential; and identify the user-provided profile credential within the user account as a validated profile credential based on the third-party validation in the context of this claim encompasses the management of personal behavior or interactions between people through following rules or instructions for health credential validation. If a claim limitation, under its broadest reasonable interpretation, covers managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements of using “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing device, cause the computing device to: generate a graphical user interface accessible by a user,” and “a remote verification service,” to perform the claim limitations. The elements in each of these steps are recited at a high-level of generality (i.e., software executable on and located within or on a computer-readable storage medium such as a non-transitory computer-readable medium and a processor such as a microprocessor and the like, and graphical user interfaces implemented and/or generated by a module or subsystems on personal computing devices, and a distributed computing network where tasks are performed by a remote processing device linked through a communications network, each as they relate to general purpose computer components (Application Specification [0015], [0018]-[0019], [0075])). As such, the limitations amount to no more than mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems are mere data gathering and output recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using “a non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing device, cause the computing device to: generate a graphical user interface accessible by a user,” and “a remote verification service,” to perform the collecting, analyzing, storing, and generating limitations amounts to no more than mere instructions to apply the exception using a generic computer component. (i.e., software executable on and located within or on a computer-readable storage medium such as a non-transitory computer-readable medium and a processor such as a microprocessor and the like, and graphical user interfaces implemented and/or generated by a module or subsystems on personal computing devices, and a distributed computing network where tasks are performed by a remote processing device linked through a communications network, each as they relate to general purpose computer components (Application Specification [0015], [0018]-[0019], [0075])). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems amount to receiving or transmitting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. The claim is not patent eligible. Dependent claims 7-11, 14-20, and 23 include limitations of the independent claim and are directed to the same abstract idea as discussed above and incorporated herein. The dependent claims are rejected under 35 U.S.C. § 101 because they are directed to non-statutory subject matter. These additional claims recite what the vaccination and test data is and how it is analyzed. These information characteristics do not integrate the judicial exception into a practical application, and, when viewed individually or as a whole, they do not add anything substantial beyond collecting and analyzing vaccination and test data. Claim 14 recites the additional element of “a third-party database,“ being a data tied or rendered together in a database record that may reside in a computer or several computer-readable storage media linked in fields of a record in a database across a network; however, this element is recited at a high level of generality such that it amounts to a generic computer component. See Application Specification at [0019], MPEP 2106.05(f). Furthermore, the combination of elements does not indicate a significant improvement to the functioning of a computer or any other technology. Therefore the dependent claims are rejected under 35 U.S.C. § 101. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 2 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. US 2021/0313069 A1 (hereinafter “Williams et al.”) in view of U.S. Patent Application Pub. No. 2021/0326474 A1 (hereinafter “Sparks et al.”), U.S. Patent Application Pub. No. 2015/0227945 A1 (hereinafter “Shea III”), and U.S. Patent Application Pub. No. 2022/0191048 A1 (hereinafter “Day et al.”). RE: Claim 2 (Currently Amended) Williams et al. teaches the claimed: 2. (Currently Amended) A system comprising: a processor; an account creation subsystem to generate a first graphical user interface for rendering on a personal computer, the first graphical user interface to be utilized by a user to create a secure user account that includes personal identifying information ((Williams et al., [0029], [0032], [0039], [0067], [0070]) (the validation process can include the test participant inputting personal information; all test participation data includes test results that can be stored in secure e.g. HIPAA compliant) data storage; Prior to receiving the test kit, an agent of the healthcare provider downloads the app at and registers with the tracking platform at (e.g., by providing identification information and credentials for acting on behalf of the healthcare provider). Similarly, the patient participant downloads the app at and registers with the tracking platform; one or more programmable processors executing one or more computer programs; a client computer having a graphical user interface or a Web browser through which a user can interact)); a health credential interface to generate a second graphical user interface to receive: (i) a user-provided health credential identifying a vaccination status of the user with respect to a specific disease, (ii) information identifying a first entity that provided the vaccination status of the user, (iii) a user-provided health credential identifying a test status of the user with respect to the specific disease, and (iv) information identifying a second entity that administered the test to the user for the specific disease ((Williams et al., [0052], [0053], [0055], [0056], [0070]) (the health status certificate includes a human-readable display of health status information and encoded data e.g. QR code, referencing a digital token previously stored in a ledger that is associated with at least one health-related event for the first user e.g. whether the first user is considered to be fully vaccinated or has immunity to a particular virus; the second user navigates to a screen that allows the user to perform a verification of the health status certificate displayed on the first user device; the health status information can ensure criteria e.g. the verification performed by the validation platform can ensure a verified chain of possession of a health test kit or vaccination dose, a predetermined period of time since a positive test result for a communicable disease, a verified source of a health test kit or a vaccine, a recordation of a sequence of events in a distributed ledger, administration of a vaccination or a health test by an authorized entity, or verifying certification of a health status by a governmental, healthcare provider ,or other certifying entity; different health status profiles can correspond to immunity or vaccination for different diseases or different sets of criteria may be required by different entities to demonstrate vaccination or immunization status; a client computer having a graphical user interface or a Web browser through which a user can interact)); a verification subsystem configured to: (i) via a network, automatically transmit validation requests to a first third-party computing system for the vaccination status […], (ii) receive respective digital validation results, […] ((Williams et al., [0005], [0043], [0055]) (health status information for a person or a location collected through testing, administration of immunizations, other healthcare-related process, or safety procedures can be selectively shared with third parties in a manner that protects privacy of health information while enabling third parties to verify that the health status information is authentic and complies with certain certifications or desired sets of criteria; For illustrative purposes, different possible immunity statuses are depicted. Initially, the immunity status may reflect at 312 that a test has been taken but results have not yet been received. In such a case, the immunity status may be coded "red" to reflect that the patient participant does not yet have immunity. Later, the immunity status may reflect at 314 that test results have been received and a two-week quarantine period has been completed. Still later, the immunity status may reflect at 316 that the participant is cleared for normal activity)); and a code generation subsystem to generate a single scannable verification code that […], (ii) digitally associates the vaccination status of the user as validated third-party computing system as validated third-party computing system when scanned device, causes the verifying entity device to request, from the system via a remote verification service, a combined verification that both the validated vaccination health credential and the validated vaccination status exist in the secure user account, […]. ((Williams et al., [0006], [0022], [0043], [0057], Fig 3) (a first user's mobile device (e.g., a smartphone or a tablet) can display health status information (e.g., indicating that the first user has received a particular vaccination or completed a specific diagnostic testing regimen) on a display of the mobile device. The displayed information may include optically detectable encoded information (e.g., a QR-code) that can be captured as an image by the camera or other image sensor on a second user's mobile device (e.g., belonging to a person who wants to verify the health status information); The immunity certificate also includes a QR code that can be scanned using an app on a third-party device to verify the immunity status through the tracking platform; allows patient participants to have a digital identity that can allow them to track their health information related to a virus or other medical status or condition and to have the ability to share their health status with others; participants can also be certified as to their status by respective medical or government bodies i.e. third parties; A software application can be used to show a patient participant's current testing status as well as a previous record of exposure to a virus, as evidenced by the outcomes of testing. Participants can also be certified as to their status by respective medical or governmental bodies. These certifications (e.g., immunity certificates or immunization passports) can be shared by the patient with others, such as employers, businesses, and other people at their discretion. In some implementations, a digital wallet can be created on a participant's mobile phone to store their health status or certification status in a secure, auditable platform that can be shared with others)); Williams et al. fails to explicitly teach, but Sparks et al. teaches the claimed: via a network, automatically transmit validation requests to a first third-party computing system for the vaccination status and to a second third-party computing system for the test status ((Sparks et al., [0063], [0138]) (With the user's 102 permission, the vaccination record system 128 will query the SIRs ll4a-n where you or your minor children have received vaccinations. Generally, immunization registries are a secure health information system that contain immunization records for persons living in a particular state in the U.S.A., for example. SIRs 114a-n for any particular state or jurisdiction are generally secure and confidential and include and store immunization records from multiple healthcare providers 130, 132 or other similar sources in one centralized system i.e. transmit requests for vaccination/test results from multiple different third-parties; Similarly for in-home tests, the lab that provides the test results, in connection with in-home testing, can certify the test results or otherwise indicate that the actual result of the test is being transmitted to system 128 for subsequent storage in the vault 126 for the subscriber 602 and profile members 608a-e.)). One of ordinary skill in the art at the time of the effective filing date would have found it obvious to combine the querying and storing immunization records and test results from multiple healthcare providers or other sources as taught by Sparks et al. within the method and system for selectively sharing health status information for a person with third parties in a manner that protects privacy of health information as taught by Williams et al. with the motivation of providing confidentiality and security to users with their consolidated vaccination records from multiple different sources (Sparks et al., [0011]). Williams and Sparks et al. fail to explicitly teach, but Shea III teaches the claimed: and (iii) store within at least one protected data structure of the secure user account a validated vaccination health credential and a validated test credential that are immutable by the use ((Shea III, [0017], [0018]) (The individual immunoprofile credentials are then stored, maintained and managed in the secure credentials database; individuals can also access the database via a secure link using a personalized login and password to view their own records; they cannot change the immunoprofile data of their own records, only authorized test sites can update such records)). One of ordinary skill in the art at the time of the effective filing date would have found it obvious to combine the inability for individuals to change their immunoprofile data in their own records as taught by Shea III within the method and system for selectively sharing health status information for a person with third parties in a manner that protects privacy of health information as taught by Williams et al. and the querying and storing immunization records and test results from multiple healthcare providers or other sources as taught by Sparks et al. with the motivation of establishing a central database of individual's immunoprofile records that can be accessed by authorized administrations in order to grant access to cleared individuals to designated locations to help prevent the spread of disease (Shea III, [0013]). Williams, Sparks et al., and Shea III fail to explicitly teach, but Day et al. teaches the claimed: a code generation subsystem to generate a single scannable verification code that (i) is generated devoid of personal identifying information, […] without transmitting personal identifying information to the verifying entity device ((Day et al., [0050], [0098], Fig 2) (Only the patient needs to and should be carrying and transporting the vaccination certificate, since all health and personally identifiable data are processed at her consent and no sharing is needed between the original issuer and the verifier; Once the citizen presents the certificate to the verifying entity, the verifying entity, using, for example, a smart phone, tablet, or other known device, scans the QRCode(s) associated with the vaccine certificate and extracts the encoded information, thereby reassembling the "digital twin" of the vaccine associated with the vaccine certificate. This will provide the data, the digital signature, and the "salt" value if included)). One of ordinary skill in the art at the time of the effective filing date would have found it obvious to combine the QR code for verifying a health status record without any personal identifiable information as taught by Day et al. within the method and system for selectively sharing health status information for a person with third parties in a manner that protects privacy of health information as taught by Williams et al., the querying and storing immunization records and test results from multiple healthcare providers or other sources as taught by Sparks et al., and the inability for individuals to change their immunoprofile data in their own records as taught by Shea III with the motivation of while maintaining the highest level of security and privacy protections for sensitive information while supporting each respective role of individuals, public authorities or manufacturers in their tasks (Day et al., [0030]). Claims 3-11, 14-20, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. US 2021/0313069 A1 (hereinafter “Williams et al.”) in view of U.S. Patent Application Pub. No. 2021/0326474 A1 (hereinafter “Sparks et al.”), U.S. Patent Application Pub. No. 2015/0227945 A1 (hereinafter “Shea III”), RE: Claim 3 (Currently Amended) Williams et al. teaches the claimed: 3. (Currently amended) A non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing system, cause the computing system to implement operations to: facilitate the creation, by a user, of a secure user account, that stores personal identifying information of the user in at least one protected data structure ((Williams et al., [0009], [0029], [0039], [0067], [0070]) (a system includes a database storing records associated with a plurality of registered users; the participant can download an app that is securely managed by the platform and validate credentials to confirm the account; Prior to receiving the test kit, an agent of the healthcare provider downloads the app at and registers with the tracking platform at (e.g., by providing identification information and credentials for acting on behalf of the healthcare provider). Similarly, the patient participant downloads the app at and registers with the tracking platform; one or more programmable processors executing one or more computer programs; a client computer having a graphical user interface or a Web browser through which a user can interact)); receive, from the user, a user-provided user-provided health credential is stored as part of the secure user account ((Williams et al., [0041], [0042]) (the patient participant can scan the test kit barcode using the app, or the agent participant can associated the test kit with the patient participant and sending the patient information to the tracking platform; when the test results are received, the health care provider records the test results and the test results are recorded to the tracking platform; the tracking platform also creates an immunity certificate documenting the test results; the immunity status certificate is then available for use by the patient participant e.g. to present to third parties; these credentials can be confirmed against data previously recorded in the platform)); automatically transmit, over the network, an electronic validation request to a third-party computing system to validate the user-provided health credential ((Williams et al., [0021]-[0022]) (the authenticity and validity of test results or immunity status can be confirmed using the service platform; the platform can also have the ability to respond to queries to validate events that have occurred in the past and the participants in those events; test results and vaccination status can be retrieved by authenticating the identification of the patient participant and retrieving records associated with the patient participant using the service platform; A software application can be used to show a patient participant's current testing status as well as a previous record of exposure to a virus, as evidenced by the outcomes of testing; participants can also be certified as to their status by respective medical or government bodies i.e. third parties)); receive, from the third[[ ]]-party computing system, validation of the user-provided health credential; upon receiving the digital validation result confirming the user-provided health credential, replace, in the protected data structure, the user-provided health credential wherein the validated health credential stored in the secure user account is immutable by the user ((Williams et al., [0022], [0057]) (allows patient participants to have a digital identity that can allow them to track their health information related to a virus or other medical status or condition and to have the ability to share their health status with others; participants can also be certified as to their status by respective medical or government bodies i.e. third parties; A software application can be used to show a patient participant's current testing status as well as a previous record of exposure to a virus, as evidenced by the outcomes of testing. Participants can also be certified as to their status by respective medical or governmental bodies. These certifications (e.g., immunity certificates or immunization passports) can be shared by the patient with others, such as employers, businesses, and other people at their discretion. In some implementations, a digital wallet can be created on a participant's mobile phone to store their health status or certification status in a secure, auditable platform that can be shared with others)); receive a request by the user to share, with an external computing system, an indication that the user holds the validated health credential; and electronically transmit to the external computing system, in response to the user request, a confirmation [[of]] that the validated health credential exists in the secure user account while withholding at least some personal identifying information from the external computing system ((Williams et al., [0053], [0054]) (health status information for a person can be selectively shared with third parties in a manner that protects privacy of health information while enabling third parties to verify that the health status information is authentic and complies with certain certifications or desired sets of criteria; The first user then presents the display screen to a second user of a second user device ( e.g., a smartphone); After authenticating with the validation system through a software application on the second user device, the second user navigates to a screen on the software application that allows the user to perform a verification of the health status certificate displayed on the first user device; The software application on the second user device displays the verification information (e.g., identification information and health status information as stored by the verification platform). The second user can then confirm that the health status certificate displayed on the first user device and the user identity matches the verification information received from the verification platform)). Williams et al. fails to explicitly teach, but Shea III teaches the claimed: wherein the validated health credential stored in the secure user account is immutable by the user ((Shea III, [0018]) (individuals can also access the database via a secure link using a personalized login and password to view their own records; they cannot change the immunoprofile data of their own records, only authorized test sites can update such records)). One of ordinary skill in the art at the time of the effective filing date would have found it obvious to combine the inability for individuals to change their immunoprofile data in their own records as taught by Shea III within the method and system for selectively sharing health status information for a person with third parties in a manner that protects privacy of health information as taught by Williams et al. with the motivation of establishing a central database of individual's immunoprofile records that can be accessed by authorized administrations in order to grant access to cleared individuals to designated locations to help prevent the spread of disease (Shea III, [0013]). RE: Claim 4 (Currently Amended) Williams et al. and Shea III teach the claimed: 4. The non-transitory computer-readable medium of claim 3, wherein the operation to contact a third[[-]] party to request the validation comprises querying a third-party database to validate the user-provided health credential, via a remote verification service ((Williams et al., [0021], [0071]) (The platform can also have the ability to respond to queries to validate events that have occurred in the past and the participants in those events; The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network.)). RE: Claim 5 (Currently Amended) Williams et al. and Shea III teach the claimed: 5. The non-transitory computer-readable medium of claim 3, wherein the operation to contact a third[[-]] party to request the validation comprises requesting manual verification of a health credential by an employee of the third party ((Williams et al., [0053]) (The second user positions the second user device to capture an image of the encoded data displayed on the first user device. The software application on the second user device processes the detected image to extract the reference to the digital token encoded in the image. The software application on the second user device transmits a request to verify the health status certificate including a serialized version of the extracted reference to the verification platform)). RE: Claim 6 (Currently Amended) Williams et al. teaches the claimed: 6. A non-transitory computer-readable medium with instructions stored therein that, when executed by a processor of a computing device, cause the computing device to: generate a graphical user interface accessible by a user to facilitate the creation of a secure user account by the user that includes personal identifying information […] ((Williams et al., [0039], [0067], [0068], [0070]) (Prior to receiving the test kit, an agent of the healthcare provider downloads the app at and registers with the tracking platform at (e.g., by providing identification information and credentials for acting on behalf of the healthcare provider). Similarly, the patient participant downloads the app at and registers with the tracking platform; one or more programmable processors executing one or more computer programs; the processor will receive instructions and data from a read-only memory or a random access memory or both; USB, CDROM and , DVD-ROM disks; a client computer having a graphical user interface or a Web browser through which a user can interact)); receive, from the user, user-provided details associated with a profile credential, wherein the profile credential comprises non-personal identifying information ((Williams et al., [0005], [0011]) (Events that occur in an overall process of obtaining health status information can be tracked and memorialized using a digital token stored in a distributed ledger so that the occurrence of the event can later be authenticated and verified; detecting an image displayed on a display of a mobile device using an image sensor. The image is associated with health status information displayed on the display of the mobile device. The operations further include decoding data encoded in the detected image to obtain a reference to a digital token previously stored in a distributed ledger to record at least one health-related event associated with the health status information and sending a request to a server system for verification of the health status information)); add the profile credential to the user account as a user-provided profile credential; request third-party validation from a third party of the user-provided profile credential to a remote verification service; receive, from the third party via the remote verification service, validation of the user-provided profile credential ((Williams et al., [0021]-[0022], [0057]) (the authenticity and validity of test results or immunity status can be confirmed using the service platform; the platform can also have the ability to respond to queries to validate events that have occurred in the past and the participants in those events; test results and vaccination status can be retrieved by authenticating the identification of the patient participant and retrieving records associated with the patient participant using the service platform; A software application can be used to show a patient participant's current testing status as well as a previous record of exposure to a virus, as evidenced by the outcomes of testing; participants can also be certified as to their status by respective medical or government bodies i.e. third parties; allows patient participants to have a digital identity that can allow them to track their health information related to a virus or other medical status or condition and to have the ability to share their health status with others; participants can also be certified as to their status by respective medical or government bodies i.e. third parties; These certifications (e.g., immunity certificates or immunization passports) can be shared by the patient with others, such as employers, businesses, and other people at their discretion. In some implementations, a digital wallet can be created on a participant's mobile phone to store their health status or certification status in a secure, auditable platform that can be shared with others)); and identify the user-provided profile credential within the user account as a validated profile credential based on the third-party validation, […] and restrict the display of the validated profile credential to only those entities or systems authorized by the user in the secure user account settings ((Williams et al., [0005], [0006], [0022], [0057]) (Events that occur in an overall process of obtaining health status information can be tracked and memorialized using a digital token stored in a distributed ledger so that the occurrence of the event can later be authenticated and verified; other identification or verification information (e.g., a name and/or a timestamp for when the health status information was last updated; allows patient participants to have a digital identity that can allow them to track their health information related to a virus or other medical status or condition and to have the ability to share their health status with others; participants can also be certified as to their status by respective medical or government bodies i.e. third parties; A software application can be used to show a patient participant's current testing status as well as a previous record of exposure to a virus, as evidenced by the outcomes of testing. Participants can also be certified as to their status by respective medical or governmental bodies. These certifications (e.g., immunity certificates or immunization passports) can be shared by the patient with others, such as employers, businesses, and other people at their discretion. In some implementations, a digital wallet can be created on a participant's mobile phone to store their health status or certification status in a secure, auditable platform that can be shared with others)). Williams et al. fails to explicitly teach, but Shea III teaches the claimed: and to configure secure user account settings that specify entities or systems authorized by the user to view validated credentials ((Shea III, [0036]) (Then, with authorization, any interested party can access the database and determine if the person who will be in their presence is appropriately protected. Such access is provided with appropriate consent)); wherein the validated profile credential is ((Shea III, [0018]) (individuals can also access the database via a secure link using a personalized login and password to view their own records; they cannot change the immunoprofile data of their own records, only authorized test sites can update such records)). One of ordinary skill in the art at the time of the effective filing date would have found it obvious to combine the inability for individuals to change their immunoprofile data in their own records as taught by Shea III within the method and system for selectively sharing health status information for a person with third parties in a manner that protects privacy of health information as taught by Williams et al. with the motivation of establishing a central database of individual's immunoprofile records that can be accessed by authorized administrations in order to grant access to cleared individuals to designated locations to help prevent the spread of disease (Shea III, [0013]). RE: Claim 7 (Previously Presented) Williams et al. and Shea III teach the claimed: 7. The non-transitory computer-readable medium of claim 6, wherein the profile credential comprises a health credential ((Williams et al., [0043]) (the health status certificate is illustrated as an immunity certificate, although in other implementations, the health status certificate may provide other health status information (e.g., vaccination status or status of a health test outcome))). RE: Claim 8 (Previously Presented) Williams et al. and Shea III teach the claimed: 8. The non-transitory computer-readable medium of claim 7, wherein the instructions are further configured to cause the computing device to: receive a request by the user to share the existence of the validated health credential with an entity ((Williams et al., [0050]) (When a user of the first user device desires to share health status information (e.g., for purposes of demonstrating a vaccination or immunization status), the user navigates to a screen that displays a health status certificate, such as the health status certificate)). RE: Claim 9 (Previously Presented) Williams et al. and Shea III teach the claimed: 9. The non-transitory computer-readable medium of claim 8, wherein the instructions are further configured to cause the computing device to: indicate to the entity that the user has the validated health credential ((Williams et al., [0054]) (The verification platform then transmits a communication to the second user device to verify the health status certificate. The software application on the second user device displays the verification information (e.g., identification information and health status information as stored by the verification platform))). RE: Claim 10 (Currently Amended)) Williams et al. and Shea III teach the claimed: 10. The non-transitory computer-readable medium of claim 9, wherein the instructions are configured to cause the computing device to indicate to the entity that the user has the validated health credential by generating a QR code, wherein the QR code is configured such that, when scanned by a verifying entity device, the verifying entity device requests, from the system via the remote verification service, a confirmation that the validated health credential exists in the secure user account ((Williams et al., [0006], [0053], [0054]) (A software application installed on a first user's mobile device (e.g., a smartphone or a tablet) can display health status information ( e.g., indicating that the first user has received a particular vaccination or completed a specific diagnostic testing regimen) on a display of the mobile device. The displayed information may include optically detectable encoded information (e.g., a QR-code) that can be captured as an image by the camera or other image sensor on a second user's mobile device (e.g., belonging to a person who wants to verify the health status information); health status information for a person can be selectively shared with third parties in a manner that protects privacy of health information while enabling third parties to verify that the health status information is authentic and complies with certain certifications or desired sets of criteria; The first user then presents the display screen to a second user of a second user device ( e.g., a smartphone); After authenticating with the validation system through a software application on the second user device, the second user navigates to a screen on the software application that allows the user to perform a verification of the health status certificate displayed on the first user device; The software application on the second user device displays the verification information (e.g., identification information and health status information as stored by the verification platform). The second user can then confirm that the health status certificate displayed on the first user device and the user identity matches the verification information received from the verification platform)). RE: Claim 11 (Previously Presented) Williams et al. and Shea III teach the claimed: 11. The non-transitory computer-readable medium of claim 10, wherein the instructions are configured to cause the computing device to generate the QR code together with a photo of the user ((Williams et al., [0043], Fig 5) (a validation system for validating health status information including a QR code and photo of a patient participant)). RE: Claim 12 (Previously Presented) Williams et al. and Shea III teach the claimed: 12. The non-transitory computer-readable medium of claim 10, wherein the instructions are configured to cause the computing device to generate the QR code together with at least some of the personal identifying information ((Williams et al., [0043], Fig 5) (a validation system for validating health status information including a QR code, the name of the patient participating along with other identifying information and photo of a patient participant)). RE: Claim 14 (Currently Amended)) Williams et al. and Shea III teach the claimed: 14. The non-transitory computer-readable medium of claim 6, wherein the instructions are configured to cause the computing device to request third-party validation by querying a third-party database via the remote verification service to validate the user-provided profile credential ((Williams et al., [0021], [0071]) (The platform can also have the ability to respond to queries to validate events that have occurred in the past and the participants in those events; The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network.)). RE: Claim 15 (Previously Presented) Williams et al. and Shea III teach the claimed: 15. The non-transitory computer-readable medium of claim 6, wherein the instructions are configured to cause the computing device to request third-party validation by requesting manual verification of the profile credential by an employee of the third party ((Williams et al., [0053]) (The second user positions the second user device to capture an image of the encoded data displayed on the first user device. The software application on the second user device processes the detected image to extract the reference to the digital token encoded in the image. The software application on the second user device transmits a request to verify the health status certificate including a serialized version of the extracted reference to the verification platform)). RE: Claim 16 (Previously Presented) Williams et al. and Shea III teach the claimed: 16. The non-transitory computer-readable medium of claim 6, wherein the profile credential comprises a certification status ((Williams et al., [0043]) (the health status certificate is illustrated as an immunity certificate, although in other implementations, the health status certificate may provide other health status information (e.g., vaccination status or status of a health test outcome))). RE: Claim 17 (Previously Presented) Williams et al. and Shea III teach the claimed: 17. The non-transitory computer-readable medium of claim 16, wherein the instructions are further configured to cause the computing device to: receive a request by the user to share the existence of the validated certification status with an entity ((Williams et al., [0050]) (When a user of the first user device desires to share health status information (e.g., for purposes of demonstrating a vaccination or immunization status), the user navigates to a screen that displays a health status certificate, such as the health status certificate)). RE: Claim 18 (Previously Presented) Williams et al. and Shea III teach the claimed: 18. The non-transitory computer-readable medium of claim 17, wherein the instructions are further configured to cause the computing device to: indicate to the entity that the user has the validated certification status ((Williams et al., [0054]) (The verification platform then transmits a communication to the second user device to verify the health status certificate. The software application on the second user device displays the verification information (e.g., identification information and health status information as stored by the verification platform))). RE: Claim 19 (Previously Presented) Williams et al. and Shea III teach the claimed: 19. The non-transitory computer-readable medium of claim 18, wherein the instructions are configured to cause the computing device to indicate to the entity that the user has the validated certification status by generating a QR code ((Williams et al., [0006]) (A software application installed on a first user's mobile device (e.g., a smartphone or a tablet) can display health status information ( e.g., indicating that the first user has received a particular vaccination or completed a specific diagnostic testing regimen) on a display of the mobile device. The displayed information may include optically detectable encoded information (e.g., a QR-code) that can be captured as an image by the camera or other image sensor on a second user's mobile device (e.g., belonging to a person who wants to verify the health status information))). RE: Claim 20 (Previously Presented) Williams et al. and Shea III teach the claimed: 20. The non-transitory computer-readable medium of claim 19, wherein the instructions are configured to cause the computing device to generate the QR code together with a photo of the user ((Williams et al., [0043], Fig 5) (a validation system for validating health status information including a QR code and photo of a patient participant)). RE: Claim 23 (Previously Presented) Williams et al. and Shea III teach the claimed: 23. The non-transitory computer-readable medium of claim 6, wherein the profile credential comprises one or more of a test score, a vaccination status, a test result, a certification status, and an approval status ((Williams et al., [0043]) (the health status certificate is illustrated as an immunity certificate, although in other implementations, the health status certificate may provide other health status information (e.g., vaccination status or status of a health test outcome))). Response to Arguments Applicant's arguments filed 10/20/2025 have been fully considered but they are not persuasive. Applicant’s arguments will be addressed herein below in the order in which they appear in the response filed on 10/20/2025. In the remarks, Applicant argues in substance that: Regarding the 101 rejection of claims 2-23, Applicant argues that the claims are not directed to an abstract idea, and are integrated into a practical application and include significantly more; Regarding the 112 rejections of claims 3-23, Applicant argues the amendments to the claims overcome the rejections; Regarding the 103 rejections of claims 2-11, 14-20, and 23, Applicant argues the amendments to the claims overcome the prior art rejections. In response to Applicant’s argument a) regarding the 101 rejection, Examiner respectfully disagrees. First, Applicant argues that the claims do not recite a Mental Process. Examiner respectfully disagrees and submits that the independent claims, as currently amended, are directed to the abstract idea of Certain Methods of Organizing Human Activity, but for the recitation of generic computer components. That is, but for the recitation of the computer components at a high-level, the claims recite limitations such as: create a secure user account that includes personal identifying information by a user; to receive: (i) a user-provided health credential identifying a vaccination status of the user with respect to a specific disease, (ii) information identifying a first entity that provided the vaccination status of the user, (iii) a user-provided health credential identifying a test status of the user with respect to the specific disease, and (iv) information identifying a second entity that administered the test to the user for the specific disease; receive respective digital validation results; generate a code devoid of personal identifying information that associates the vaccination status of the user as validated and the test status of the user as validated; request a combined verification that both the validated vaccination health credential and the validated vaccination status exist in the secure user account, without transmitting personal identifying information in the context of this claim encompasses the management of personal behavior or interactions between people through following rules or instructions for health credential validation. If a claim limitation, under its broadest reasonable interpretation, covers managing personal behavior or interactions between people through following rules or instructions but for the recitation of generic computer components, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. Second, Applicant argues that the additional elements of the claim integrate the abstract idea into a practical application because 1: the claims recite a protected data structure. 2) selective-disclosure output, and 3) single code combining two validated items from different servers. Examiner respectfully disagrees. That is, the additional elements of the claim amount to using generic computer components at a high level to perform the identified abstract idea. See MPEP 2105.06(f) (i.e., a processor such as a microprocessor or the like, subsystems such as modules related to their function that is facilitates as part of a hardware system and/or computer-readable medium, and graphical user interfaces implemented and/or generated by a module or subsystems on personal computing devices, as they relate to general purpose computer components (Application Specification [0015], [0070], [0075])). In this way, the storage of data is recited using general purpose data storage components using a computer as a tool. Second, the selective output of data is part of the abstract idea, being a rule or instruction for outputting data and thus, is not an additional element that integrates the claim into a practical application. Third, the combining of data from different computing components, as recited in the claims, amounts to the transmissions of data for mere data gathering and output for storage which amounts to extra-solution activity that is well-understood, routine, and conventional. See MPEP 2106.05(d), subsection II, (g). The claims, further, as currently recited, merely state that the code is associated with the vaccination status and does not itself combine two validated items from different services. Applicant argues the additional elements are not generic computer components and do not recite well-understood, routine, and conventional activity. Examiner respectfully disagrees and submits that the additional elements recite managing personal behavior or interactions between people through following rules or instructions using generic computer components as a tool. (i.e., a processor such as a microprocessor or the like, subsystems such as modules related to their function that is facilitates as part of a hardware system and/or computer-readable medium, and graphical user interfaces implemented and/or generated by a module or subsystems on personal computing devices, as they relate to general purpose computer components (Application Specification [0015], [0070], [0075])). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. See MPEP 2106.05(f). Further, the limitations regarding the transmitting data and requests via a network between computing devices and systems amount to receiving or transmitting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II, (g). Regarding independent claim 6, Examiner respectfully submits that the claim recites the abstract idea of Certain Methods of Organizing Human activity, wherein an account specifying entities or systems authorized to view validated credentials and restricting display of the validated credentials to only those entities or systems authorized by the user falls under the abstract idea of managing personal behavior or interactions between people through following rules or instructions performed using general purpose computer components. These authorization settings are rules or instructions for interactions between people that fall under the abstract idea to be performed by general purpose computer components such that they do not integrate the claim into a practical application nor recite significantly more than the abstract idea. Dependent claims 10, 14, and the other dependent claims recite additional elements that amount to applying general purpose computer components as a tool to perform the abstract idea such that they do not integrate the claims into a practical application. See Application Specification at [0019], MPEP 2106.05(f). Applicant argues that the possibility of preemption is minimal due to the particular architecture of the claims. Examiner respectfully submits that claims are directed to using general purpose computer components for mere data gathering, output, and storage via a network, wherein the account settings, immutability are recited at a high level such that the claims are not directed to how the data structure of data structure protects data at the data structure level such that the claims are directed to a particular database, but rather, through a series of rules or instructions of mere data gathering and output between entities using general purpose computer components by selectively sharing data through particular rules or instructions are mere data processing through filtering data by analysis, and that the claims recite verifying credentials merely using a computer as a tool to perform the abstract idea. Accordingly, the 101 rejection of claims 2-11, 14-20, and 23 is maintained as applied in the above Office Action. In response to Applicant’s argument (b) regarding the 112 rejections, Examiner is persuaded and has withdrawn the prior 112(a) and 112(b) rejections. In response to Applicant’s argument (c) regarding the 103 rejections, Examiner respectfully disagrees. First, Applicant argues that the prior art fails to teach the identifier-based, server-side verification through a single scannable code and protected data structure replacement with user immutabilibility as now claimed in independent claim 2. Examiner respectfully disagrees. That is, Williams et al. in view of Sparks et al., Shea III, and Day et al. teach each limitation of independent claim 2 in obvious combination. Sparks et al. fills the gap of Williams by teaching secure and confidential retrieval and storage from multiple disparate sources as two-source verification from multiple providers, state immunization registries, and labs See Sparks et al., [0063], [0138]. Further, Shea III teaches the individual immunoprofile credentials are then stored, maintained and managed in the secure credentials database; individuals can also access the database via a secure link using a personalized login and password to view their own records and users cannot change the immunoprofile data of their own records, only authorized test sites can update such records. See Shea III, [0017], [0018]. Second, Applicant argues in view of claims 3-13, 15-21, and 23 that the cited prior art fails to teach the protected-structure replacement and immutability, selective disclosure, remote-service identifiers, and account settings enforcement. Examiner respectfully disagrees and submits that Williams et al. teaches the replacement through different possible immunity statuses are depicted, wherein initially, the immunity status may reflect at that a test has been taken but results have not yet been received, and in such a case, the immunity status may be coded "red" to reflect that the patient participant does not yet have immunity; later, the immunity status may reflect at 314 that test results have been received See [0005], [0043], [0055]. Second, as discussed above, Shea III teaches the immutability as users cannot change their own records. Third, the limitations of claims 3 and 6 regarding personal identifiable information, under broadest reasonable interpretation, do not withhold personal identifiable information similar in scope to that of independent claim 2 and merely suggests that not all personal identifiable information is shared, such that Williams in view of Shea III teach the current scope of the claims, wherein Shea III teaches that only consenting information form the user to those authorized is shared. Lastly, Williams et al. teaches the remote verification and through remote database queries. See Williams at [0021], [0071]. Accordingly, Examiner respectfully maintains the 103 rejection of claims 2-11, 14-20, and 23 as applied in the above Office Action. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Patent Application Pub. No. 2021/0358068 A1 teaches a verified health pass that is indicative for at least one health status of an individual (Abstract); U.S. Patent Application Pub. No. 2022/0013200 A1 teaches an influenza status registry displaying information pertaining to a person’s disease and vaccination status (Abstract). Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY BALAJ whose telephone number is (571)272-8181. The examiner can normally be reached 8:00 - 4:00 M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fonya Long can be reached at (571) 270-5096. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /A.M.B./Examiner, Art Unit 3682 /FONYA M LONG/Supervisory Patent Examiner, Art Unit 3682
Read full office action

Prosecution Timeline

Show 1 earlier event
Sep 10, 2024
Non-Final Rejection mailed — §101, §103
Feb 11, 2025
Response Filed
May 19, 2025
Final Rejection mailed — §101, §103
Oct 20, 2025
Request for Continued Examination
Oct 29, 2025
Response after Non-Final Action
Nov 06, 2025
Non-Final Rejection mailed — §101, §103
Apr 06, 2026
Response after Non-Final Action
Apr 06, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12646595
COMPUTER-BASED SYSTEMS CONFIGURED FOR REAL-TIME INTEGRATION OF RESOURCES ACROSS DISPARATE ELECTRONIC PLATFORMS AND METHODS OF USE THEREOF
2y 4m to grant Granted Jun 02, 2026
Patent 12640256
SYSTEMS AND METHODS FOR SHARING HEALTHCARE DATA WITH HEALTHCARE DATA PROCESSORS
2y 7m to grant Granted May 26, 2026
Patent 12633392
MAPPING DATA PIPELINES FOR SURGICAL SYSTEMS
1y 5m to grant Granted May 19, 2026
Patent 12548646
MEDICAL DEVICE SYSTEM AND METHOD HAVING A DISTRIBUTED DATABASE
3y 3m to grant Granted Feb 10, 2026
Patent 12542207
COMPUTING TECHNOLOGIES FOR OPERATING USER INTERFACES BASED ON INTEGRATING DATA FROM DATA SOURCES
1y 0m to grant Granted Feb 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
30%
Grant Probability
63%
With Interview (+33.1%)
3y 6m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 120 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month