DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.
Response to Amendments
This Office Action is in response to the Request for Continued Examination and amendment filed 10/7/2025.
In the amendment, claims 1-2, 5, 7, 10-12, 14, 16, 20 have been amended. Claims 1-20 are pending and considered.
The objection of claims 2, 5, 7, 10, 12, 14, 16 due to informalities has been withdrawn in light of applicant’s amendment to the claims. See the updated Claim Objections below.
The rejection of claims 1-10 under 35 USC 101 is maintained, see below.
Response to Arguments
Applicant’s argument, see pages 8-9 of the Remarks filed 10/7/2025 with respect to the rejection of claims 1-10 has been acknowledged, however, examiner disagrees with applicant’s argument. Examiner notes, the claims 1-10 are rejected under 35 USC 101 for being drawn to software, not abstract idea without significantly more. Applicant’s argument is irrelevant to the claim rejection set forth in the Office Action mailed 7/7/2025. See updated Claim Rejection under 35 USC 101 below.
Applicant’s argument, see pages 6-7 of the Remarks filed 10/7/2025 with respect to claims rejected under 35 USC 103 over prior arts of record has been fully considered but asserted moot in view of current office action with newly applied prior arts, Hennessy and Tang.
Examiner acknowledges applicant amended independent claims 1, 11 and 20 by specifying “wherein the user identification data is stored and retained exclusively on a user device”, and “alert the user via multi-factor authentication methods, …”. Applicant’s argument that the applied prior arts does not teach the amended limitation(s) above is persuasive. Upon review and updated search, the examiner asserts prior arts, Hennessy teaches the concept of “the user identification data is stored and retained exclusively on a user device”, and Tang teaches the concept of “alert the user via multi-factor authentication methods”. Therefore, the examiner asserts the combination of applied arts, Ferenczi, Hennessy and Tang teaches every elements recited in the independent claims. See the updated claim rejection under 35 USC 103 below.
Applicant is encouraged to further include innovative features into claims to advance the case.
Claim Objections
Claims 7, 16 are objected to because of the following informalities:
Claim 7 line 4, “for user identification data” may read “for the user identification data”.
Similarly claim 16 line 3.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 lines 11-12 recites the limitation "the user identity data". There is insufficient antecedent basis for this limitation in the claim.
Claim 1 lines 6-7 recites, “a token based on the user identification data”, and lines 11-12 further recites, “the token encrypting the user identity data”. Applicant is requested to clarify the claim language. If “the user identity data” is “the user identification data”, it would be more proper to recite “a token encrypting the user identification data” in lines 6-7.
Regarding limitation “token encrypting the user identity data”. The claim language is not clear. It may mean the “token” being used for encrypting the user identity data”, or the “token” being generated with (by) “encrypting the user identity data”.
Similarly for claims 11, 20.
Claims 2-10, 12-19 depend on claim 1, 11 respectively, therefore are also rejected for the same reasons set forth above.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-10 are rejected under 35 USC § 101 because the claimed invention is directed to non-statutory subject matter. The claims are not statutory as they are drawn as a whole to a software per se.
Claim 1 recites a system, comprising “a data verifier”, “a data tokenizer”, “a data accessor”. The claim does not fall within at least one of the four categories of patent eligible subject matter because the claim is directed to software(s). To overcome the above concern, applicant is suggested to include at least one hardware component in the system claim.
Claims 2-10 depend on claim 1, therefore are also rejected for the same reason set forth above.
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 5, 7, 9-11, 14, 16, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ferenczi (US20230034169A1, hereinafter, “Ferenczi”), in view of Hennessy et al (US20200401727A1, hereinafter, “Hennessy”), further in view of Tang et al (US20210144010A1, hereinafter, “Tang”).
Regarding claim 1, Ferenczi teaches:
A computer-implemented system for identity verification (Ferenczi, discloses system and method for authenticating a user using non-fungible tokens (NFTs), see [Abstract]. Fig. 1 shows system), the system comprising:
a data verifier configured to validate user identification data associated with a user, wherein the user identification data is stored and retained [exclusively on a user device] (Refer to Fig. 2, Token Issuer Service 139 (i.e., data verifier), [Abstract] A trusted token issuer verifies a user's identity according to identifying credentials (e.g., government issued identification, passport, driver's license, etc.) presented by the user. And [0051] At block 224, the token issuer service 139 analyzes the credential data 143 (e.g., government issued identification, passport, driver's license, etc.) to verify the identity of the requesting user or user account. For example, the token issuer service 138 can apply various image and text recognition techniques such as, for example, optical character recognition (OCR) to extract information from the credential data 143 for analysis to determine authenticity for user verification. Also refer to Fig. 1 which shows Client Device 112’s Client Data Store 159 with Private Key, Public key etc. and [0046] At block 209, the client application 136 obtains or otherwise uploads the credential data 143 (e.g., driver's license image, passport image, etc.) stored in a client data store 159 of the client device 112 (i.e., user device) via the user interface 156 associated with the client application 136); (See Hennessy below for teaching of limitation in bracket)
a data tokenizer configured to generate a token based on the user identification data and store the token on a blockchain stored outside of the user device (Fig. 2, DL Client App 124a (i.e., data tokenizer), and [0052] The token smart contract 121 executes on the nodes 103 of the distributed ledger 118 to create and record on the distributed ledger 118 the non-fungible token that is to be uniquely associated with the verified user and/or user account. And [0061] Upon verification of the user following a review and confirmation of the identification, the token issuer service 139 directs the distributed ledger client application 124a to create the NFT for the given user. Also refer to Fig. 1 which shows that token data 130 is stored in Distributed Ledger 118 of Node(s) 103, which is outside of the Client Device 112 (i.e., stored outside of the user device));
and a data accessor configured to receive a request from a requestor user for the user identification data, [alert the user via multi-factor authentication methods], and if authorized by the user, return the token encrypting the user identity data to the requestor user [following grant of the request by the user] (Refer to Fig. 3 FIG. 3 which depicts an example of the functionality associated with the authentication of a user using an NFT. And [0056] At block 303, the client application 136 (i.e., in this case, data accessor) executing on the client device 112 sends a request to authentication service 147 of the access provider system 109 requesting access to content that is provided by the access provider system 109 and requires authentication of the user before access to the content is permitted. And [0062] At block 321, the distributed ledger client application 124b of the access provider system 109 uses the received token address 127 to look-up the token data 130 associated with the token smart contract 121 corresponding to the NFT for the user credentials. And [0064] At block 327, the authentication service 147 authenticates the user and permits access to the requested content). (See Tang below for teaching of limitations in brackets)
While Ferenczi teaches the user identification data is stored on a user device but does not specifically teach exclusively on a user device, in the same field of endeavor Hennessy teaches:
wherein the user identification data is stored and retained exclusively on a user device (Hennessy, discloses user device and system for privacy preserving personal health records by using a token uniquely associated with the user during for the respective interaction with each service provider without the user data being shared with the service providers, see [Abstract] A user device comprises an app that stores and maintains exclusive control of user data, and causes one or more processors to send a request for services according to a trial period to a distributed ledger associated with service providers and anonymously interact with the service providers. And [0005], [0075], [Claim 1] a user device is disclosed that comprises an app that stores and maintains exclusive control of access of user data);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hennessy in the authenticating a user using non-fungible tokens of Ferenczi by using an app that stores and maintains exclusive control of user data. This would have been obvious because the person having ordinary skill in the art would have been motivated to ensure the privacy of user data while permitting exclusively user control towards any access by a third party to the user data (Hennessy, [Abstract], [0005]).
The combination of Ferenczi-Hennessy does not specifically teach following, in the same field of endeavor Tang teaches:
alert the user via multi-factor authentication methods, … following grant of the request by the user (Tang, discloses systems and methods for data delegation and control through the use of tokenized data, see [Abstract] The data device may transmit the access token to a user device through a front channel and receive an information request from a merchant device comprising the access token through a secure back channel. Upon authenticating the access token, the data device may transmit a portion of the private information to the merchant device through the secure back channel. And [0043] The access token may be selectively configured by the user to allow access to all of the user's stored private information or one or more portions thereof. For example, a user may specify that an access token allow access to all private information stored by a particular data holding entity. As another example, a user may specify that only a particular item of private information (e.g., an account number, a mailing address, a Social Security number, salary information, a password, a security code) is accessible, and accordingly the access token may be configured to grant only that access and may be uniquely associated with the specified information. And [0049] The user may also be required to input a password, security code, or other security measure, which may be received in the notification (i.e., alert) … as a form of multi-factor authentication);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Tang in the authenticating a user using non-fungible tokens of Ferenczi-Hennessy by using multi-factor authentication as a form to authenticate user and grant access to user data selectively configured by the user. This would have been obvious because the person having ordinary skill in the art would have been motivated for data access and control through the delegation and protection of tokenized data and user private information (Tang, [Abstract], [0006]).
Regarding claim 11, claim 11 is a method claim that encompasses limitations similar to those limitations of the computer-implemented system of claim 1. Therefore, claim 11 is rejected with the same rationale and motivation as applied against claim 1 (Ferenczi, discloses system and method for authenticating a user using non-fungible tokens (NFTs), see [Abstract]).
Regarding claim 20, claim 20 is a computer readable medium claim that encompasses limitations similar to those limitations of the computer-implemented system claim 1. Therefore, claim 11 is rejected with the same rationale and motivation as applied against claim 1. In addition, Ferenczi teaches a non-transitory computer readable medium storing a set of machine-interpretable instructions, which, when executed, cause a processor to perform a method for identity verification (Ferenczi, discloses system and method for authenticating a user using non-fungible tokens (NFTs), see [Abstract]. And non-transitory computer-readable medium, see e.g., [0096], and processor(s), see e.g., [0016], [0023], [0032]).
Regarding claim 5, similarly claim 14, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
Ferenczi further teaches: the validating the user identification data comprising requesting validation from a remote service (Ferenczi, e.g., Fig. 1, Token Issue Service is remote from Client Device 112).
Regarding claim 7, similarly claim 16, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
Ferenczi further teaches: further comprising a display generator configured to generate at least one display configured to request the user identification data and to receive at least one request for user identification data (e.g., [0056] At block 303, the client application 136 executing on the client device 112 sends a request to authentication service 147 of the access provider system 109 requesting access to content that is provided by the access provider system 109 and requires authentication of the user before access to the content is permitted. For example, a user interacting with the client application 126 can request access to restricted content associated with a website of the access provider system 109 via one or more user interactions with a user interface 156 rendered on the display 153 of the client device 112).
Regarding claim 9, similarly claim 18, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
Ferenczi further teaches: wherein the token returned by the data accessor to the requestor is encrypted using private-public key pairs (e.g., [0034] the client device 112 receiving the cryptographic challenge may answer the challenge by signing the challenge or otherwise encrypting the challenge using the private key 150 of the cryptographic key-pair generated by the client application 136).
Regarding claim 10, similarly claim 19, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
Ferenczi further teaches: wherein the token is decryptable using a public key associated with the user (e.g., [0037] For example, the cryptographic challenge is signed by the client application 136 by encrypting the cryptographic challenge using the private key 150. The authentication service 147 determines that the public key 133 included in the token data 130 corresponds to the private key 150 when the cryptographic challenge that is encrypted using the private key 150 is decrypted with the public key 133).
Claims 2, 4, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Ferenczi-Hennessy-Tang as applied above to claim 1, 11 respectively, further in view of Smith et al (US20190349372A1, hereinafter, “Smith”).
Regarding claim 2, similarly claim 12, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
The combination of Ferenczi-Hennessy-Tang does not specifically teach, in the same field of endeavor Smith teaches:
the data verifier configured to generate a data representation encoding data for requesting the user identification data, based on the user identification data (Smith, discloses methods and systems for identity verification with user ID codes, see [Abstract] An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity. And [0029] FIG. 12 depicts a method in an identity verification platform used to generate user ID codes for online verification).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Smith in the authenticating a user using non-fungible tokens of Ferenczi-Hennessy-Tang by generating user ID codes for online verification. This would have been obvious because the person having ordinary skill in the art would have been motivated to establish a chain of relationship for verification that the relationship between individual and entity is valid (Smith, [Abstract]).
Regarding claim 4, Ferenczi-Hennessy-Tang-Smith combination teaches the computer-implemented system of claim 2,
Smith further teaches: wherein the data representation is a QR code (Smith, [0193] user 1002 may be presented with a QR code, for example a QR code similar to that shown in FIG. 17, which user 1002 can scan with their phone in order to be directed to a website to register with the identity verification system, or in order to be prompted to install an application e.g. on a mobile device, required to register user 1002 with the identity verification system). Same motivation as presented in claim 2 would apply.
Claims 3, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Ferenczi-Hennessy-Tang-Smith as applied above to claim 2, 12 respectively, further in view of Medvinsky et al (US20230198968A1, hereinafter, “Medvinsky”).
Regarding claim 3, similarly claim 13, Ferenczi-Hennessy-Tang-Smith combination teaches the computer-implemented system of claim 2, the computer-implemented method of claim 12,
The combination of Ferenczi-Hennessy-Tang-Smith does not specifically teach, in the same field of endeavor Medvinsky teaches:
wherein the data representation encodes a public key associated with the user and configured to decrypt the token (Medvinsky, discloses system and method for field provisioning of credentials using QR codes, See [Title]/[Abstract] receiving the credentials in the user device, the credentials comprising the encrypted private key and the public key; retrieving quick response (QR) code data associated with the user device identifier from a QR code data directory, the QR code data generated from the public key and stored in the QR code data directory according to the user device identifier by a secure online service; extracting the public key from the QR code data; and establishing an authenticated and encrypted communication session with the user device according to the extracted public key. Also see Fig. 4).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Medvinsky in the authenticating a user using non-fungible tokens of Ferenczi-Hennessy-Tang-Smith by extracting public key from QR code data. This would have been obvious because the person having ordinary skill in the art would have been motivated to establish authenticated and encrypted communication session with user device according to the extracted public key (Medvinsky, [Abstract]).
Claims 6, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Ferenczi-Hennessy-Tang as applied above to claim 1, 11 respectively, further in view of Bella et al (US20230297716A1, hereinafter, “Bella”).
Regarding claim 6, similarly claim 15, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
The combination of Ferenczi-Hennessy-Tang does not specifically teach, in the same field of endeavor Bella teaches:
further comprising an updater configured to update the system based on update data received from a remote server (Bella, discloses system and method for consent management, see [Abstract]. And [0011] the at least one server computer (i.e., updater) may be programmed and/or configured to receive a revocation request of a consent associated with the user data from the user device, update the consent response based on the revocation request (i.e., update data), and communicate the updated consent response to the user data database. In this case, Consent Database 102 is remote server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Bella in the authenticating a user using non-fungible tokens of Ferenczi-Hennessy-Tang by updating consent response based on revocation request. This would have been obvious because the person having ordinary skill in the art would have been motivated to for verification of consent response indicating consent from user to share user data with requester (Bella, [Abstract]).
Claims 8, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ferenczi-Hennessy-Tang as applied above to claim 1, 11 respectively, further in view of Levitt et al (US20200389450A1, hereinafter, “Levitt”).
Regarding claim 8, similarly claim 17, Ferenczi-Hennessy-Tang combination teaches the computer-implemented system of claim 1, the computer-implemented method of claim 11,
The combination of Ferenczi-Hennessy-Tang does not specifically teach, in the same field of endeavor Levitt teaches:
the data verifier further configured to generate a user account following validation of the user identification data (Levitt, discloses systems and methods for issuing an identity verification token to a user, see [Abstract]. And [0018] a method for account opening (i.e., generate a user account) using an identity verification token may include: (1) receiving, from a third party, an identity verification token and a request to verify an identity of a user, wherein the user provided the identity verification token to the third party; (2) retrieving a stored permission for the user for using the verification token …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Levitt in the authenticating a user using non-fungible tokens of Ferenczi-Hennessy-Tang for account opening using an identity verification token. This would have been obvious because the person having ordinary skill in the art would have been motivated to allow user to complete account openings between different institutions and view, use, understand, and control their data, across different institutions (Levitt, [Abstract], [0004]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Johnson et al (US20210184856A1) discloses method and system for verifying identity of an end user and ensuring the privacy of the end user.
Khan (US20210243023A9) discloses system and method of providing validated and authenticated identity of an individual.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436