Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 2/18/2026. Claims 1-27, 29, & 31-37 are currently pending with claims 28 and 30 having been cancelled in this filing. In the filing previous of 2/18/2026, claims 1-37 were pending.
Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. §102/ 103
The applicant’s remarks, on pages 10-18 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. §102/ 103 rejections.
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claim 36 is rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 36 recites “an identification proof” and then recites “communicate identification proof” without sufficient antecedent basis. The examiner will interpret claim 36 instead as “an identification proof” and “communicate the identification proof”. (emphasis added) Appropriate corrections are required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 16, 24-26, 29, and 32-35 are rejected under 35 U.S.C. 103 as being unpatentable over US 20230319058 to Shahriar et al. (hereinafter Shahriar), in view of US 20230388278 Crabtree et al. (hereinafter Crabtree).
Regarding claim 1, Shahriar teaches,
A system for identity authentication on a communication platform, comprising: (Title: Method of authentication a caller. See also Abstract & [0001-2] teaching that the call may be a video call.)
a database configured to store authorized user data; ([0016] teaches using a token generated from biometrics. The token may be stored in user device, server, and/or network device. The token is used for verification. See also fig. 3 & at least [0058-62])
a first node that creates an identification and is configured to communicate the identification; (fig. 1 teaches user devices 110 & 114. [0028] teaches the user device, verification service, service manager, and other devices, may be implemented using one or more computing nodes. See also fig. 3 user devices 110 & 114 and verification service 104.)
at least one second node configured to: (fig. 1 teaches Verification Service 104 and/or security manager 102. [0028] teaches the user device, verification service, service manager, and other devices, may be implemented using one or more computing nodes. See also fig. 3 & [0054-55] where service provider includes verification service 104 & security manager 102 that step in at S304 when sensitive information is requested by one of the users.)
receive the identification; ([0016] teaches caller generating a token / “the identification” based on biometrics, that is sent to the service provider that is sent to service provider / “second node”. See also fig. 3 where S310 to 312 generate the security data and send the security data.)
compare the identification to the authorized user data; ([0016] teaches biometric token stored in server or other device. Fig. 3, S316 & S318 perform the verification.)
determine a confidence level for the first node; and ([0043] teaches using trust levels. [0046] teaches call status of secure & unsecure.)
selectively communicate a signal indicating the confidence level ([0046] teaches call status of secure / unsecure being output. Step 204 fig. 2 teaches call status output. This may be updated at step 222, as discussed in [0051].)
a user interface configured to present an indication of the confidence level in response to the signal. ([0046] teaches overlying video from the video call with an unsecure label.)
Shahriar fails to explicitly teach security level determination based on domain of first node / user communicating identity,
However, Crabtree teaches,
determine a security level corresponding to the identification based on a domain of the first node; and (fig. 9 & [0123] teach detecting unusual domain access and log ins from location to detect malicious behavior that uses machine learning in [0122]. [0087] teaches nodes and graphs of relationships between nodes.) (Shahriar also teaches first and second nodes, as discussed above. [0121-122] teaches using graph analysis as part of the behavioral analysis)
selectively communicate a signal indicating the confidence level based on the security level; (fig. 3b teaches using threat detection to block access based on machine learning analysis.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar with the added ability to use domains / login locations as a basis to determine behavioral threats, as taught by Crabtree, for the purpose of increasing security through machine learning threat detection.
Regarding claim 16, Shahriar and Crabtree teach,
The system of claim 1,
wherein the communication platform includes conferencing software configured to present the confidence level, (Shahriar, fig. 2 & [0046] teaches call status of secure / unsecure being output, and also teaches overlying video from the video call with an unsecure label.
wherein the confidence level is representative of user authentication for users of the conferencing software. (Shahriar, fig. 2 & [0046] teaches call status of secure / unsecure being output, and also teaches overlying video from the video call with an unsecure label. Fig. 2, 222 & [0051] teaches the call being labeled secure after authentication of fig. 2)
Regarding claim 24, Shahriar and Crabtree teach,
The system of claim 16,
wherein the identification is via out-of-band communication relative to video and audio streaming on the conferencing software. (Shahriar, [0003] teaches biometric authentication. [0016] teaches biometric authentication may include fingerprints or retina scans used to generate a token user for authentication, as shown in fig. 3, 310.)
Regarding claim 25, Shahriar and Crabtree teach,
The system of claim 24,
wherein the out-of-band communication includes communication of at least one of IP address data and operating system information. (Shahriar, [0030] teaches the user identifier is an IP address, which may be associated with user devices 110 & 114. [0044] teaches using the user identifier (IP address) which is used by the security manager 102 to determine if a party is untrustworthy.)
Regarding claim 26, Shahriar and Crabtree teach,
The system of claim 25,
wherein the authorized user data includes authorized IP addresses, and (Shahriar, [0030] teaches the user identifier is an IP address, which may be associated with user devices 110 & 114.)
wherein the comparison of the identification to authorized user data includes a comparison of the IP address data to the authorized IP addresses. (Shahriar, [0044] teaches using the user identifier (IP address) which is used by the security manager 102 to determine if a party is untrustworthy.)
Regarding claim 29, Shahriar and Crabtree teach,
The system of claim 1,
wherein the at least one second node is configured to selectively limit communication of a level of verification detail for the confidence level based on the comparison of the identification to the authorized user data. (Shahriar, fig. 2, pause call 208 shows limiting communication and warning user [0023], while after successful validation, call resume is performed at 222. [0046] teaches that unsecure is determined before authentication, and successful communication is established after secure is determined by authenticating. Fig. 3, shows (biometric) verification / validation at 310-318.)
Regarding claim 32, Shahriar and Crabtree teach,
The system of claim 1, further comprising:
an artificial intelligence engine configured to train at least one machine learning model using past authentications. (Shahriar, at least [0002] & [0025] teach machine learning used in the authentication.).
Regarding claim 33, Shahriar and Crabtree teach,
The system of claim 32, wherein the machine learning model is trained to determine the confidence level based on the past authentications. (Shahriar, at least [0036] teaches using machine learning by the security manager 102 to determine if sensitive information is requested, weather the communication is insecure, unknown source, suspicious activity, or is potentially fraudulent. )
Regarding claim 34, Shahriar and Crabtree teach,
A method for identity authentication on a communication platform, comprising:
communicating, via a first node to at least one second node, an identification;
receiving, at the at least one second node, the identification;
comparing the identification to authorized user data stored in a database storing the authorized user data;
determining a confidence level for the first node;
determining a security level corresponding to the identification based on a domain of the first node; and
selectively communicating a signal indicating the confidence level based on the security level;
presenting, at a user interface, an indication of the confidence level in response to the signal.
Claim 34 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 35, Shahriar and Crabtree teach,
A system for identity authentication on a conferencing platform, comprising: ([0002] teaches video chat.)
a database configured to store authorized user data;
a first node that creates an identification and is configured to communicate the identification;
at least one second node configured to:
receive the identification;
compare the identification to the authorized user data;
determine a confidence level for the first node; and
determine a security level corresponding to the identification based on a domain of the first node; and
selectively communicate a signal indicating the confidence level based on the security level;
a user interface configured to present an indication of the confidence level in response to the signal; and
The features of claim 35 above are rejected using the same basis of arguments used to reject claim 1 above.
an artificial intelligence engine configured to train at least one machine learning model using past authentications, wherein the machine learning model is trained to determine the confidence level based on the past authentications. (Crabtree, [0121-123], as discussed in the rejection of claim 1.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar with the added ability to use domains / login locations as a basis to determine behavioral threats, as taught by Crabtree, for the purpose of increasing security through machine learning threat detection.
Claims 2-8, 11-14, 17-23, 27, and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Shahriar, in view of Crabtree, in view of US 20200067907 to Avetisov et al. (hereinafter Avetisov).
Regarding claim 2, Shahriar and Crabtree teach,
The system of claim 1,
Shahriar and Crabtree fail to explicitly teach the network of validating / authenticating nodes being redundant,
However, Avetisov teaches,
wherein the at least one second node includes a plurality of validating nodes each configured to verify the identification redundantly. (Avetisov, claim 5 teaches authentication performed by network of node executed redundantly. In detail, [0123] & fig. 2 teach authentication server 155 may operated as a network of nodes, like nodes 201. [0124] at end teaches authentication server 155 operating as decentralized data store with redundant storage.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to explicitly use redundancy of node, as taught by Avetisov, for the purpose of increasing security and computational efficiency by performing authentication using redundant nodes to prevent the loss of authentication capability when a node is down.
Regarding claim 3, Shahriar, Crabtree and Avetisov teach,
The system of claim 2,
wherein the plurality of validating nodes includes a first validating node and a second validating node each configured to validate the identification, wherein the second validating node is configured to verify the identification in an event of inoperability of the first validating node. (See rejection of claim 2, discussion of Avetisov, where redundancy would prevent a non-operational node from preventing authentication.)
Regarding claim 4, Shahriar, Crabtree and Avetisov teach,
The system of claim 2,
wherein the plurality of validating nodes form a network of validators, and wherein the network is configured to scale by communicatively coupling the plurality of validating nodes to added validating nodes. (Avetisov, [0132] teaches the authentication server(s) 155 participating in identity management at a “commercial scale” in a decentralized computing platform.)
Regarding claim 5, Shahriar, Crabtree and Avetisov teach,
The system of claim 4,
wherein the first node is configured to communicate the identification to the at least one second node via at least one of a public network and a private network. (Shahriar, fig. 1 shows the network 108, where [0029] teaches that the network 108 may be public or private.)
Regarding claim 6, Shahriar, Crabtree and Avetisov teach,
The system of claim 5,
wherein the at least one second node is configured to limit communication of an identification proof of the at least one second node to the first node in response to the first node communicating via the public network. (Avetisov, [0127] teaches the decentralized nodes that communicate among each other, including authentication servers (nodes) 155 / nodes 201 fig. 2. [0097] teaches that a secure session is established for the passing of credentials within authentication servers (nodes) 155, such as TLS/SSL, which would “limit communications of an identification proof” when receiving requests over the network 121. [0010] teaches the identity record including hash values / “proofs”. [0027] & [0030] teaches using zero knowledge techniques (proofs) to protect credentials. [0092] teaches that network 121 of fig 2 is a public network. However, [0097] teaches establishing a secure tunnel on the public network for passing credentials. [0121] teaches that nodes 201 include identity management system, on network 121 that may be public internet / “public network” or local networks / “private network”.)
Regarding claim 7, Shahriar, Crabtree and Avetisov teach,
The system of claim 6,
wherein the at least one second node is configured to communicate identification proof of the at least one second node to the first node in response to the first node communicating via the private network.. (Avetisov, [0097] teaches that a secure session is established for the passing of credentials within authentication servers (nodes) 155, such as TLS/SSL.)
Regarding claim 8, Shahriar, Crabtree and Avetisov teach,
The system of claim 7, further comprising:
a federated identity provider (Avetisov, Title, states “Federated Identity Management with Decentralized Computing Platforms”) configured to selectively require communication of the identification proof based on the first node communicating via the private network or the public network.
(applicant’s printed publication at [0047] teaches that a federated identity provider differentiates between internal / private devices on a private LAN \ secure network vs. external devices on a public network.)
(Avetisov, [0122] teaches distinguishing between public and private identity management. [0092-93] teaches allowing access to the private / internal network, including authentication, via a public network using a VPN / tunneling. [0092] teaches that network 121 of fig 2 is a public network. However, [0097] teaches establishing a secure tunnel on the public network for passing credentials. [0121] teaches that nodes 201 include identity management system, on network 121 that may be public internet / “public network” or local networks / “private network”.)
Regarding claim 11, Shahriar and Crabtree teach,
The system of claim 1,
Shahriar and Crabtree fail to teach the use of ZNPs,
However, Avetisov teach,
wherein the first node communicates the identification in the form of a zero-knowledge proof (ZKP) (Avetisov, [0027] & [0030] teaches using zero knowledge techniques (proofs) to protect credentials. See fig. 1, mobile device 101 includes credentials 116 that are passed to authentication server at [0097].)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to explicitly use redundancy of node and zero knowledge proofs, as taught by Avetisov, for the purpose of increasing security and computational efficiency by performing authentication using redundant nodes to prevent the loss of authentication capability when a node is down and increasing security by using zero knowledge proofs for authentication.
Regarding claim 12, Shahriar, Crabtree, and Avetisov teach,
The system of claim 11,
wherein the at least one second node includes a verifier for the ZKP. (Avetisov, [0127] teaches the decentralized nodes that communicate among each other, including authentication servers (nodes) 155 / nodes 201 fig. 2. [0097] teaches that the credentials may be passed from client to authentication server, and also between authentication servers. [0027-30] teach protecting credentials using ZKP.)
Regarding claim 13, Shahriar, Crabtree, and Avetisov teach,
The system of claim 12, further comprising:
at least one validator configured to validate the ZKP. (Avetisov, [0037] teaches the server receiving the credential as a ZNP to identify the user.)
Regarding claim 14, Shahriar, Crabtree, and Avetisov teach,
The system of claim 1,
wherein the at least one second node is communicatively coupled with a blockchain for verifying the identification. (Avetisov, [0120-121] teaches that the decentralized platform may be a blockchain. See computing nodes 201. [0127] teaches the decentralized nodes that communicate among each other, including authentication servers (nodes) 155 / nodes 201 fig. 2. Thus, the authentication server (nodes) may be a blockchain. See also Abstract, teaching blockchains.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]), and decentralized blockchains ([0121-127]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to explicitly use redundancy of node and zero knowledge proofs, as taught by Avetisov, for the purpose of increasing security and computational efficiency by performing authentication using redundant nodes and blockchains to prevent the loss of authentication capability when a node is down and increasing security by using zero knowledge proofs for authentication.
Regarding claim 17, Shahriar and Crabtree teach,
The system of claim 16,
wherein the at least one second node is configured to request the identification, and (Shahriar, fig. 3, security manager requests authentication information at S308.)
wherein the identification includes audio communication (Shahriar, [0022] teaches ultrasound being used to send information, such as the token generated based on biometrics.)
Shahriar and Crabtree fail to explicitly teach performing key exchange,
However, Avetisov teaches,
wherein the identification includes (Avetisov, [0068] teaches key exchange to establish secure communications. [0092] teaches the use of secure VPNs over public networks, where VPNs use key exchange to pass a symmetric key that is used for the VPN communications, such as between the client 135 and authentication server 155.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), which also teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and performs audio exchange of information ([0022]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally teaches key exchange for secure communications ([0068]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to exchange keys to establish a secure change, as taught by Avetisov, by using Shahriar’s audio communications for the exchange, for the purpose of increasing security by utilizing the already established audio session to pass a keys.
Regarding claim 18, Shahriar, Crabtree, and Avetisov teach,
The system of claim 17,
wherein the request employs in-band audio tones to verify the identification. (Shahriar, [0022] teaches “inband” use of ultrasound included in the metadata of the call. Shahriar, in fig. 3 teaches verification / validation of biometric for user device 114.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and performs audio exchange of information ([0022]), in combination with the teachings of Shahriar fig. 3 teaching requests during validation (see S304 & S320) to use the in-band audio exchange to also perform validation and/or requests of fig. 3. One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar with the added ability to exchange validation information and requests using the already established in-line audio channel to increase security and efficiency by using an already established channel.
Regarding claim 19, Shahriar, Crabtree, and Avetisov teach,
The system of claim 18,
wherein the in-band audio tones are adjusted periodically during a virtual conference on the conferencing software. (Shahriar, [0022] teaches that the in-band information is ultrasound. It would be inherent that the audio tones are adjusted to carry messages / information.)
Regarding claim 20, Shahriar, Crabtree, and Avetisov teach,
The system of claim 18,
wherein the in-band audio tones are above hearing range. (Shahriar, [0022] teaches that the in-band information is ultrasound.)
Regarding claim 21, Shahriar, Crabtree, and Avetisov teach,
The system of claim 17,
wherein the audio communication includes voice audio of a user of the conferencing software sampled by the at least one second node to verify the identification. (Shahriar, [0003] teaches confirmation of the audio/video data using monitoring. See also [0040].)
Regarding claim 22, Shahriar and Crabtree teach,
The system of claim 16,
wherein the identification includes video communication via the conferencing software (Shahriar, [0002] teaches video chat, and fig. 3 teaches authentication / validation based on biometrics.)
Shahriar and Crabtree fail to teach key exchange,
However, Avetisov teaches,
wherein the identification includes (Avetisov, [0068] teaches key exchange.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally teaches key exchange for secure communications ([0068]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to exchange keys to establish a secure change, as taught by Avetisov, by using Shahriar’s audio communications for the exchange, for the purpose of increasing security by utilizing the already established audio session to pass a keys.
Regarding claim 23, Shahriar, Crabtree, and Avetisov teach,
The system of claim 22,
wherein the video communication includes video data representative of a user of the conferencing software, and (Shahriar, [0002] teaches video chat which includes images of a user, made up of pixels, that represent the user.)
wherein the at least one second node is configured to verify the video data as representing the user via comparison of the identification to the authorized user data. (Shahriar, [0003] teaches confirmation of the audio/video data using monitoring. See also [0040].)
Regarding claim 27, Shahriar and Crabtree teach,
The system of claim 1,
Shahriar and Crabtree fail to teach applying the authentication to an email platform,
However, Avetisov teaches,
wherein the communication platform includes email communication software. (Avetisov, [0003] teaches that the platform includes email.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]) and the platform being an email platform ([0003]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to explicitly use redundancy of node and apply the teaching of an email platform, as taught by Avetisov, for the purpose of increasing security and computational efficiency by performing authentication using redundant nodes to prevent the loss of authentication capability when a node is down.
Regarding claim 31, Shahriar and Crabtree teach,
The system of claim 1,
Shahriar and Crabtree fail to teach federated nodes,
However, Avetisov teaches,
wherein the system is configured to provide a decentralized identity via sharing the confidence level and detail with a different set of federated nodes. (Avetisov, Title, states “Federated Identity Management with Decentralized Computing Platforms”. See also rejection of claim 8.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]) and utilization of a federated identity system (Title). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to explicitly use redundancy of node and apply the teaching of a federated identity system using decentralized computing., as taught by Avetisov, for the purpose of increasing security and computational efficiency by performing authentication using redundant nodes to prevent the loss of authentication capability when a node is down.
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Shahriar, in view of Crabtree, in view of US 20230336334 to Scheible et al. (hereinafter Scheible).
Regarding claim 9, Shahriar and Crabtree teach,
The system of claim 1,
Shahriar and Crabtree fail to explicitly teach the use of post-quantum security for authentication,
However, Scheible teaches,
wherein the identification is post-quantum secure. (Abstract, teaches secure communications that would not be defeated by quantum computing, and [0010] explicitly teaches quantum secure authentication.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) while using secure communications ([0092-93]), and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Scheible, which also teaches secure communications (Abstract), and additionally teaches quantum secure authentication ([0010]) by using quantum secure encapsulation. One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to bypass the future threat of quantum computing defeating traditional asymmetric based key exchanges, as taught by Scheible, for the purpose of increasing security by eliminating the threat that quantum computing may create in the future.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Shahriar, in view of Crabtree, in view of US 20230385814 to Gauthier et al. (hereinafter Gauthier).
Regarding claim 10, Shahriar and Crabtree teach,
The system of claim 1,
Shahriar and Crabtree fail to teach the use of ZK-STARK,
However, Gauthier teaches,
wherein the first node and the at least one second node form a zero-knowledge scalable transparent argument of knowledge (ZK-STARK). ([0224-225] and [0230] teach using ZK-STARK to efficiently maintain certificates when new nodes join, where the certificates are used for authentication.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that authenticates / validates using biometrics ([0016] & fig. 3), and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Gauthier, which also teaches authentication and secure communication with decentralized nodes ([0047]) and authentication and cross sub-net messaging using ZK-STARK ([0100]), and additionally teaches using ZK-STARK to efficiently maintain certificates when new nodes join, where the certificates are used for authentication ([0224-225] and [0230]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to use ZK-STARK to maintain certificates, as taught by Gauthier, for the purpose of increasing security by allowing for authentication using the certificates, and increasing computational efficiency by allowing for the addition of new nodes to the network.
Claims 15 is rejected under 35 U.S.C. 103 as being unpatentable over Shahriar, in view of Crabtree, in view of Avetisov, in view of Gauthier.
Regarding claim 15, Shahriar, Crabtree, and Avetisov teach,
The system of claim 11,
Shahriar, Crabtree, and Avetisov fail to teach a polynomial commitment scheme,
However, Gauthier teaches,
wherein the identification is created via a polynomial commitment scheme. (Examiner notes that ZK-STARKs a polynomial commitment scheme. [0100] teaches authentication and cross sub-net messaging with proofs by using ZK-STARK.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3), and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]), with Gauthier, which also teaches authentication and secure communication with decentralized nodes ([0047]) and authentication and cross sub-net messaging using ZK-STARK ([0100]), and additionally teaches using ZK-STARK to efficiently maintain certificates when new nodes join, where the certificates are used for authentication ([0224-225] and [0230]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar, Crabtree, and Avetisov with the added ability to use ZK-STARK to conduct secure messaging and authentication with proofs / ZPK, as taught by Gauthier, for the purpose of increasing security by allowing for authentication using the certificates and proofs in a secure form, and increasing computational efficiency by allowing for the addition of new nodes to the network.
Claim 36 is rejected under 35 U.S.C. 103 as being unpatentable over Shahriar, in view of Crabtree, in view of Avetisov, in view of in view of US 20080010676 to Dosa Racz et al. (hereinafter Dosa Racz).
Regarding claim 36, Shahriar and Crabtree teach,
A system for identity authentication on an
a database configured to store authorized user data;
a first node that creates an identification and is configured to communicate the identification;
at least one second node configured to:
receive the identification;
compare the identification to the authorized user data;
determine a confidence level for the first node; and
communicate a signal indicating the confidence level; and
a user interface configured to present an indication of the confidence level in response to the signal,
The above portions of claim 36 are rejected using the same basis of arguments used to reject claim 1 above.
(Crabtree, Abstract teaches a hash for the authentication object / “identification proof”. Fig. 3b teaches blocking communications based on machine learning detection of a threat, which prevents authentication / request.) (Shahriar, fig. 2, pause call 208 shows limiting communication and warning user [0023], while after successful validation, call resume is performed at 222. [0046] teaches that unsecure is determined before authentication, and successful communication is established after secure is determined by authenticating. Fig. 3, shows (biometric) verification / validation at 310-318.)
Shahriar fails to teach applying the authentication to an email platform,
However, Avetisov teaches,
A system for identity authentication on an email communication platform, (Avetisov, [0003] teaches that the platform includes email.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]) and the platform being an email platform ([0003]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to explicitly use redundancy of node and apply the teaching of an email platform, as taught by Avetisov, for the purpose of increasing security and computational efficiency by performing authentication using redundant nodes to prevent the loss of authentication capability when a node is down.
Shahriar, Crabtree, Avetisov fail to explicitly teach allowing communications for a private network and limiting communications for a public network,
However, Dosa Racz teaches,
wherein the first node is configured to communicate the identification to the at least one second node via at least one of a public network and a private network, wherein the at least one second node is configured to limit communication of an identification (Dosa Racz, [0037] teaches allowing requests from a private network and blocking from a public network, which prevents authentication requests. Fig. 1 & [0030] teach nodes.) wherein the at least one second node is configured to communicate identification first node communicating via the private network. (Dosa Racz, [0039] teaches authenticating traffic in both directions. See also [0037] which teaches ends request communications.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Avetisov, which also teaches authentication using nodes (fig. 2, 155 & [0123] teaching nodes for 155.), and additionally redundant nodes (claim 5 & [0124]) and the use of zero knowledge proofs ([0027-30]) and the platform being an email platform ([0003]), with Dosa Racz, which also teaches authentication and networks of nodes (fig. 1, [0030], & [0039]), and additionally teaches allowing / limiting communications based on a network being private or public ([0037]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar, Crabtree, and Avetisov with the added ability to limit / allow communications based on the request originating from a public vs private network, as taught by Dosa Racz, for the purpose of increasing security by using the type of network to determine whether communications are allowed or limited to prevent attacks ([0005-6]).
Claim 37 is rejected under 35 U.S.C. 103 as being unpatentable over Shahriar, in view of Crabtree, in view of US 20190370241 to Miraldo et al. (hereinafter Miraldo).
Regarding claim 37, Shahriar and Crabtree teach,
A system for identity authentication, comprising: (Abstract)
a database configured to store authorized user data;
a first node that creates an identification and is configured to communicate the identification;
at least one second node configured to:
receive the identification;
compare the identification to the authorized user data;
determine a confidence level for the first node; and
determine a security level corresponding to the identification based on a domain of the first node; and
selectively communicate a signal indicating the confidence level based on the security level;
a user interface configured to present an indication of the confidence level in response to the signal,
The features of claim 37 above are rejected using the same basis of arguments used to reject claim 1 above.
wherein the at least one second node includes a first validating node and a second validating node each configured to validate the identification, … (Shahriar, fig. 1 & [0028] teaches second node, as discussed in the rejection of claim 1 as verification service 104 and./or service manager 102, may be implemented by one or more computing nodes. [0004] teaches use of blockchain.)
… wherein the second validating node is configured to verify the identification (Shahriar, [0016] teaches biometric token stored in server or other device. Fig. 3, S316 & S318 perform the verification. See also rejection of claim 1. Shahriar also teaches blockchain usage, which inherently uses redundant / decentralized nodes.)
Shahriar and Crabtree fail to explicitly teach one node replacing another node in the event of failure / inoperability,
However, Miraldo teaches,
… wherein the second validating node is configured to verify the ([0021] teaches replacing faulty / corrupt node. [0129] teaches verification being performed as part of replacing a failing node in a decentralized system / blockchain.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shahriar, which teaches a video / audio conferencing system between two users that intervenes when sensitive information is shared using a security system that validates using biometrics ([0016] & fig. 3) and federated identity ([0047]), with Crabtree, which also teaches federated identity (Abstract), and additionally teaches using machine learning to detect threats based on domains accessed and access location ([0121-123]) and blocking access based on threat analysis by the machine learning analysis detecting threats (fig. 3b), with Miraldo, which also teaches authentication using blockchains (Abstract), and additionally teaches verification being performed as part of replacing a failing node ([0021] & [0129]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Shahriar and Crabtree with the added ability to replace inoperable nodes, as taught by Miraldo, for the purpose of increasing security and computational efficiency by providing additional / redundant nodes that may perform authentication / verification in the case of a node failure.
Claim 37 can also be rejected on a basis similar to dependent claim 14.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942. The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/B.W.A./
/JASON K GEE/Primary Examiner, Art Unit 2495