Office Action Predictor
Last updated: April 15, 2026
Application No. 18/401,013

METHOD AND SYSTEM FOR DECENTRALIZED IDENTITY MANAGEMENT AND DATA DISTRIBUTION

Non-Final OA §103
Filed
Dec 29, 2023
Examiner
SHAAWAT, MAYASA A.
Art Unit
2433
Tech Center
2400 — Computer Networks
Assignee
Unknown
OA Round
1 (Non-Final)
87%
Grant Probability
Favorable
1-2
OA Rounds
2y 7m
To Grant
99%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allow Rate
140 granted / 161 resolved
+29.0% vs TC avg
Strong +22% interview lift
Without
With
+22.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
34 currently pending
Career history
195
Total Applications
across all art units

Statute-Specific Performance

§101
8.2%
-31.8% vs TC avg
§103
55.0%
+15.0% vs TC avg
§102
10.8%
-29.2% vs TC avg
§112
17.0%
-23.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 161 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions Claim 1-7 and 19-23 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 11/05/2025 This is the initial office action that has been issued in response to patent application, 18/401,013, filed on 11/05/2025. Claims 8-18 are currently pending and have been considered below. Claim 1 is an independent claim. Priority This application has PRO 63/424,023 filed on 11/09/2022. Drawings The drawings filed on 12/29/2023 are accepted by the examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 8-11, 13, 16, 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton(US Publication No. 2006/0236382 A1) in view of Wu (US Publication No. 20200137064 A1) Regarding Claim 8 A method for creation and enrollment of digital identities and publishing of identity records, comprising: providing one or more realm servers that operate autonomous network services to create, enroll, and validate digital identities affiliated within one or more realms(Hinton, [0069], The system that supports the present invention also concerns a federated identity management system that establishes a foundation in which loosely coupled authentication, user enrollment, user profile management and/or authorization services collaborate across security domains.); said one or more realm servers distributing digital identity information to computing devices within the realm and with other realms within a federation of realms(Hinton, [0008], a federation partner may act as a user's home domain or identity provider. Other partners within the same federation may rely on the user's identity provider for primary management of the user's authentication credentials, e.g., accepting a single-sign-on token that is provided by the user's identity provider.); Hinton does not disclose: said one or more realm servers sharing published identity records with subscribing network services for decentralized authentication and authorization of federated identities accessing network services and for verification of digitally signed data with a federated network of realm servers that distribute identity records associated with each realm and said one or more realm servers distributing identity records on a subscription basis to computing devices within the realm and to other realms within a federation to maintain relevant identity records on realm servers which distribute said identity records to realm computing devices Wu discloses: said one or more realm servers sharing published identity records with subscribing network services for decentralized authentication and authorization of federated identities accessing network services and for verification of digitally signed data with a federated network of realm servers that distribute identity records associated with each realm(Wu, Fig. 5, [0007], the registered decentralized identity for the given node is used to access the one or more resources of the given decentralized application by sending a request from the given node to the given decentralized application to enable the given decentralized application to authenticate the given node by accessing the decentralized identity blockchain to obtain certificate-related data associated with the given node. An indication of authentication is received at the given node from the given decentralized application wherein access to the one or more resources of the given decentralized application is based on the indication of authentication, e.g., granted or denied. [0095], If all verifications are satisfied, the peers commit the transaction and publish the new policy along with the ‘user.id’. The policy and ‘user.id’ are signed by the user's private key, so that the entire network can repeat the verification process independently later. [0097], a given node associated with a plurality of nodes registers a decentralized identity for the given node on a decentralized identity blockchain. The registered decentralized identity is controlled by the given node and defined by an identity record stored on the decentralized identity blockchain.); and said one or more realm servers distributing identity records on a subscription basis to computing devices within the realm and to other realms within a federation to maintain relevant identity records on realm servers which distribute said identity records to realm computing devices(Wu, [0059], an identity chain (blockchain) 310 is used to store identity records 312 through 318. Since the blockchain is decentralized, the identities thus are stored in a decentralized manner. In addition, in this illustrative embodiment, all parts of the identity are not stored on the blockchain 310. Rather, in one or more illustrative embodiments, only the addresses (or pointers) are stored on the blockchain 310, and the actual data is stored off (remote from) the blockchain on a decentralized file system (such as IPFS). [0063], The third entry of the triple is an Interplanetary Name Space (IPNS) address. IPNS is a namespace on top of IPFS, see, e.g., the above-referenced J. Benet, “IPFS—Content Addressed, Versioned, P2P File System,” 2014. IPNS provides mutability to store and retrieve data. IPNS can be treated as a folder, where only the one holding the private key can store data in this folder, while no one else can store data into this folder but they can read data from the folder…). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms as taught by Wu in order to in order to enhance the security and scalability of federated identity record sharing across subscribing network services. The motivation is to ensure that identity records distributed among federated or cross-domain environments remain synchronized and verifiable in a decentralized manner, thereby maintaining up-to-date authentication data across subscribing systems while reducing reliance on a central authority. Regarding Claim 9: The method of claim 8, Hinton in view of Wu disclose further comprising: said computing devices within a realm authenticating access to services using locally stored identity records(Hinton, [0087], ASR servers 332 are responsible for authenticating users when the domain controls access to application servers 334, which can be considered to generate, retrieve, or otherwise support or process protected resources 335. The domain may continue to use legacy user registration application 336 to register users for access to application servers 334. Information that is needed to authenticate a registered user with respect to legacy operations is stored in enterprise user registry 338; enterprise user registry 338 may be accessible to federation components as well.); and said computing devices within the realm generating and authenticating digital signatures on information shared with services(Wu, [0134], Federated single-sign-on requires not only the validation of the security token that is presented to a relying domain on behalf of the user but the determination of a locally valid user identifier at the relying domain based on information contained in the security token… [0134], The types of tokens that are accepted, the signatures that are required on tokens, and other requirements are all pre-established as part of the federation's business agreements. The rules and algorithms that govern identifier translation). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms as taught by Wu in order to order to enhance the trust, integrity, and non-repudiation of communications between federated computing devices and network services. The motivation is to ensure that data exchanged between computing devices and network services is authenticated at the device level using digital signatures, thereby preventing impersonation and tampering while maintaining secure decentralized access control across federated systems. Regarding Claim 10: The method of claim 8, Hinton in view of Wu disclose further comprising: said one or more realm servers sharing digital identity records within an organization or realm and across federations of organizations or realms to authenticate identities and validate data signed by digital identities(Hinton, [0138], A portion of the above description of FIGS. 2-6 explained an organization of components that may be used in a federated environment while other portions explained the processes for supporting single-sign-on operations across the federated environment. Service providers or relying domains within a federated environment…). Regarding Claim 11: The method of claim 8, Hinton in view of Wu disclose wherein said realms comprise realm classes comprising any of: personal realms that represent an individual with multiple network connected computing devices(Hinton, [0055], a system that operates on behalf of an organization, an individual, or another system. The term “domain” connotes additional characteristics within a network environment, but the terms “entity”, “party”, and “domain” can be used interchangeably. For example, the term “domain” may also refer to a DNS (Domain Name System) domain, or more generally, to a data processing system that includes various devices and applications that appear as a logical unit to exterior entities.); household realms that represent a household of personal and household computing devices(Hinton, [0059], A typical example of a subject is a person, identified by his or her email address in a particular Internet DNS domain. Assertions can convey information about authentication acts performed by subjects, attributes of subjects, and authorization decisions about whether subjects are allowed to access certain resource); and organization realms that represent a business or enterprise with multiple users, and computing devices(Hinton, [0009], as enterprises move to support federated business interactions, these enterprises should provide a user experience that reflects the increased cooperation between two businesses…). Regarding Claim 13: The method of claim 8, Hinton in view of Wu disclose further comprising: sharing published identity records with subscribing network services to enable decentralized authentication and authorization of federated identities accessing network services and verification of digitally signed data with a federated network of realm servers that distribute identity records associated with each realm(Wu, Fig. 5, [0007], the registered decentralized identity for the given node is used to access the one or more resources of the given decentralized application by sending a request from the given node to the given decentralized application to enable the given decentralized application to authenticate the given node by accessing the decentralized identity blockchain to obtain certificate-related data associated with the given node. An indication of authentication is received at the given node from the given decentralized application wherein access to the one or more resources of the given decentralized application is based on the indication of authentication, e.g., granted or denied. [0095], If all verifications are satisfied, the peers commit the transaction and publish the new policy along with the ‘user.id’. The policy and ‘user.id’ are signed by the user's private key, so that the entire network can repeat the verification process independently later. [0097], a given node associated with a plurality of nodes registers a decentralized identity for the given node on a decentralized identity blockchain. The registered decentralized identity is controlled by the given node and defined by an identity record stored on the decentralized identity blockchain.); wherein records are distributed on a subscription basis to computing devices within the realm and to other realms within a federation to enable relevant identity records to be maintained by realm servers which distribute this information to realm computing devices(Wu, [0059], an identity chain (blockchain) 310 is used to store identity records 312 through 318. Since the blockchain is decentralized, the identities thus are stored in a decentralized manner. In addition, in this illustrative embodiment, all parts of the identity are not stored on the blockchain 310. Rather, in one or more illustrative embodiments, only the addresses (or pointers) are stored on the blockchain 310, and the actual data is stored off (remote from) the blockchain on a decentralized file system (such as IPFS). [0063], The third entry of the triple is an Interplanetary Name Space (IPNS) address. IPNS is a namespace on top of IPFS, see, e.g., the above-referenced J. Benet, “IPFS—Content Addressed, Versioned, P2P File System,” 2014. IPNS provides mutability to store and retrieve data. IPNS can be treated as a folder, where only the one holding the private key can store data in this folder, while no one else can store data into this folder but they can read data from the folder…); wherein said realm computing devices authenticate access to services using identity records stored locally on the realm computing devices(Hinton, [0087], ASR servers 332 are responsible for authenticating users when the domain controls access to application servers 334, which can be considered to generate, retrieve, or otherwise support or process protected resources 335. The domain may continue to use legacy user registration application 336 to register users for access to application servers 334. Information that is needed to authenticate a registered user with respect to legacy operations is stored in enterprise user registry 338; enterprise user registry 338 may be accessible to federation components as well.); and wherein said realm computing devices generate and authenticate digital signatures on information shared with services(Wu, [0134], Federated single-sign-on requires not only the validation of the security token that is presented to a relying domain on behalf of the user but the determination of a locally valid user identifier at the relying domain based on information contained in the security token… [0134], The types of tokens that are accepted, the signatures that are required on tokens, and other requirements are all pre-established as part of the federation's business agreements. The rules and algorithms that govern identifier translation). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms as taught by Wu in order to enhance the scalability, trust, and interoperability of federated identity systems. The motivation is to ensure that identity records and digital signatures are maintained and verified locally and across federated realms on a subscription basis, thereby reducing network dependency, improving verification speed, and providing consistent authentication integrity across distributed devices and services. Regarding Claim 16: Hinton in view of Wu disclose: The method of claim 8… Hinton in view of Wu do not disclose: further comprising: using a consensus methodology comprising an addition of one or multiple digital signatures of realm servers within a federation to provide additional validation of identity records Camenisch disclose: further comprising: using a consensus methodology comprising an addition of one or multiple digital signatures of realm servers within a federation to provide additional validation of identity records(Camenisch, [0046], a user for SSO login with multiple service providers SPj, j=1 to N. On initiation of the setup operation as indicated at step 20, the authentication logic 11 of the n VidP authentication servers Si generate and store the cryptographic data required for generation of authentication tokens in the SSO scheme. This data depends on the particular cryptographic mechanism underlying construction and verification of tokens). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton and Wu’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton and Wu’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms to ensure that federated identity records can serve as cryptographic credentials for secure data exchange across realms and network services as taught by Camenisch in order to enhance security, integrity, and resistance to tampering in federated identity environments. The motivation is to ensure that federated identity records are validated through multiple digital signatures contributed by independent realm servers, thereby providing verifiable consensus on the authenticity of identity data and mitigating risks associated with compromise or failure of a single validation node. Regarding Claim 17: The method of claim 8, Hinton in view of Wu disclose further comprising: said realms and federations independently or collectively establishing policies for consensus validation of identity records and other shared data(Hinton, [0150], the federated user lifecycle management applications are functionally independent from the remainder of the federated components in that the federated user lifecycle management applications may require only minimal interaction with other federated components of the federated environment). Regarding Claim 18: The method of claim 8, Hinton in view of Wu disclose further comprising: subscribing only to specific records or collections of records relevant to local services to limit information stored locally and reduce subscription network traffic and memory requirements (Wu, [0005], A given node associated with a plurality of nodes registers a decentralized identity for the given node on a decentralized identity blockchain. The registered decentralized identity is controlled by the given node and defined by an identity record stored on the decentralized identity blockchain.). Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Hinton(US Publication No. 2006/0236382 A1) in view of Wu (US Publication No. 20200137064 A1) in further view of Camenisch(US Publication No. 2018/0295123 A1). Regarding Claim 14: Hinton in view Wu disclose: The method of claim 11… Hinton does not disclose: wherein said identity records contain public encryption keys of identities and additional identity information, enabling records, documents, messages, and collections of records to be digitally signed by one or more signers Camenisch discloses: wherein said identity records contain public encryption keys of identities and additional identity information, enabling records, documents, messages, and collections of records to be digitally signed by one or more signers(Camenisch, [0058], on a message comprising username Ψj and the access token in the token request. (The message can also include a time stamp and validity period or other convenient data for limiting temporal validity of the token. The resulting token is then short-lived, thus inhibiting use in a replay attack). In step (m), the servers Si then send their partial signatures σi (encrypted under their respective keys Ki for the secure channels) back to the user PC 2. In step (n), the SSO logic obtains a full signature σ by combining the partial signatures σ). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton and Wu’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton and Wu’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms to ensure that federated identity records can serve as cryptographic credentials for secure data exchange across realms and network services as taught by Camenisch in order to enhance data authenticity, non-repudiation, and interoperability within federated environments. The motivation is to ensure that digital identities stored within federated systems can directly enable cryptographic signing and verification of documents and communications, thereby eliminating reliance on centralized certificate authorities and strengthening decentralized trust across federated domains. Claims 12 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton(US Publication No. 2006/0236382 A1) in view of Wu (US Publication No. 20200137064 A1) in further view( US Publication No. 20050283614 A1). Regarding Claim 12: Hinton in view of Wu disclose: The method of claim 8… Hinton in view of Wu do not disclose: further comprising: creating hierarchies of digital identities within a realm to facilitate assignment of digital identities to edge servers, personal, mobile, and other computing devices connected on a private network and/or public Internet Hardt discloses: further comprising: creating hierarchies of digital identities within a realm to facilitate assignment of digital identities to edge servers, personal, mobile, and other computing devices connected on a private network and/or public Internet(Hardt, [0036], FIG. 1 illustrates a general overview of an identity management system 100 of the present invention. In a distributed hierarchical identity management system, such as the one illustrated in FIG. 1, users are assigned a global unique identifier (GUID), [0062], A user with multiple devices could employ a multitude of different local HS's, so that a laptop computer would have an HS, as would a connectivity enabled cellular phone. An Internet based HS can serve as a backup, a fall back when not using the designated devices, or as a pivot point to synchronize data among the different local HS). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton and Wu’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton and Wu’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms to ensure that federated identity records can serve as cryptographic credentials for secure data exchange across realms and network services as taught by Hardt in order to enhance and administrative control of federated identity systems. The motivation is to ensure hierarchical propagation and delegation of identity information across heterogeneous devices, allowing subordinate devices to authenticate or operate under parent realm credentials while maintaining decentralized trust and administrative efficiency. Regarding Claim 15: The method of claim 12, Hinton in view of Wu in further view of Hardt disclose further comprising: using locally stored identity records, maintained on a subscription basis, to provide decentralized authentication of signed data(Wu, [0064], More particularly, FIG. 4 illustrates use of file system and name space addresses in decentralized identity management according to an illustrative embodiment. In example 400, blockchain 410 includes a record 412 which includes an IPFS address that stores (i.e., points to the storage of) traceable information 414 whereby changes to the information result in a new transaction (tx) on the blockchain. Client information (e.g., client device ID) can be stored in this entry of the record). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Hinton’s method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment by enhancing Hinton’s systems of different enterprises that interact within a federated computing environment reliable decentralized authentication and verification of digitally signed identity data across multiple realms as taught by Wu in order to enhance system resilience, efficiency, and the scalability of decentralized trust verification across federated environments. The motivation is to ensure that computing devices can authenticate signed data autonomously using locally cached identity records maintained through subscription updates, thereby reducing authentication latency and improving availability during intermittent network connectivity. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939. The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MAYASA SHAAWAT/ Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Dec 29, 2023
Application Filed
Jan 30, 2026
Non-Final Rejection — §103
Apr 02, 2026
Applicant Interview (Telephonic)
Apr 02, 2026
Examiner Interview Summary
Apr 03, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12580776
APPLICATION INTEGRITY VERIFICATION FOR ENTERPRISE RESOURCE ACCESS
2y 5m to grant Granted Mar 17, 2026
Patent 12574227
BIO-LOCKED SEED
2y 5m to grant Granted Mar 10, 2026
Patent 12574256
METHOD FOR MUTUALLY ATTESTING SECURITY LEVELS OF ELECTRONIC DEVICES IN MULTI DEVICE ENVIRONMENT
2y 5m to grant Granted Mar 10, 2026
Patent 12566839
PROVIDING PASSWORD SECURITY IN NON-FEDERATED COMPUTING ARRANGEMENTS
2y 5m to grant Granted Mar 03, 2026
Patent 12556411
REVOCATION OF CERTIFICATES ISSUED BY DISTRIBUTED SERVERS
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+22.0%)
2y 7m
Median Time to Grant
Low
PTA Risk
Based on 161 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month