Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 01/12/2026. Claims 1-22 are currently pending in the filing of 01/12/2026, claims 1-22 were pending in the previous filing of 12/07/2023. No new claims have been added and no claims have been cancelled.
Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 103
The applicant’s remarks, on pages 7-11 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7, 11-18, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over US 20230073938 to Robinson-Morgan et al. (hereinafter Robinson), in view of US 20230247060 to Geusz et al. (hereinafter Geusz).
Regarding claim 1, Robinson teaches,
A verification platform for verification of a digital credential for verifying a human user, comprising: (Abstract & fig. 1, teaches identity provider (IDP) 102 that interfaces with relying party 112, issuer 108, and user mobile device 104, where credential authentication is being performed.)
a relying party communication interface operative to receive a request for verification of a human user's identity from a relying party; (Abstract, teaches “receiving, by an identity provider (IDP) computing device, an identity request from a relying party”.)
a user device communication interface in operative communication with a user device associated with the human user, the user device communication interface operative to receive from the user device a user digital credential stored locally at the user device in response to the request for verification from the relying party, (Abstract & fig. 1, teach IDP 102 the receives request from mobile device 104 of user 106 that includes a verifiable credential, including an identity request from a relying party to the IDP 102. [0019] teaches the IDP coordinating with user 106, issuer 108, verification provider 110, and relying party 112. [0043] teaches IDP 102 having different interfaces \ “user device communication interface”.) (Applicant’s printed publication at [0064] and fig. 7 teach a user device communication interface 714 of the verification platform 708, where UCI 714 receives data from the user 704. Fig. 4, issue credential 424 teaches the credential being stored in the mobile device 104 of user 106.) the digital credential having been issued to the human user by an issuing authority independent from the verification platform; (fig. 1, issuer 108 is independent of IDP 102 and verification provider 110. [0020] teaches issuer is associated with public keys. [0022] teaches issuer 198 being government agencies, banks, employers, etc.. Fig. 4, issue credential 424 teaches the credential being stored in the mobile device 104 of user 106 being issued by issuer 108. [0015] teaches the identity provider acts as an issuer or as a service for issuing of the credential. [0034] teaches IDP 102 supporting the issuer 108 which issues the credential. Thus, the issuer 108 may issue the credential.)
a standards (Abstract, teaches that the IDP can verify the credential, from the user, using the issuer’s public key. [0020] teaches the IDP having a public key database storing keys from different issuers. [0064] IDP 102 may be aware of the type of data in the credential that is needed / sufficient for a particular usage by the relying party, such as age verification for alcohol purchases.) (Applicant’s printed publication at [0061] and fig. 7 teach a standards abstraction layer 716 of the verification platform 708.)
a verification engine operative to access the digital identity credentialling database and retrieve the issuing authority credentialling standard associated the issuing authority of the user digital credential and apply the issuing authority credentialling standard to the user digital credential to perform a verification operation on the user digital credential; and (Abstract & fig. 1, teach IDP then “verifying the verifiable credential based on a public key associated with an issuer of the verifiable credential.” [0020] & fig. 1 teach a verification provider 110 that works with the IDP, which are both separate from the issuer 108, to perform the verification. [0023] teaches the public key of issuer 108 is stored in IDP 102. [0045] teaches IDP 102 retrieving pubic key of issuer 108 associated with the credential and then checking the signature associated with the credential using the public key. [0034] teaches standards being used with the credential to give a level of assurance in the user’s claimed identity. Fig. 1 & [0036] teaches the IDP 102 supporting the issuer, by confirming the mobile device 104 / application 116 is supposed to share the credential and that the credential is sufficient in view of the relying party’s request. See also, [0064] teaching the determination of credential sufficiency based on the contents of the credential.)
wherein the relying party communication interface returns an outcome of the verification operation to the relying party in response to completion of the verification operation. (Abstract, teaches the IDP verifying the credential based on the public key of the issuer of the credential, and transmitting a link to the relying party, and providing identity data to the relying party. Fig. 1 & [0038] teaches the IDP 102 performing the verification of the credential, provided by the application 116 of the user’s 106 mobile device 104, and providing authorization of the credential to the relying party 112.) (Applicant’s printed publication at [0064-65] and fig. 7 teaches that the relying party communication interface 712 of the verification platform 708 returns the verification outcome to the relying party 706.)
Robinson fails to explicitly teach standards abstraction layer,
However, Geusz teaches,
a standards abstraction layer comprising (fig. 1 & [0047], teaches credential management system providing “layer abstraction” to credentials regardless of the credential format. [0048] teaches formatting the credentials to support a protocol to gain access and request service. See also, fig. 6 & [0114].)
wherein the relying party communication interface returns an outcome of the verification operation to the relying party in response to completion of the verification operation. (fig. 1 & [0049-50] teach credential management system and/or access management compute device 150 performing the verification and indicating verification success or performing formatting to allow another service to use the credentials for verification.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Robinson, which teaches an identity provider that verifies user’s credentials (Abstract, fig. 1, & [0036]) and also teaches standards being applied to determine credential sufficiency to protect user identity ([0036]), with Geusz, which also teaches credential management service \ identity provider to verify credentials (0049-50]), and additionally teaches using “layer abstraction” to format the credentials for the proper protocol to allow for verification ([0048-49]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Robinson with the added ability to use a management service that uses layer abstraction to format credentials to the proper format to allow for verification according to a protocol, as taught by Geusz, for the purpose of increasing security and increasing computational efficiency by formatting credentials to optimize verification.
Regarding claim 2, Robinson and Geusz teach,
The verification platform of claim 1,
wherein the request for verification of a human user's identity is received from the relying party in response to the human user selecting to verify the human user's identity using the user digital credential (Robinson, fig. 1 & [0036] teaches user request to interact with relying party 112, then application 116 of user device calls services 118 of IDP 102 to perform verification using the credential, including determining if the credential is sufficient, whether to share the credential.) at a website of the relying party. (Robinson, [0018] teaches that network 114 of fig. 1 may be the internet.)
Regarding claim 3, Robinson and Geusz teach,
The verification platform of claim 2,
wherein the user digital credential comprises a cryptographically secure digital document issued to the human user and stored on the user device. (Robinson, [0034] teaches that the credential may be a “mobile driver's license (mDL).” See also at least [0043] teaching driver’s license credential.)
Regarding claim 4, Robinson and Geusz teach,
The verification platform of claim 1, wherein the user device is associated with the human user by a telephone number, email, or application installed at the user device. (Robinson, fig. 1, teaches application 116. [0022] teaches the use of a phone number. [0069] teaches the user providing a phone number or email address as an ID option.)
Regarding claim 5, Robinson and Geusz teach,
The verification platform of claim 3, wherein the user digital credential is selected by the human user at the user device, and the user digital credential is sent to the user device communication interface in response to selection of the user digital credential. (Robinson, [0038] teaches the user of the mobile device 104 / application 116 consents to share the share the credential before sending to IDP 102.)
Regarding claim 6, Robinson and Geusz teach,
The verification platform of claim 5, wherein the user digital credential selection is prompted by the user device communication interface in response to receipt of the request for verification of the human user's identity from the relying party. (Robinson, [0036] teaches relying party request for verification. [0038] also teaches relying party 112 requesting credential and verification, and then user consents to the sharing of the credential, so that it may be verified.)
Regarding claim 7, Robinson and Geusz teach,
The verification platform of claim 5, wherein the user digital credential is selected from any one of a plurality of digital identities of the human user stored at the user device. (Robinson, [0063] teaches different credentials, where a specific credential is selected. [0053] teaches the selection of credentials based on different factors / weights.)
Regarding claim 11, Robinson and Geusz teach,
The verification platform of claim 1, wherein the request comprises at least one of a request from the human user to establish an account with the relying party based on the user digital credential or a request to access an account previously established using the user digital credential. (Robinson, [0033-35] teach creating / registering credentials.)
Regarding claim 12, Robinson and Geusz teach,
A method for verification of a digital credential of a human user, comprising:
receiving a request for verification of a human user's identity from a relying party;
receiving from a user device associated with the human user a user digital credential stored locally at the user device in response to the request for verification from the relying party, the proffered digital credential having been issued to the human user by an issuing authority independent from a verification platform;
storing a plurality of issuing authority credentialling standards that each define verification of a digital credential issued by an issuing authority;
perform a verification operation on the user digital credential by retrieving an issuing authority credentialling standard associated with the issuing authority of the user digital credential and applying the issuing authority credentialling standard to the user digital credential; and
returning an outcome of the verification operation to the relying party in response to completion of the verification operation.
Claim 12 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 13, Robinson and Geusz teach,
The method of claim 12, wherein the request for verification of a human user's identity is received from the relying party in response to the human user selecting to verify the human user's identity using the user digital credential at a website of the relying party.
Claim 13 is rejected using the same basis of arguments used to reject claim 2 above.
Regarding claim 14, Robinson and Geusz teach,
The method of claim 13, wherein the user digital credential comprises a cryptographically secure digital document issued to the human user and stored on the user device.
Claim 14 is rejected using the same basis of arguments used to reject claim 3 above.
Regarding claim 15, Robinson and Geusz teach,
The method of claim 12, wherein the user device is associated with the human user by a telephone number, email, or application installed at the user device.
Claim 15 is rejected using the same basis of arguments used to reject claim 4 above.
Regarding claim 16, Robinson and Geusz teach,
The method of claim 14, wherein the user digital credential is selected by the human user at the user device, and the user digital credential is sent to the user device communication interface in response to selection of the user digital credential.
Claim 16 is rejected using the same basis of arguments used to reject claim 5 above.
Regarding claim 17, Robinson and Geusz teach,
The method of claim 16, wherein the user digital credential selection is prompted by the user device communication interface in response to receipt of the request for verification of the human user's identity from the relying party.
Claim 17 is rejected using the same basis of arguments used to reject claim 6 above.
Regarding claim 18, Robinson and Geusz teach,
The method of claim 16, wherein the user digital credential is selected from any one of a plurality of digital identities of the human user stored at the user device.
Claim 18 is rejected using the same basis of arguments used to reject claim 7 above.
Regarding claim 22, Robinson and Geusz teach,
The method of claim 12, wherein the request comprises at least one of a request from the human user to establish an account with the relying party based on the user digital credential or a request to access an account previously established using the user digital credential.
Claim 22 is rejected using the same basis of arguments used to reject claim 11 above.
Claims 8-9 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Robinson, in view of Geusz, in view of US 20200334430 to Gupta et al. (hereinafter Gupta).
Regarding claim 8, Robinson and Geusz teach,
The verification platform of claim 1,
Robinson and Geusz fail to explicitly teach providing a portion of an identity for verification,
However, Gupta teaches,
wherein the request comprises a discrete information request relating to less than all identifying information provided by the user digital credential, and wherein the outcome of the verification operation provides only information of the discrete information request. ([0062] teaches a user selecting a portion of an identity (SSI) for transmission for verification.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Robinson, which teaches an identity provider that verifies user’s credentials (Abstract, fig. 1, & [0036]) and also teaches standards being applied to determine credential sufficiency to protect user identity ([0036]) including self sovereign identity (SSI) ([0021]), with Gupta, which also teaches identity systems of a user sending identifying information to a service provider and verification of the identifying information including SSI identities (Abstract), and additionally teaches the user being able to selection a portion of the SSI (identifier) for transmission ([0062]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Robinson with the added ability to only provide a portion of a larger identity, as taught by Gupta, for the purpose of increasing security by only providing the necessary portions of the credential and not transmitting unneeded personal information which increases computational and network efficiency.
Regarding claim 9, Robinson, Geusz, and Gupta teaches,
The verification platform of claim 8, wherein the human user authorizes utilization of the information of the discrete information request prior to the verification engine performing the verification operation. ([0062] teaches a user selecting a portion of an identity (SSI) for transmission for verification.)
Regarding claim 19, Robinson, Geusz, and Gupta teaches,
The method of claim 12, wherein the request comprises a discrete information request relating to less than all identifying information provided by the user digital credential, and wherein the outcome of the verification operation provides only information of the discrete information request.
Claim 19 is rejected using the same basis of arguments used to reject claim 8 above.
Regarding claim 20, Robinson, Geusz, and Gupta teaches,
The method of claim 19, wherein the human user authorizes utilization of the information of the discrete information request prior to performing the verification operation.
Claim 20 is rejected using the same basis of arguments used to reject claim 9 above.
Claims 10 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Robinson, in view of Geusz, in view of US 20190089702 to Bhatt et al. (hereinafter Bhatt).
Regarding claim 10, Robinson and Geusz teach,
The verification platform of claim 1,
Robinson teaches using biometric authentication and including biometrics in the credentials, discussed further below, but Robinson and Geusz fail to explicitly teach authenticating the biometric credential with another biometric scan,
However, Bhatt teaches,
wherein the user digital credential is associated with biometric information regarding the human user, and wherein the user device collects and provides measured biometric information from the human user using the user device for comparison to the biometric information in the verification operation. (Bhatt, Abstract, teaches biometric authentication at a device, and [0042-43], teaches biometric authentication using a token / credential to perform local authentication.) (As discussed above, Robinson, [0072] teaches biometric authentication and [0022] teaches biometrics included in the credential.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Robinson, which teaches an identity provider 102 (fig. 1) that verifies user’s credentials (Abstract, fig. 1, & [0036]) and also teaches standards being applied to determine credential sufficiency to protect user identity ([0036]), with Bhatt, which also teaches an identity provider 102 that performs verification / authentication using biometrics locally (fig. 1, Abstract), and additionally teaches using a token / credential to perform local authentication. One of ordinary skill in the art would have been motivated to perform such an addition to provide Robinson with the added ability to utilize the biometric credential token to perform local authentication at the user’s device, as taught by Gupta, for the purpose of increasing security by not having to send a biometric credential over a network and also lessens the need for network messaging while performing biometric authentication locally.
Regarding claim 21, Robinson, Geusz, and Bhatt teaches,
The method of claim 12, wherein the user digital credential is associated with biometric information regarding the human user, and wherein the user device collects and provides the biometric information from the human user using the user device.
Claim 21 is rejected using the same basis of arguments used to reject claim 10 above
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942. The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/B.W.A./
/JASON K GEE/Primary Examiner, Art Unit 2495