Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. Claims 1, 6-9, 15 and 18-19 have been amended. Claim 21 has been newly added. Claims 1-21 have been examined.
Continued Examination Under 37 CFR 1.114
2. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/01/2025 has been entered.
Information Disclosure Statement
3. The information disclosure statement (IDS) submitted on 12/11/2025 was filed after the mailing date of the Final Rejection on 07/31/2025. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Interpretation
4. For claim 5, the phrase “is one of” has been given the broadest, reasonable interpretation of only requiring a single element from the given options in order to satisfy the requirements of the limitation.
5. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
6. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
7. Claims 1, 4-10, 12-15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wilson et al. (U.S. Patent Application Publication 2017/0034168; hereafter “Wilson”), and further in view of Patel et al. (U.S. Patent Application Publication 2019/0228406; hereafter “Patel”), and further in view of Cash et al. (U.S. Patent Application Publication 2016/0239842; hereafter “Cash”).
For claim 15, Wilson teaches a method performed by a processor of a computing device, the method comprising:
receiving a request from a requestor to access an online service via [a subaccount of] an account of the online service (note paragraph [0042], user initiates a transaction with relying party);
based on the receiving the request, with the processor, issuing a cryptographic challenge to the requestor (note paragraph [0042], relying party generates an authentication request including a random challenge, e.g. a cryptographic nonce);
receiving a response to the challenge (note paragraph [0044], authentication response is received from the user);
determining if the response was proper by determining if the response was generated using a secondary private cryptographic key that is registered for the account [subaccount] (note paragraph [0044], public key associated with the client authenticator is used to validate the signature of the response);
based on a determination that the response was proper, granting the requestor access to online service via the account [subaccount] in accordance with a mode of access permitted for the account [subaccount] (note paragraphs [0025] and [0044]-[0045], once authentication is complete, user is permitted to enter into secure transactions with the relying party, e.g. a website or online service); and
based on a determination that the response was improper, denying access to the online service via the account [subaccount] (note paragraph [0044] and Fig. 3, user is permitted to enter into secure transactions with a positive authentication result, i.e. a negative result denies access to the relying party).
Wilson differs from the claimed invention in that they fail to teach:
the account is a subaccount of an account
Patel teaches:
the account is a subaccount of an account (note paragraphs [0055] and [0067], parent private keys may be used to generate child private keys and assigned to a child identifier with a subset of permissions of the parent identifier).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication method for access to an online resource using user key pairs of Wilson and the generation of child identifiers with an assigned subset of permissions of Patel. One of ordinary skill would have been motivated to combine Wilson and Patel because generating child accounts from a parent identifier would allow for less cumbersome management of collections of account with easy recovery and revocation (note paragraphs [0007]-[0008] and [0025]-[0026] of Patel).
The combination of Wilson and Patel differs from the claimed invention in that they fail to teach:
wherein the online service includes receiving a virtual account payment mechanism as payment for a transaction, wherein the virtual account payment mechanism is created from a payment mechanism associated with the account, wherein the virtual account payment mechanism has an associated virtual identifier that is derived from an identifier for the payment mechanism
Cash teaches:
wherein the online service includes receiving a virtual account payment mechanism as payment for a transaction (note paragraph [0099], subaccount transmits a subtoken, i.e. virtual account payment mechanism, as payment for a transaction to an e-commerce web page), wherein the virtual account payment mechanism is created from a payment mechanism associated with the account (note paragraphs [0046]-[0047] and [0089]-[0096], subtoken is generated from primary account token, which is generated from payment account), wherein the virtual account payment mechanism has an associated virtual identifier that is derived from an identifier for the payment mechanism (note paragraphs [0017], [0027], [0036], and [0047], secondary account number, credentials and subtoken may be derived from primary account number)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 1, the combination of Wilson, Patel, and Cash teaches a method performed by a processor of a computing device, the method comprising:
receiving, by the processor, at least one user identifier associated with a user (note paragraph [0038] of Wilson, relying party receives user and device IDs from an authentication client);
generating, by the processor, a primary cryptographic key pair comprising a primary private cryptographic key and a primary public cryptographic key (note paragraphs [0036] and [0040] of Wilson, relying party generates an asymmetric key pair for the client);
registering, by the processor, the primary cryptographic key pair with an account of an online service for user authentication when accessing the online service (note paragraphs [0036] and [0039]-[0040] of Wilson, relying party stores the public key associated with the authentication client for later authentication of the user);
sending, by the processor, the primary private cryptographic key to a client computing device via the at least one user identifier (note paragraphs [0036] and [0040] of Wilson, private key is sent to the authentication client associated with the user);
deriving, by the processor, a secondary cryptographic key pair from the primary private cryptographic key (note paragraphs [0055] and [0067] of Patel, parent private keys may be used to generate child private keys), said secondary cryptographic key pair being for user authentication when accessing the online service (note paragraphs [0036] and [0039]-[0040] of Wilson, relying party stores the public key associated with the authentication client for later authentication of the user) and including a secondary private cryptographic key and a secondary public cryptographic key (note paragraph [0064] of Patel, child key pair includes child private key and child public key);
registering, by the processor, the secondary cryptographic key pair with a subaccount of the account for the online service (note paragraphs [0039]-[0040] of Wilson, public key is registered for each authentication device being provisioned), wherein the primary private cryptographic key is registered with the account (note paragraphs [0053] and [0057] of Patel, parent public key is generated from parent private and used in signature verification for the account; paragraphs [0039]-[0040] of Wilson, keys are registered for user account);
designating, by the processor, the secondary private cryptographic key for a mode of access to the online service that is more limited than the mode of access designated for the primary private cryptographic key (note paragraphs [0067]-[0069] of Patel, child account permissions are a subset of parent account permissions); and
forwarding, by the processor, the secondary private cryptographic key to the client computing device (note paragraphs [0036] and [0040] of Wilson, generated private key is sent to the authentication client associated with the user); and
creating a virtual account payment mechanism from a payment mechanism associated with the account (note paragraphs [0046]-[0047] and [0089]-[0096] of Cash, subtoken is generated from primary account token, which is generated from payment account), wherein the virtual account payment mechanism has an associated virtual identifier that is derived from an identifier for the payment mechanism (note paragraphs [0017], [0027], [0036], and [0047] of Cash, secondary account number, credentials and subtoken may be derived from primary account number).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication method for access to an online resource using user key pairs of Wilson and the generation of child identifiers with an assigned subset of permissions of Patel. One of ordinary skill would have been motivated to combine Wilson and Patel because generating child accounts from a parent identifier would allow for less cumbersome management of collections of account with easy recovery and revocation (note paragraphs [0007]-[0008] and [0025]-[0026] of Patel).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 8, the combination of Wilson, Patel, and Cash teaches a method performed by a processor of a computing device, the method comprising:
registering, by the processor, a primary cryptographic key pair with an account of an online service for user authentication when accessing the online service (note paragraphs [0036] and [0039]-[0040] of Wilson, relying party stores the public key associated with the authentication client for later authentication of the user), wherein the primary cryptographic key pair includes a primary private cryptographic key and a primary public cryptographic key (note paragraphs [0036] and [0040] of Wilson, asymmetric key pair includes public and private key);
deriving, by the processor, secondary cryptographic key pairs from the primary private cryptographic key (note paragraphs [0055], [0067] and [0071] of Patel, parent private keys may be used to generate A+1 child private keys), the secondary cryptographic key pairs being for user authentication when accessing the online service (note paragraphs [0036] and [0039]-[0040] of Wilson, relying party stores the public key associated with the authentication client for later authentication of the user) and each of the secondary cryptographic key pairs including a secondary public cryptographic key and a secondary private cryptographic key (note paragraph [0064] of Patel, child key pair includes child private key and child public key);
registering, by the processor, at least some of the secondary cryptographic key pairs with respective subaccounts of the account for the online service (note paragraphs [0039]-[0040] of Wilson, public key is registered for each authentication device being provisioned), wherein the primary private cryptographic key is registered with the account (note paragraphs [0053] and [0057] of Patel, parent public key is generated from parent private and used in signature verification for the account; paragraphs [0039]-[0040] of Wilson, keys are registered for user account);
designating, by the processor, each of the secondary private cryptographic keys of the registered secondary cryptographic key pairs for a respective mode of access to the online service that is more limited than the mode of access designated for the primary private cryptographic key (note paragraphs [0067]-[0071] of Patel, each child account permissions are a subset of parent account permissions);
forwarding, by the processor, the registered secondary private cryptographic keys to a client computing device (note paragraphs [0036] and [0040] of Wilson, generated private key is sent to the authentication client associated with the user); and
creating, by the processor, virtual payment mechanisms from a primary payment mechanism associated with the account for the subaccounts (note paragraphs [0046]-[0047] and [0089]-[0096] of Cash, subtoken is generated from primary account token, which is generated from payment account), wherein the virtual payment mechanisms each has an associated virtual identifier that is derived from an identifier for the payment mechanism (note paragraphs [0017], [0027], [0036], and [0047] of Cash, secondary account number, credentials and subtoken may be derived from primary account number).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication method for access to an online resource using user key pairs of Wilson and the generation of child identifiers with an assigned subset of permissions of Patel. One of ordinary skill would have been motivated to combine Wilson and Patel because generating child accounts from a parent identifier would allow for less cumbersome management of collections of account with easy recovery and revocation (note paragraphs [0007]-[0008] and [0025]-[0026] of Patel).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 4, the combination of Wilson, Patel, and Cash teaches claim 1, further comprising associating the payment mechanism with the account such that goods or services purchased via the online service using the account are paid via the associated payment mechanism (note paragraphs [0099] and [0110] of Cash, online transaction conducted with subtoken is paid with associated payment account).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 5, the combination of Wilson, Patel and Cash teaches claim 4, wherein the associated payment mechanism is one of a credit card account, a debit card account, an online payment account, a bank account or a cryptocurrency account (note paragraphs [0030], [0050] and [0089] of Cash, payment mechanism may be credit/debit card).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 6, the combination of Wilson, Patel and Cash teaches claim 4, further comprising:
associating the virtual account payment mechanism with the subaccount such that goods or services purchased via the online service via the subaccount are paid via the virtual account payment mechanism using the associated identifier (note paragraphs [0099] and [0110] of Cash, online transaction conducted with subtoken is paid with associated payment account).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 7, the combination of Wilson, Patel and Cash teaches claim 6, wherein the payment mechanism associated with the account is a credit card having a credit card number and the virtual account payment mechanism is a virtual credit card having a virtual credit card number as the associated identifier (note paragraphs [0030], [0035], [0046], [0050], [0089] and [0091] of Cash, payment mechanism may be credit card and token may be format preserving of the credit card PAN identifier, i.e. virtual credit card).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 9, the combination of Wilson, Patel and Cash teaches claim 8, further comprising registering the primary payment mechanism with the account for paying for goods or services when accessing the online service via the account (note paragraphs [0089] and [0091] of Cash, user enrolls payment account and primary account token for paying for goods and services).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 10, the combination of Wilson, Patel, and Cash teaches claim 9, further comprising registering respective ones of the virtual payment mechanisms with respective ones of the registered subaccounts for payment for goods or services when accessing the online service via the respective subaccounts (note paragraphs [0089] and [0093] of Cash, user registers payment pool and generates subtokens for secondary accounts).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 12, the combination of Wilson, Patel and Cash teaches claim 8, wherein a first of the registered subaccounts has a first spending limit specifying how much a user may spend when accessing the online service via the first of the registered subaccounts (note paragraphs [0079], [0093] and [0113] of Cash, tokens may spending limits, expiration dates and specific merchant locations).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 13, the combination of Wilson, Patel and Cash teaches claim 12, wherein a second of the registered subaccounts has a second spending limit that differs from the first spending limit (note paragraphs [0079], [0093] and [0113] of Cash, subtokens may have different spending limits).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
For claim 14, the combination of Wilson, Patel, and Cash teaches claim 8, further comprising deriving from one of the secondary cryptographic key pairs a tertiary cryptographic key pair for user authentication for the online service for a child account of one of the subaccounts (note paragraphs [0075]-[0079] of Patel, child accounts may be used to generate grandchild accounts).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication method for access to an online resource using user key pairs of Wilson and the generation of child identifiers with an assigned subset of permissions of Patel. One of ordinary skill would have been motivated to combine Wilson and Patel because generating child accounts from a parent identifier would allow for less cumbersome management of collections of account with easy recovery and revocation (note paragraphs [0007]-[0008] and [0025]-[0026] of Patel).
For claim 20, the combination of Wilson, Patel and Cash teaches claim 15, wherein the payment mechanism is associated with the subaccount for payment of goods or services purchased via the online service using the subaccount (note paragraphs [0099] and [0110] of Cash, online transaction conducted with subtoken is paid with associated payment account).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson and Patel and the subtokens for secondary account transactions of Cash. One of ordinary skill would have been motivate to combine Wilson, Patel, and Cash because using subtokens as payment methods would allow a user to grant purchasing capabilities to secondary accounts in a safe and secure manner that protects the user’s sensitive account data (note paragraphs [0002]-[0005] of Cash).
8. Claims 2-3, 11 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Wilson, Patel, and Cash as applied to claims 1, 8 and 15 above, and further in view of Schwalb et al. (U.S. Patent Application Publication 2015/0186863; hereafter “Schwalb”).
For claim 2, the combination of Wilson, Patel, and Cash teaches claim 1, wherein the online service is a website (note paragraphs [0025] and [0042] of Wilson, relying party may be a website)
The combination of Wilson, Patel, and Cash differs from the claimed invention in that they fail to explicitly teach:
and wherein the secondary private cryptographic key enables access to only a first portion of a plurality of portions of the website, wherein the primary cryptographic key enables access to each of the plurality of portions of the website.
Schwalb teaches:
and wherein the secondary private cryptographic key enables access to only a first portion of a plurality of portions of the website, wherein the primary cryptographic key enables access to each of the plurality of portions of the website (note paragraphs [0045] and [0054], primary account has access to entire online store and can set dependent account limits on product type or merchant, i.e. portions of a marketplace website).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
For claim 3, the combination of Wilson, Patel, Cash and Schwalb, teaches claim 1, wherein the online service enables a user to purchase a plurality of goods or services and wherein the mode of access for the subaccount limits purchase of items by the user to a subset of the plurality of goods or services (note paragraph [0054] of Schwalb, online services enables purchasing of goods and primary user may set limits including spending, merchant and products for dependent account).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
For claim 11, the combination of Wilson, Patel, Cash and Schwalb teaches claim 8, wherein the online service is a website (note paragraphs [0025] and [0042] of Wilson, relying party may be a website) and wherein a user accessing the website via first of the registered subaccounts may access only a first portion of a plurality of portions of the website, wherein the user accessing the website via a second of the registered subaccounts may access only a second portion of the plurality of portions of the website that differs at least in part from the first portion (note paragraphs [0025], [0045], [0054] and [0069] of Schwalb, primary account has access to entire online store and can set dependent account limits on product type or merchant, i.e. portions of a marketplace website, for a plurality of dependent users).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
For claim 16, the combination of Wilson, Patel, Cash and Schwalb teaches claim 15, wherein the mode of access permitted for the subaccount specifies what portions of the online service are accessible (note paragraphs [0045] and [0054] of Schwalb, primary account has access to entire online store and can set dependent account limits on product type or merchant, i.e. portions of a marketplace website).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
For claim 17, the combination of Wilson, Patel, Cash and Schwalb teaches claim 15, wherein the mode of access permitted for the subaccount specifies what interactions with the online service are permitted (note paragraphs [0045] and [0054] of Schwalb, primary account has access to entire online store and can set dependent account limits on product type, i.e. interactions with online service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
For claim 18, the combination of Wilson, Patel, Cash and Schwalb teaches claim 17, wherein the mode of access permitted for the subaccount specifies what goods or services may be purchased via the online service using the subaccount (note paragraphs [0045] and [0054] of Schwalb, primary account has access to entire online store and can set dependent account limits on product type, i.e. interactions with online service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
For claim 19, the combination of Wilson, Patel, Cash and Schwalb teaches claim 17, wherein the mode of access permitted for the subaccount specifies a spending limit for goods or services purchased via the online service using the subaccount (note paragraph [0054] of Schwalb, online services enables purchasing of goods and primary user may set spending limits for dependent account).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the online purchasing limitations for dependent accounts of Schwalb. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; dependent accounts with purchasing limits on websites of Schwalb) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include purchasing limitations on products or merchants on the website (Schwalb).
9. Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Wilson, Patel, and Cash as applied to claim 1 above, and further in view of MacDonald et al. (U.S. Patent 11,321,697; hereafter “MacDonald”).
For claim 21, the combination of Wilson, Patel, and Cash differs from the claimed invention in that they fail to teach:
wherein the mode of access designated for the plurality of secondary private cryptographic keys includes an aggregate spending limit.
MacDonald teaches:
an aggregate spending limit (note column 5, lines 62 through column 6, line 8 and column 10, lines 35-48, each secondary sub-account may be provided its own spending limit and additionally, the spending limit allocated to any secondary user may not collectively, i.e. an aggregate, the total amount of funds held by the deposit account, i.e. a spending limit).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Wilson, Patel, and Cash and the collective secondary account spending limit of MacDonald. It would have been obvious because combining prior art elements (private key authentication for user accounts of Wilson; child account keys with a subset of permissions of Patel; collective spending limit for secondary accounts of MacDonald) according to known methods would yield the predictable results of a website that authenticates users using a private key (Wilson); child private keys are generated from the parent private key and are assigned a subset of the parent permissions (Patel) where the subset of the permissions include a collective purchasing limitations for secondary accounts (MacDonald).
The combination of Wilson, Patel, Cash and MacDonald teaches:
wherein the mode of access designated for the plurality of secondary private cryptographic keys (Patel) includes an aggregate spending limit (MacDonald).
Response to Arguments
10. For claim 1, applicant argues Avetisov, Patel and Case do not disclose “a computing device that generates a primary key pair and registers a primary private of the primary key pair with an account of an online service” (note Remarks, page 9).
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
For claim 1, applicant also argues “neither Avetisov nor Patel disclose registering multiple secondary cryptographic key pairs with the same subaccount or designating the secondary private keys ‘for a mode of access to the online service that is more limited than the mode of access designated for the primary private cryptographic key’” (note Remarks, pages 10-11).
Applicant asserts claim 1 has been amended to recite “a plurality of secondary cryptographic key pairs”. However, claim 1 the “deriving”, “registering” and designating” steps of claim 1 still recite “a secondary cryptographic key pair”.
Arguments regarding Avetisov are moot in view of the new grounds of rejection. As shown in the rejection above, Wilson discloses a relying party generating and registering authentications for “each authentication device being provisioned”, i.e. registering multiple keys (note paragraphs [0029] and [0040]). Patel discloses using a parent private key to generate A+1 child private keys for child accounts (note paragraphs [0055], [0067] and [0071]) where child account permissions are a subset of parent account permissions (note paragraphs [0067]-[0071]).
Therefore, the combination of Wilson and Patel teaches deriving multiple secondary key pairs (Patel), registering the secondary key pairs (Wilson), designating the mode of access for the secondary key pairs a mode of access more limited than the primary mode of access (Patel) as required by the claims.
Applicant asserts “Claims 8 and 15 have been amended to recite features corresponding to claim 1…” (note Remarks, page 11).
However, claims 8 and 15 have been not amended other than a few minor grammatical changes. Claims 8 and 15 do not include the amended limitations of claim 1 regarding the generation of “a primary cryptographic key pair” and sending “the primary private cryptographic key to a client computing device”.
Claim 8 recites similar limitations to claim 1 regarding “deriving”, “registering” and designating” for “a secondary cryptographic key pair”. Claim 15 does not include these limitations.
Regarding claim 21, Applicant argues “the cited references do not disclose registering multiple secondary cryptographic key pairs with the same subaccount or designating the secondary private cryptographic keys ‘for a mode of access to the online service that is more limited than the mode of access designated for the primary private cryptographic key,’ as recited in claim 1, the references also do not teach ‘wherein the mode of access designated for the plurality of secondary private cryptographic keys includes an aggregate spending limit.’” (note Remarks, page 11).
As noted above, claim 1 has not been amended to recite “multiple secondary cryptographic key pairs”. Also, as noted above, the combination of Wilson and Patel teaches deriving multiple secondary key pairs (Patel), registering the secondary key pairs (Wilson), designating the mode of access for the secondary key pairs a mode of access more limited than the primary mode of access (Patel).
As shown in the rejection above, the newly added reference of MacDonald teaches “an aggregate spending limit” for a plurality of secondary accounts.
Conclusion
11. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ehrensvard et al. (U.S. Patent Application Publication 2021/0192037) discloses registering a plurality of accounts for one or more third party applications using the public key of the account for FIDO authentication (note paragraphs [0024]-[0028] and [0031]).
Osborn et al. (U.S. Patent Application Publication 2020/0104841) discloses a server generating a FIDO public-private key pair and transmitting the private key to the user to be used in FIDO authentication (note paragraph [0201]).
Bajwa et al. (U.S. Patent Application Publication 2022/0366411) discloses a total spending limit across child virtual accounts (note paragraph [0043]).
12. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 8:30 - 6:00 pm; Monday through Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at (571)270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
DAVID J. PEARSON
Primary Examiner
Art Unit 2407
/David J Pearson/Primary Examiner, Art Unit 2407