DETAILED ACTION
This Office action is in reply to correspondence filed 10 December 2025 in regard to application no. 17/983,948. Claim 4 has been cancelled. Claims 1-3 and 5-21 are pending and are considered below.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 5 is objected to because of the following informalities: it purports to depend from claim 4, but claim 4 has been cancelled. Based on the claim history, it appears claim 5 should depend from claim 3, and it will be examined as such. Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 3, 6, 9, 12, 14 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Lund et al. (U.S. Publication No. 2017/0244695) in view of Gandhi et al. (U.S. Publication No. 2021/0218744).
In-line citations are to Lund.
With regard to Claim 1:
Lund teaches: A method comprising:
transmitting, by a user device to a relying party computing device, an
access request to a relying party page of the relying party computing
device, wherein the access request includes a first identity attribute… [0019; references to a "sink device" refer to a user's device; 0038; the sink device
issues a "request" for an "access page" that provides information and requires
authorization; the request is sent to a "service provider"]
in response to transmitting the access request, displaying, on a display of
the user device, an identity network page of an identity network computing
device, wherein the identity network page includes a plurality of identity
providers that are enrolled for use with the identity attribute sharing
system; [0042; the user may "select" a "service provider identifier" from a "list of MSE partner websites" which are able to "manage [an] access token sufficient to
gain access" to services]
receiving, on an input interface component of the user device, a user input
selecting a first identity provider of the plurality of identity providers, [id.]
wherein the first identity provider is associated with a first identity provider
computing device storing a second identity attribute associated with a user
associated with the user device; [0003; two attributes such as a username and
password may be required to gain access; storing the data on any of three
computers would have been obvious to one of ordinary skill in the art at the
relevant time, simply a matter of selecting of one storage device from a small
number with a reasonable chance of success]
providing, by the user device to the first identity provider computing
device, authentication information for the first identity provider to
authenticate an identity of the user; [0042; the user provides the
authentication information to the service provider] and
receiving, by the user device from the relying party computing device,
based at least in part on the first identity attribute and the second identity
attribute, access to the relying party page. [0042; the service provider then
provides a token which grants access to the webpage for the user]
Lund does not explicitly teach the relying party computing device is distinct from the user device, but it is known in the art. Gandhi teaches a system for providing network access using secondary authentication. [abstract] Subscribers of “mobile network operators” gain access to a “third party domain” using an “external data network that handles secondary authentication and provides services to the authenticated enterprise users”. [0011] Gandhi and Lund are analogous art as each is directed to electronic means for validating users of computer services.
It would have been obvious to one of ordinary skill in the art just prior to the filing of the claimed invention to combine the teaching of Gandhi with that of Lund in order to provide efficient management of communication resources, as taught by Gandhi; [0002] further, it is simply a substitution of one known part for another with predictable results, simply using the authentication topology of Gandhi rather than that of Lund; the substitution produces no new and unexpected result.
With regard to Claim 3:
The method of claim 1, wherein providing access to the page of the selected identity provider comprises at least one of: receiving a selection of an application link that launches a mobile application associated with the selected identity provider, or presenting a QR code associated with the selected identity provider. [0046; a QR code may be used]
This claim is not patentably distinct from claim 1. It requires nothing more than presenting a QR code, which is nonfunctional, printed matter which bears no functional relation to the claimed substrate and so is considered but given no patentable weight. The reference is provided for the purpose of compact prosecution.
With regard to Claim 6:
The method of claim 1, wherein the identity attributes include at least one of the user's name, address, phone number, email address, gender, birthdate, or peer to peer payment network token. [0003; "username"]
This claim is not patentably distinct from claim 1. First, it consists entirely of
nonfunctional, descriptive language, disclosing at most human interpretation of
data but which imparts neither structure nor functionality to the claimed method.
Second, as the data only "include" one of these, they can include other
information, and any further processing can be based entirely on the other
information. The reference is provided for the purpose of compact prosecution.
With regard to Claim 9:
Lund teaches: A non-transitory computing-device readable storage medium
on which computing-device readable instructions of a program are stored,
the instructions, when executed by one or more processors of a user
device, cause the user device to perform a method, [0062; instructions to
perform a method "may be embodied in a computer-readable medium"
comprising "instructions operable with a processor"] comprising:
transmitting, by the user device to a relying party computing device, an
access request to a relying party page of the relying party computing
device, wherein the access request includes a first identity attribute… [0019; references to a "sink device" refer to a user's device; 0038; the sink device
issues a "request" for an "access page" that provides information and requires
authorization; the request is sent to a "service provider"]
in response to transmitting the access request, displaying, on a display of
the user device, an identity network page of an identity network computing
device, wherein the identity network page includes a plurality of identity providers that are enrolled for use with the identity attribute sharing system; [0042; the user may "select" a "service provider identifier" from a "list of
MSE partner websites" which are able to "manage [an] access token sufficient to
gain access" to services]
receiving, on an input interface component of the user device, a user input
selecting a first identity provider of the plurality of identity providers, [id.]
wherein the first identity provider is associated with a first identity provider
computing device storing a second identity attribute associated with a user
associated with the user device; [0003; two attributes such as a username and
password may be required to gain access; storing the data on any of three
computers would have been obvious to one of ordinary skill in the art at the
relevant time, simply a matter of selecting of one storage device from a small
number with a reasonable chance of success]
providing, by the user device to the first identity provider computing
device, authentication information for the first identity provider to
authenticate an identity of the user; [0042; the user provides the
authentication information to the service provider] and
receiving, by the user device from the relying party computing device,
based at least in part on the first identity attribute and the second identity
attribute, access to the relying party page. [0042; the service provider then
provides a token which grants access to the webpage for the user]
Lund does not explicitly teach the relying party computing device is distinct from the user device, but it is known in the art. Gandhi teaches a system for providing network access using secondary authentication. [abstract] Subscribers of “mobile network operators” gain access to a “third party domain” using an “external data network that handles secondary authentication and provides services to the authenticated enterprise users”. [0011] Gandhi and Lund are analogous art as each is directed to electronic means for validating users of computer services.
It would have been obvious to one of ordinary skill in the art just prior to the filing of the claimed invention to combine the teaching of Gandhi with that of Lund in order to provide efficient management of communication resources, as taught by Gandhi; [0002] further, it is simply a substitution of one known part for another with predictable results, simply using the authentication topology of Gandhi rather than that of Lund; the substitution produces no new and unexpected result.
With regard to Claim 12:
The non-transitory computing-device readable storage media of claim 9,
wherein:
providing access to the page of the selected identity provider comprises
presenting a QR code associated with the selected identity provider. [0046;
the indicator to obtain the access token may be in the form of a QR code]
This claim is not patentably distinct from claim 9, as it consists entirely of
nonfunctional printed matter which bears no functional relation to the substrate
and which is therefore considered but given no patentable weight. The reference
is provided for the purpose of compact prosecution.
With regard to Claim 14:
The non-transitory computing-device readable storage media of claim 9,
wherein the identity attributes include at least one of the user's name,
address, phone number, email address, gender, birthdate, or peer to peer
payment network token. [0003; "username"]
This claim is not patentably distinct from claim 9. First, it consists entirely of
nonfunctional, descriptive language, disclosing at most human interpretation of
data but which imparts neither structure nor functionality to the claimed medium.
Second, as the data only "include" one of these, they can include other
information, and any further processing can be based entirely on the other
information. The reference is provided for the purpose of compact prosecution.
With regard to Claim 16:
Lund teaches: A user device comprising:
a memory comprising computer-executable instructions; and
a processor configured to access the memory and execute the computer-
executable instructions to perform operations [0062; instructions to perform a
method "may be embodied in a computer-readable medium" comprising
"instructions operable with a processor"] comprising:
transmitting, by the user device to a relying party computing device, an
access request to a relying party page of the relying party computing
device, wherein the access request includes a first identity attribute… [0019; references to a "sink device" refer to a user's device; 0038; the sink device
issues a "request" for an "access page" that provides information and requires
authorization; the request is sent to a "service provider"]
in response to transmitting the access request, displaying, on a display of
the user device, an identity network page of an identity network computing
device, wherein the identity network page includes a plurality of identity
providers that are enrolled for use with the identity attribute sharing
system; [0042; the user may "select" a "service provider identifier" from a "list of
MSE partner websites" which are able to "manage [an] access token sufficient to
gain access" to services]
receiving, on an input interface component of the user device, a user input selecting a first identity provider of the plurality of identity providers, [id.]
wherein the first identity provider is associated with a first identity provider
computing device storing a second identity attribute associated with a user
associated with the user device; [0003; two attributes such as a username and
password may be required to gain access; storing the data on any of three
computers would have been obvious to one of ordinary skill in the art at the
relevant time, simply a matter of selecting of one storage device from a small
number with a reasonable chance of success]
providing, by the user device to the first identity provider computing
device, authentication information for the first identity provider to
authenticate an identity of the user; [0042; the user provides the
authentication information to the service provider] and
receiving, by the user device from the relying party computing device,
based at least in part on the first identity attribute and the second identity
attribute, access to the relying party page. [0042; the service provider then
provides a token which grants access to the webpage for the user]
Lund does not explicitly teach the relying party computing device is distinct from the user device, but it is known in the art. Gandhi teaches a system for providing network access using secondary authentication. [abstract] Subscribers of “mobile network operators” gain access to a “third party domain” using an “external data network that handles secondary authentication and provides services to the authenticated enterprise users”. [0011] Gandhi and Lund are analogous art as each is directed to electronic means for validating users of computer services.
It would have been obvious to one of ordinary skill in the art just prior to the filing of the claimed invention to combine the teaching of Gandhi with that of Lund in order to provide efficient management of communication resources, as taught by Gandhi; [0002] further, it is simply a substitution of one known part for another with predictable results, simply using the authentication topology of Gandhi rather than that of Lund; the substitution produces no new and unexpected result.
With regard to Claim 17:
The user device of claim 16, wherein providing access to the page of the
selected identity provider comprises receiving a selection of at least one
of:
a web link that navigates a browser of the user device to a login page of the
selected identity provider; or
an application link that launches a mobile application associated with the
selected identity provider. [0026; a hyperlink may be used]
With regard to Claim 18:
The user device of claim 16, wherein:
providing access to the page of the selected identity provider comprises
presenting a QR code associated with the selected identity provider. [0046;
the indicator to obtain the access token may be in the form of a QR code]
This claim is not patentably distinct from claim 16, as it consists entirely of
nonfunctional printed matter which bears no functional relation to the substrate
and which is therefore considered but given no patentable weight. The reference
is provided for the purpose of compact prosecution.
Claim(s) 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Lund et al. in view of Gandhi et al. further in view of Cairns et al. (U.S. Patent No. 10,142,464).
These claims are similar so are analyzed together.
With regard to Claim 2:
The method of claim 1, wherein:
providing access to the page of the selected identity provider comprises
receiving a selection of a web link that navigates a browser of the user
device to a login page of the selected identity provider.
With regard to Claim 10:
The non-transitory computing-device readable storage media of claim 9,
wherein:
providing access to the page of the selected identity provider comprises
receiving a selection of a web link that navigates a browser of the user
device to a login page of the selected identity provider.
Lund and Gandhi teach the method of claim 1 and media of claim 9, including providing access to a page, receiving selection of a link and the user logging in as cited above, but does not explicitly teach this arrangement of those elements, but it is known in the art. Cairns teaches an authentication system [caller] that uses a "third party" for authentication. [Col. 5, lines 3-4] It may request "login
information" communicated from a server. [Col. 6, lines 48-50] The actual logging
in may take place on a "login webpage". [Col. 20, line 17] Cairns and Lund are
analogous art as each is directed to electronic means for using third parties in an
authentication process.
It would have been obvious to one of ordinary skill in the art just prior to the filing
of the claimed invention to combine the teaching of Cairns with that of Lund and Gandhi in order to improve authentication, as taught by Cairns; [Col. 2, lines 45-46] further, it is simply a substitution of one known part for another with predictable results, simply using the arrangement of Cairns rather than that of Lund; the substitution produces no new and unexpected result.
Claim(s) 5, 7, 8, 13, 15, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lund et al. in view of Gandhi et al. further in view of Barkhan et al. (WIPO Publication No. 2014/124499).
Claim 5 is examined based on the Examiner's assumption, explained above, that it was meant to depend from claim 3 rather than from cancelled claim 4. Claims 5, 13 and 19 are similar so are analyzed together.
With regard to Claim 5:
The method of claim 4, further comprising:
receiving an indication from another user device that scanned the QR code that consent was provided to share the number of identity attributes.
With regard to Claim 13:
The non-transitory computing-device readable storage media of claim 12, further comprising:
receiving an indication from another user device that scanned the QR code that consent was provided to share the number of identity attributes.
With regard to Claim 19:
The user device of claim 18, the memory comprises additional computer- executable instructions and the processor is further configured to:
receiving an indication from another user device that scanned the QR code that consent was provided to share the number of identity attributes.
Lund and Gandhi teach the method of claim 3, media of claim 12 and device of claim 19, including the use of QR codes but does not explicitly teach providing this consent, but it is known in the art. Barkhan teaches a system for sharing personal information. [title] A user may "scan" a "QR code" [pg. 7, para. 2 under "preferred embodiment"] This causes a unique identifier to be transferred from the scanning user to a receiving user by which "the disclosing user is consenting
to share at least a portion of their information with the receiving user". [pg. 7, bottom; pg. 8, lines 2-3] Barkhan and Lund are analogous art as each is directed to electronic means for validating use of information partly with the use of QR codes.
It would have been obvious to one of ordinary skill in the art just prior to the filing of the claimed invention to combine the teaching of Barkhan with that of Lund and Gandhi in order to facilitate transactions, as taught by Barkhan; [pg. 1, background section] further, it is simply a substitution of one known part for another with predictable results, simply receiving data interpreted in the manner of Barkhan rather than, or in addition to, that of Lund; the substitution produces no new and unexpected result.
These claims are not patentably distinct from their respective parent claims, as they consist entirely of nonfunctional, descriptive language, disclosing at most human interpretation of data but which imparts neither structure nor functionality to the claimed method, device or medium. The reference is provided for the purpose of compact prosecution.
With regard to Claim 7:
The method of claim 1, further comprising:
displaying a list of the number of identity attributes; [0026; a "drop-down list"
is provided] and
receiving a user input indicating that consent was provided to share the
number of identity attributes with the relying party. [Barkhan, as cited above
in regard to claim 5]
With regard to Claim 8:
The method of claim 7, further comprising:
upon receiving the user input, sending a confirmation of the consent to the
identity network to share the second identity attributes with the relying
party; and
redirecting to an additional page of the relying party. [Barkhan as cited
above; Lund, 0027; the system performs a redirect to obtain the authorization
code]
That what is sent is a "confirmation of the consent" to "share the second identity attributes with the relying party" consists entirely of nonfunctional printed matter which bears no functional relation to the substrate and so is considered but given no patentable weight.
With regard to Claim 15:
The non-transitory computing-device readable storage media of claim 9,
further comprising additional computer-executable instructions that, when
executed by the one or more processors, cause the user device to:
display a list of the number of identity attributes; [0026; a "drop-down list" is
provided] and
receive a user input indicating that consent was provided to share the
number of identity attributes with the relying party. [Barkhan, as cited above
in regard to claim 13]
With regard to Claim 20:
The user device of claim 16, the memory comprises additional computer-
executable instructions and the processor is further configured to:
display a list of the number of identity attributes; [0026; a "drop-down list" is
provided] and
receive a user input indicating that consent was provided to share the
number of identity attributes with the relying party. [Barkhan, as cited above
in regard to claim 19]
Claim(s) 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lund et al. in view of Gandhi et al. further in view of Van Betsbrugge et al. (U.S. Publication No. 2019/0098504).
With regard to Claim 11:
The non-transitory computing-device readable storage media of claim 9,
wherein:
providing access to the page of the selected identity provider comprises
receiving a selection of an application link that launches a mobile
application associated with the selected identity provider.
Lund and Gandhi teach the media of claim 9 including that the user may interact via a mobile device to authenticate herself, but do not explicitly teach the use of a mobile application to do so, but it is known in the art. Van Betsbrugge teaches a computer support system [abstract] which loads a "communication control application" on a "mobile communication device" of an end user for the use of an "authentication process". [0010] It manages "control of the access rights" associated with a "service provider". [0121] Van Betsbrugge and Lund are analogous art as each is directed to electronic means for authentication and access control.
It would have been obvious to one of ordinary skill in the art just prior to the filing of the claimed invention to combine the teaching of Van Betsbrugge with that of Lund and Gandhi in order to improve security, as taught by Van Betsbrugge; [0007] further, it is simply a substitution of one known part for another with predictable results, simply authenticating in the manner of Van Betsbrugge rather than that of Lund; the substitution produces no new and unexpected result.
Claim(s) 21 is rejected under 35 U.S.C. 103 as being unpatentable over Lund et al. in view of Gandhi et al. further in view of Ebrahimi et al. (U.S. Publication No. 2019/0149537).
With regard to Claim 21:
The method of claim 1, wherein receiving the access is based at least in part on a comparison between the first identity attribute and the second identity attribute.
Lund and Gandhi teach the method of claim 1 but do not explicitly teach comparing attributes, but it is known in the art. Ebrahimi teaches an authenticated login method [title] that may employ a QR code. [0019] It uses a "blockchain" for authentication. [0002] Users may be identified to "third parties", [0004] and may compare a "live image" to a previously-stored "digital image" of a user to authenticate the user. [Claim 18] Ebrahimi and Lund are analogous art as each is directed to electronic means for authenticating users while making use of QR codes and sharing information with third parties.
It would have been obvious to one of ordinary skill in the art just prior to the filing of the claimed invention to combine the teaching of Ebrahimi with that of Lund and Gandhi, as market forces at the time were increasingly driving developers to use blockchain technology for all manner of data storage purposes; further, it is simply a substitution of one known part for another with predictable results, simply making a comparison in order to make a decision as taught by Ebrahimi in place of, or in addition to, the bases of Lund; the substitution produces no new and unexpected result.
Response to Arguments
Applicant's arguments filed 10 December 2025 in regard to the objection raised as to claim 5 have been fully considered but they are not persuasive. The applicant corrected one of the two errors pointed out by the Examiner, but not the other.
Applicant’s arguments with respect to claim(s) 1-3 and 5-21 in regard to rejections made under 35 U.S.C. § 103 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. The argument focuses on language added by amendment and for which the teaching of Gandhi has been incorporated herein.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT C ANDERSON whose telephone number is (571)270-7442. The examiner can normally be reached M-F 9:00 to 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett Sigmond can be reached at (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SCOTT C ANDERSON/Primary Examiner, Art Unit 3694