Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 04/17/2026 has been entered.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s arguments regarding the improper combination of the references are technically incompatible and combining them would change the principle of operation is unpersuasive.
In response to applicant's argument, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).
In particular, Applicant’s argument that combining a decentralized blockchain ledger with a centralized payment authorization network is unpersuasive because the Examiner is merely using the portion of the reference related to confidence level and not the centralized or decentralized nature of the payment.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-2, 5-8, 10-11, 14-17, 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gasking (US 2019/0052722) in view of Hammad (US 2008/0040276) in further view of Dubey (US 2021/0014242)
Regarding Claim 1,
Gasking (US 2019/0052722) teaches a system comprising:
a memory storing a device registry comprising a plurality of entries for a plurality of user devices across one or more organizations (Fig. 4, reputational record of user)(Paragraph [0022] teaches user associated with device); and one or more processors in communication with the memory, the one or more processors configured to:
receive, from a computing device of a first organization, data of a user device event including an organization confidence level for a user device associated with the user device event (Paragraph [0032] teaches a reputation record associated with “organizations” for an “interaction event”);
update common data in an entry for the user device in the device registry based on the received data of the user device event and the organization confidence level for the user device (Paragraph [0034] teaches when a new portion of the reputation record representing a completed interaction event occurs, the reputation record is “updated to accommodate additional information about a completed interaction event”);
determine a common confidence level for the user device based on the common data in the entry for the user device in the device registry (See Fig. 5-8 and associated text, teaches updating reputational database with the new reputation level (i.e. common confidence level);
and output, to the computing device of the first organization, the common confidence level for the user device for use by the computing device of the first organization to determine how to handle an access request from the user device (Fig. 8 and Paragraph [0056] teaches notification of the reputation score is provided to the user device) .
Gasking does not explicitly teach
wherein the user device is known to the first organization;
based on a common confidence level request from a second organization for the user device, output, to a computing device of the second organization, thereby causing the computing device of the second organization to authenticate the user device without requiring additional authentication processing
Hammad (US 2008/0040276) teaches wherein the user device is known to the first organization; (Paragraph [0177] teaches transaction confidence from “company A”)(Fig. 10(a), Merchant A)
based on a common confidence level request from a second organization for the user device, output, to a computing device of the second organization, thereby causing the computing device of the second organization to allow a second user device event by the user device without requiring additional authentication processing (Fig. 10(a), Fig. 11, teaches payment processing network, accesses a consumer database containing a consumer database of fingerprints)(Fig. 11, teaches no additional authentication if confidence threshold satisfied)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Gasking to include authenticating the user device without requiring additional authentication processing based on a confidence level as taught by Hammad and the results would be predictable (i.e. if the common confidence level is high enough the user device is authenticated without further authentication processing)
Gasking and Hammad do not explicitly teach wherein the data of the first user device event by a user device at the first organization including an organization confidence level determined by the computing device of the first organization;
Request for the common confidence level form a computing device of a second organization
Dubey (US 2021/0014242) teaches wherein the data of the first user device event by a user device at the first organization including an organization confidence level determined by the computing device of the first organization (Paragraph [0086] teaches Global reputation server receives the details of the user data from…local reputation servers, updates a global user data, computes reputation scores);
Request for the common confidence level form a computing device of a second organization (Paragraph [0065] teaches requesting the computed reputation score by the second organization, Also see Fig. 3 and associated text)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Gasking and Hammad with the method of determining a organizational confidence level determined by the first organization and updating the confidence level to a global reputation server
The motivation is provide protection for attacks propagated across multiple different enterprises (Paragraph [0086] of Dubey)
Regarding Claim 2,
Gasking, Hammad and Dubey teaches the system of claim 1. Gasking teaches wherein the one or more processors are configured to:
receive an update on a status of the user device from a third-party service or at least one of the one or more organizations; and in response to receipt of the update on the status of the user device (Fig. 7, and associated text, teaches updating reputational database by adding additional reputation record) (Paragraph [0032] teaches a reputation record associated with “organizations” for an “interaction event”), output, to the computing device of the first organization from which the device event associated with the user device has been received, a change event associated with the update on the status of the user device (Fig. 8 and Paragraph [0056] teaches notification of the reputation score is provided to the user device) ..
Regarding Claim 5,
Gasking, Hammad and Dubey teaches the system of claim 1. Gasking teaches wherein the one or more processors are configured to, in response to receipt of the user device event, receive identity information for the user device associated with the user device event from one or more third-party services (Paragraph [0013] teaches entity identifier is globally unique, wherein identity information is received from a third-party service).
Regarding Claim 6,
Gasking, Hammad and Dubey teaches the system of claim 1. Gasking teaches wherein the entry for the user device in the device registry includes a common device identifier that is consistent for the user device across the one or more organizations, one or more common data elements of the user device, and the common confidence level for the user device (Paragraph [0013] teaches entity identifier is globally unique in the reputational database)
Regarding Claim 7,
Gasking, Hammad and Dubey teaches the system of claim 6. Gasking teaches wherein the received data of the user device event includes the common device identifier mapped from an organization device identifier by the computing device of the first organization, one or more of the common data elements of the user device, one or more organization data elements of the user device, and the organization confidence level for the user device (Paragraph [0013] teaches the globally unique identifier is used for cross-domain and mapped to different organizational device identifiers)
Regarding Claim 8,
Gasking, Hammad and Dubey teaches the system of claim 1. Gasking teaches wherein to update the common data in the entry for the user device in the device registry based on the received data of the user device event, the one or more processors are configured to one of:
modify previous common data in the entry for the user device in the device registry based on the received data of the user device event and the organization confidence level for the user device, wherein the previous common data is based on previous device events received from a third-party service or at least one of the one or more organizations (Fig. 6-8 and associated text teaches updating the reputational database from previous reputation data received by organizations); or create the entry for the user device in the device registry with a default common confidence level based on the received data of the user device event and the organization confidence level for the user device.
Regarding Claims 10-11, 14-16,
Claims 10-11, 14-16 are similar in scope to Claims 1-2, 5-7 and are rejected for similar rationale.
Regarding Claims 19-20,
Claims 19-20 are similar in scope to Claims 1-2 and are rejected for a similar rationale.
Claim(s) 3, 9, 12, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gasking, Hammad and Dubey in view of Joshi (US 2018/0374151).
Regarding Claim 3,
Gasking, Hammad and Dubey teaches the system of claim 1, but does not explicitly teach wherein to determine the common confidence level for the user device, the one or more processors are configured to use a machine learning-based model to: compare one or more elements of the received data of the user device event and one or more elements of the common data in the entry for the user device in the device registry; and determine the common confidence level for the user device based on the comparison and the organization confidence level for the user device.
Joshi (US 2018/0374151) teaches wherein to determine the common confidence level for the user device, the one or more processors are configured to use a machine learning-based model to:
compare one or more elements of the received data of the user device event and one or more elements of the common data in the entry for the user device in the device registry (Paragraph [0031] teaches using a machine learning model to generate and dynamically maintain and update a reputation score for a digital entity);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Gasking and the method to determine the common confidence level for the user device based on the comparison and the organization confidence level for the user device with the well known method of using a machine learning model as taught by Joshi and the results would be predictable (i.e. determining the common confidence level would be done by a machine learning model)
Regarding Claim 9,
Gasking, Hammad and Dubey the system of claim 1, but does not explicitly teach wherein to determine and output the common confidence level for the user device, the one or more processors are configured to: determine the common confidence level for the user device in real-time during an access request device event at the first organization; and output, to the computing device of the first organization, the common confidence level for the user device in real-time for the computing device of the first organization to determine how to handle the access request from the user device.
Joshi teaches determine and output the common confidence level for the user device, the one or more processors are configured to: determine the common confidence level for the user device in real-time during an access request device event at the first organization (Fig. 4, determine reputation score of digital identities);
and output, to the computing device of the first organization, the common confidence level for the user device in real-time for the computing device of the first organization to determine how to handle the access request from the user device (Fig. 4, teaches determining whether to allow transaction based on reputation score).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Gasking with the determination on how to handle access requests as taught by Joshi
The motivation is to prevent potential fraud (Paragraph [0019] of Joshi)
Regarding Claims 12, 18,
Claims 12, 18 are similar in scope to Claims 3, 9 and are rejected for a similar rationale.
Claim(s) 4, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gasking, Hammad and Dubey in view of Kursun (US 2020/0167786)
Regarding Claim 4,
Gasking, Hammad and Dubey teaches the system of claim 1, but does not explicitly teach wherein in response to the common confidence level for the user device being lower than a threshold set by the first organization as being consistent with an elevated risk of fraud, the common confidence level is used by the computing device of the first organization to request additional authentication from the user device.
Kursun (US 2020/0167786) teaches wherein in response to the common confidence level for the user device being lower than a threshold set by the first organization as being consistent with an elevated risk of fraud, to request additional authentication from the user device (Paragraph [0227-0229] teaches when reputational level is below a threshold requesting additional authentication)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Gasking with the method of requesting additional authentication as taught by Kursun
The motivation is to reduce the likelihood of malfeasance (Kursun, Paragraph [0229])
Regarding Claim 13,
Claim 13 is similar in scope to Claim 4 and rejected for a similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARRIS C WANG/Primary Examiner, Art Unit 2439