DETAILED ACTION
The following NON-FINAL Office action is in response to Request for Continued Examination (RCE) for 18/515,632 filed on December 19, 2025.
Acknowledgements
Claims 5-9 are canceled.
Claims 22-23 are added.
Claims 1-4 and 10-23 are pending.
Claims 1-4 and 10-23 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/19/2025 has been entered.
Response to Arguments
In response to the Applicant’s arguments under 35 USC § 101, Applicant argues that claim 1 is not directed to "fundamental economic principles or practices" as the attestation of the authenticator of a client device and allowing a user to authorize signing of a digital object are not part of a "fundamental" economic principle or are not part of a "fundamental" economic principle or practice, but a technical innovation to overcome the disadvantages of password-based user authentication. Also, Applicant argues that claim 1 has been integrated into a practical application because amended claim 1 specifies operations to address security risks posed to a client device, and that provides an alternative to the security protection on the server side. Applicant recites operations where private keys are stored securely and a data object is authenticated remotely by a relying party. Also, Applicant addresses that amended claim 1 provides a clear separation of roles in the client-server system through which the user authentication and authorization are performed to enhance data security. Lastly, Applicant argues that in light of the Advance Notice of Change to the MPEP in light of Ex Parte Desjardins dated December 5, 2025, the amended claim 1 improves the technical field of user authentication and data signature authorization.
Examiner respectfully disagrees as after careful reconsideration and consultation with SPE and further analysis of the amended claims, claims 1-4 and 10-23 are still reciting authenticating users by allowing them to generate signatures. The amended claim limitations “securely authenticate a user via biometric input, manual user input and/or detecting current conditions;…, a digital signature is computed to sign over an object that includes one or more attributes and input data … on condition that the user has been authenticated; the signed object being transmitted from the client to a relying party; upon receiving the signed digital object from the client, to verify the signed digital object” are placed within the “certain methods of organizing human activity” classified under “fundamental economic principles or practices”, specifically “mitigating risk” as part of a transaction because the amended claims are still reciting a series of transactions with the relying party to remotely authenticate each user by generating signatures using various information (see Specification paragraph 0377). Also, paragraphs 0627-0628 from Specification further disclose implementation of protecting against misuse of key from malware attacks and to make authentication secure. Additionally, paragraph 0630 discloses using an effective user verification method to prevent misuse of a key and protect against attacks. Also, the judicial exception is not integrated into a practical application because the additional elements of the claims such as the use of an authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device are being used as tools to implement the abstract idea and does not render the claim patent eligible because it still requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Examiner does not see an improvement to the technology and the use of an authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device to merely automate or implement the abstract idea cannot provide significantly more than the abstract idea itself. Hence, the claim is not patent eligible. Examiner believes that even though there is a clear separation of roles in the client-server system, however the user authentication and authorization are being implemented or performed using the additional elements or the client-server system. In response to the Advance Notice of Change to the MPEP in light of Ex Parte Desjardins dated December 5, 2025, Examiner disagrees as the amended claim 1 does not involve or recite any machine learning technology. Also, the technology recited in claim 1 does not reflect any improvement to the client-server system, instead it is simply implementing the steps of “securely authenticat[ing] a user via biometric input, manual user input and/or detecting current conditions;…, a digital signature is computed to sign over an object that includes one or more attributes and input data … on condition that the user has been authenticated; the signed object being transmitted from the client to a relying party; upon receiving the signed digital object from the client, to verify the signed digital object”. Hence, claim 1 continues to be rejected under 35 USC 101.
In response to the Applicant’s arguments under 35 USC 103, Applicant argues that the cited portions of Smith in view of Whaley fails to teach or suggest "a first circuit on a client device to securely authenticate a user using an authenticator of the client device via biometric input, manual user input and/or by detecting current conditions related to the client device...the signed digital object being verifiable by a relying party using a public key corresponding to the first private key upon the signed digital object being transmitted from the client device to the relying party" as none of the cited Smith portions teaches or suggests a circuit on a client device to perform authentication of a user using an authenticator of the client device. Also, Applicant argues that Smith in view of Whaley fails to teach or suggest "a digital signature is computed to sign over a digital object that includes one or more attributes of the authenticator and application data, the digital object being signed using a first private key maintained in the second circuit on condition that the user has been authenticated by the authenticator and that the user authorizes to proceed with the digital signature to sign over the digital object" as recited in amended claim 1.
Examiner respectfully disagrees as a first circuit refers to the (“authentication device attestation module (ADAM) 215” disclosed in ¶0042) located on a client device which refers to the (“Authentication device 102”) in Smith. Paragraph [0042] discloses “authentication device 102 as including authentication device attestation module (ADAM) 215. Paragraph [0046] discloses that Authentication device 102 may be configured to perform certain operations in response to receiving a BAIS from client device 101. Paragraph [0051] discloses ADAM 215 may cause authentication device 102 to sign its attestation information with one or more of its private keys. The attestation information of Smith is being referred to as the digital object which was signed by the authentication device 102. Then the signed attestation information (“signed digital object”) may then be transferred to client device 101 which is being interpreted as the transmission from a client device to a relying party (“authentication device 102 to the client device 101 of Smith”).
Applicant’s arguments are moot under new grounds of rejection.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-4 and 10-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-4, 13-19 and 20-23 are directed to a system and 10-12 are directed to a method. Therefore, these claims fall within the four statutory categories of invention.
The claims recite authenticating users which is an abstract idea. Specifically, the claim recites “securely authenticate a user via biometric input, manual user input and/or detecting current conditions;…, a digital signature is computed to sign over an object that includes one or more attributes and input data … on condition that the user has been authenticated; the signed object being transmitted from the client to a relying party; upon receiving the signed digital object from the client, to verify the signed digital object” which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test, classified under “fundamental economic principles or practices”, specifically “mitigating risk” as part of a transaction (See MPEP 2106, specifically 2106.04(a)) because – for example, in this case, the claims involve a series of steps for authenticating users, allowing them to generate digital signatures and being remotely authenticated by a relying party (see ¶00377 Specification). Accordingly, the claim recites an abstract idea (See MPEP 2106, specifically 2106.04(a)).
This judicial exception is not integrated into a practical application because the additional elements of the claims such as the use of an authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device as tools to perform an abstract idea and/or generally link the use of a judicial exception to a particular technological environment (See MPEP 2106, specifically 2106.04(d)). [The use of an authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment] does not render the claim patent eligible because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Specifically, the authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device perform the steps or functions of “securely authenticate a user via biometric input, manual user input and/or detecting current conditions;…, compute a signature to sign over an object that includes one or more attributes and input data … on condition that the user has been authenticated; the signed object being verifiable by a relying party upon the signed digital object being transmitted from the client to the relying party, wherein the relying party is to trust the input data within the signed digital object as untampered upon verification of the signed digital object”. The additional claim elements are not indicative of integration into a practical application, because the claims do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See MPEP 2106, specifically 2106.05), the additional elements of authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device, to perform the steps amounts to no more than using an authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device to automate and/or implement the abstract idea of authenticating users. As discussed above, taking the claim elements separately, the authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device perform the steps of “securely authenticate a user via biometric input, manual user input and/or detecting current conditions;…, a digital signature is computed to sign over an object that includes one or more attributes and input data … on condition that the user has been authenticated; the signed object being transmitted from the client to a relying party; upon receiving the signed digital object from the client, to verify the signed digital object”. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of authenticating users. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of an authenticator, a first circuit on a client device that comprises a second circuit to maintain a secure store of private keys, digital object, a pair of the public key and the first private key and a server device to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims further recite details of authenticating users before allowing them to compute digital signatures by processing input data and receiving authorization describing the abstract idea of authenticating users. The dependent claims recite additional elements such as “pluggable digest/hash circuitry/logic, secure transaction circuitry/logic, a blockchain, public key and server device”, however, they do not integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 10-16, 18-19 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 2014/0282945 A1) in view of Whaley et al. (US 2018/0204192 A1) and in further view of Varley et al. (US 2017/0251025 A1)
Regarding Claims 1 and 10, Smith discloses a system comprising:
A first circuit (“authentication device attestation module (ADAM) 215” ¶0042) on a client device (“Authentication device 102”) to securely authenticate a user using an authenticator of the client device (“Authentication device 102”) via biometric input, manual user input and/or by detecting current conditions related to the client device (“Authentication device 102”); and (¶0029, ¶0039, ¶0046)
A second circuit (“Authentication device 102”) to maintain a secure store of private keys (“Such keys may be stored in memory 210 and memory 203, respectively, or in another memory of authentication device 102”), wherein a digital signature is computed to [sign over a digital object that includes one or more attributes of the authenticator and application data], the digital object being signed using a first private key maintained in the second circuit on condition that the user has been authenticated by the authenticator and that the user authorizes to proceed with the digital signature to sign over the digital object (¶0051- “ADAM 215 may cause authentication device 102 to sign its attestation information with one or more of its private keys”)
the signed digital object being transmitted from the client device (Authentication device 102) to a relying party (client device 101) (¶0047 “once again, client device 101 is being interpreted as the relying party which receives an attestation signal from the Authentication device 102”) (¶0046, ¶0051, ¶0052 “once the signed attestation information is transferred to the client device 101 which is being interpreted as the ‘relying party’, the client device 101 verifies the authenticity of authentication device 102 using its public keys”)
and [a server device comprising the relying party], upon receiving the signed digital object from the client device (Authentication device 102), to verify the signed digital object using a public key corresponding to the first private key, wherein a pair of the public key and the first private key is associated with the authenticator (¶0046, ¶0051, ¶0052 “once the signed attestation information is transferred to the client device 101 which is being interpreted as the ‘relying party’, the client device 101 (relying party) verifies the authenticity of authentication device 102 using its public keys”)
Smith does not disclose: [sign over a digital object that includes one or more attributes of the authenticator and input data].
Whaley however discloses: sign over a digital object that includes one or more attributes of the authenticator and input data (¶0248-¶0252).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include [sign over a digital object that includes one or more attributes of the authenticator and input data], as disclosed in Whaley, in order to a system where any entity (such as a relying party) can verify the verification entity’s signature and that they have endorsed the information, therefore improving efficiency (see Whaley ¶0037).
The combination Smith in view Whaley does not specifically disclose [a server device comprising the relying party].
Varley however discloses: [a server device comprising the relying party] (¶0077, ¶0093, ¶0095 “RP server”, ¶0105 “users are able to safely collect attested data items and later share this data with RP servers”, ¶0108, ¶0213, ¶0265, ¶0267
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include [a server device comprising the relying party], as disclosed in Varley, in order to a system for distributed data verification
between a relying party server and a client device (see Varley abstract).
Regarding Claim 2, Smith discloses pluggable digest/hash circuitry/logic to be integrated into the second circuit and executed to compute the digital signature (¶0051)
Regarding Claims 3 and 11, the combination of Smith, Whaley and Varley disclose the invention as above.
Whaley further discloses wherein the pluggable digest/hash circuitry/logic include pre- processing circuitry/logic to pre-process the application data in a specified manner to generate the digital object (¶0248-¶0252).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the pluggable digest/hash circuitry/logic include pre- processing circuitry/logic to pre-process input data in a specified manner to generate the digital object, as disclosed in Whaley, in order to a system where any entity (such as a relying party) can verify the verification entity’s signature and that they have endorsed the information, therefore improving efficiency (see Whaley ¶0037).
Regarding Claims 4 and 12, Smith discloses secure transaction circuitry/logic to securely display valid information related to the application data prior to receiving authorization from the user to proceed with the digital signature (¶0073).
Regarding Claim 13, the combination of Smith, Whaley and Varley disclose the invention as above.
Whaley further discloses wherein the digital object includes one or more data fields not controlled by the authenticator (¶0248-¶0252).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the digital object includes one or more data fields not controlled by the authenticator, as disclosed in Whaley, in order to a system where any entity (such as a relying party) can verify the verification entity’s signature and that they have endorsed the information, therefore improving efficiency (see Whaley ¶0037).
Regarding Claim 14, the combination of Smith, Whaley and Varley disclose the invention as above.
Whaley further discloses wherein the one or more data fields not being controlled by the authenticator is marked with a number followed by a data structure (¶0166-¶0169).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the one or more data fields not being controlled by the authenticator is marked with a number followed by a data structure, as disclosed in Whaley, in order to a system where any entity (such as a relying party) can verify the verification entity’s signature and that they have endorsed the information, therefore improving efficiency (see Whaley ¶0037).
Regarding Claim 15, Smith discloses wherein the relying party is to identify which entity generates the pair of the public key and the first private key (¶0051, ¶0052).
Regarding Claim 16, Smith discloses wherein the digital signature is to indicate one or more properties of a user verification method to verify the user (¶0046, ¶0051, ¶0052).
Regarding Claim 18, the combination of Smith, Whaley and Varley disclose the invention as above.
Whaley further discloses wherein the digital object contains a bitcoin formatted message to be verified by the relying party (¶0005)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the digital object contains a bitcoin formatted message to be verified by the relying party, as disclosed in Whaley, in order to a system where any entity (such as a relying party) can verify the verification entity’s signature and that they have endorsed the information, therefore improving efficiency (see Whaley ¶0037).
Regarding Claim 19, the combination of Smith, Whaley and Varley disclose the invention as above.
Whaley further discloses wherein the signed digital object contains a block added to a blockchain along with the digital signature generated with the first private key (¶0287).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the signed digital object contains a block added to a blockchain along with the digital signature generated with the first private key, as disclosed in Whaley, in order to a system where any entity (such as a relying party) can verify the verification entity’s signature and that they have endorsed the information, therefore improving efficiency (see Whaley ¶0037).
Regarding Claim 22, the combination of Smith, Whaley and Varley disclose the invention as above.
Varley further discloses wherein the client device further comprises a set of decentralized identifier (DID) records, a DID record within the DID records indicating a DID and an attestation statement for the public key (¶0107, ¶0108)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include [wherein the client device further comprises a set of decentralized identifier (DID) records, a DID record within the DID records indicating a DID and an attestation statement for the public key], as disclosed in Varley, in order to a system for distributed data verification between a relying party server and a client device (see Varley abstract).
Claims 17 and 23 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Smith, Whaley, Varley and in further view of Lindemann et al. (2015/0121068 A1)
Regarding Claim 17, the combination of Smith, Whaley, Varley does not disclose wherein the one or more attributes of the authenticator and application data include one or more of a transaction text as confirmed by the user, an actual personal identification number (PIN) length, and a firmware version of the authenticator.
Lindemann however discloses wherein the one or more attributes of the authenticator and input data include one or more of a transaction text as confirmed by the user, an actual personal identification number (PIN) length, and a firmware version of the authenticator (¶0037, ¶0040).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the one or more attributes of the authenticator and input data include one or more of a transaction text as confirmed by the user, an actual personal identification number (PIN) length, and a firmware version of the authenticator, as disclosed in Lindemann, in order to provide strong network authentication for secure transactions (see Lindemann ¶0004).
Regarding Claim 23, the combination of Smith, Whaley and Varley does not disclose wherein the authenticator is registered at the server device upon the client device transmitting a registration response to the relying party with a signed nonce and the DID and the attestation statement meeting requirement of the relying party.
Lindemann however wherein the authenticator is registered at the server device upon the client device transmitting a registration response to the relying party with a signed nonce and the DID and the attestation statement meeting requirement of the relying party (¶0042).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the authenticator is registered at the server device upon the client device transmitting a registration response to the relying party with a signed nonce and the DID and the attestation statement meeting requirement of the relying party, as disclosed in Lindemann, in order to provide strong network authentication for secure transactions (see Lindemann ¶0004).
Claims 20-21 is rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Whaley in view of Varley and in further view of Lindemann (US 2016/0241403 A1)
Regarding Claim 20, the combination of Smith, Whaley and Varley does not disclose wherein the transaction text is to be displayed to the user for confirming a corresponding transaction, and wherein the transaction text is cryptographically bound to the digital signature
Lindemann however discloses wherein the transaction text is to be displayed to the user for confirming a corresponding transaction, and wherein the transaction text is cryptographically bound to the digital signature (¶0041).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Smith to include wherein the transaction text is to be displayed to the user for confirming a corresponding transaction, and wherein the transaction text is cryptographically bound to the digital signature, as disclosed in Lindemann, in order to provide strong network authentication for secure transactions (see Lindemann ¶0041).
Regarding Claim 21, Lindemann discloses wherein the first private key is accessible only to an application for which the first private key was generated or one or more applications that are considered equivalent by an operating system of the system (¶0037).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZEHRA RAZA/Examiner, Art Unit 3697
/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697