Prosecution Insights
Last updated: July 17, 2026
Application No. 18/593,736

AUTHENTICATING PRESENTED CREDENTIALS OF INDIVIDUALS

Final Rejection §101§103
Filed
Mar 01, 2024
Priority
Mar 04, 2023 — provisional 63/488,496
Examiner
CELANI, NICHOLAS P
Art Unit
2449
Tech Center
2400 — Computer Networks
Assignee
Lumen Vector LLC
OA Round
2 (Final)
46%
Grant Probability
Moderate
3-4
OA Rounds
10m
Est. Remaining
89%
With Interview

Examiner Intelligence

Grants 46% of resolved cases
46%
Career Allowance Rate
212 granted / 461 resolved
-12.0% vs TC avg
Strong +43% interview lift
Without
With
+42.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
32 currently pending
Career history
498
Total Applications
across all art units

Statute-Specific Performance

§101
3.1%
-36.9% vs TC avg
§103
88.4%
+48.4% vs TC avg
§102
1.1%
-38.9% vs TC avg
§112
5.9%
-34.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 461 resolved cases

Office Action

§101 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims The following claim(s) is/are pending in this office action: 1-7, 9-20 The following claim(s) is/are amended: 1-7, 9, 13-17, 19-20 The following claim(s) is/are cancelled: 8 The following claim(s) is/are new: - Claim(s) 1-7, 9-20 is/are rejected. This rejection is FINAL. Previous Rejections Withdrawn The 35 USC 112(b) rejection to claim(s) 20 is/are withdrawn based on the amendment. Response to Arguments Applicant’s arguments filed in the amendment filed 4/8/2026, have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below. Applicant’s Invention as Claimed Claim Rejections - 35 USC § 103 A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-7, 9-12 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Coffing (US Pub. 2009/0117883) in view of Hatti (US Pub. 2020/0295948) and further in view of Johansen (US Pub. 2018/0165849). With respect to Claim 1, Coffing teaches a method of authenticating an individual, comprising: registering, at the server device, a first user account for a first user, (para. 6, 95, 99, 109, 141; user creates profile that is stored in a database. para. 15, 27, 38; system provides access to profiles that include user-defined data such as name, phone number or contact information) receiving an authentication request from a second client device to authenticate a second identity of a second user of the second client device as an agent of the organization, the second user being associated with a second user account registered at the server device; (An agent of the organization will be taught later. paras. 69-70, 74, 78-80, 82; user logs in and server verifies the user’s identity.) generating, in response to the authentication request, a dynamic token associated with the authenticated identity object; (paras. 69-70, 80, 82; server generates tokens and provides them to the user’s device. paras. 15, 63, 69-70; tokens may be single use, finite use, or may expire over time.) providing the dynamic token to the second client device (para. 69-70, 80, 82; server generates tokens and provides them to client device.) receiving the dynamic token from a first client device, the dynamic token having been received by the first user of the first client device from the second user; (Fig. 1, para. 63, 70, 83; User A transmits token to User B. Fig. 4, para. 71; User B sends User A’s token that it has received to the authentication server.) authenticating, by the server device, the second identity of the second user as the agent of the organization based on: verifying that the dynamic token received from the first client device is associated with the authenticated identity object maintained at the server device; (paras. 71-73; server determines if token is valid by keeping a record of tokens as they are generated and looking up the received token on the list.) and providing, to the first client device, an indication of identity (IOI) indicating that the second user is the agent of the organization having the authenticated identity with respect to the first user. (para. 63, 71, 134; system returns User A’s profile to User B.) But Coffing does not explicitly teach an agent associated with an organization. Hatti, however, does teach registering, at a server device, an organization account for an organization; as an agent of the organization (Coffing already taught registration, however Hatti also teaches registration, see paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. To the extent the reference does not explicitly disclose an agency relationship, Examiner takes official notice of agents of an organization and it would have been obvious to one of ordinary skill prior to the effective filing date to register the agent relationship in order to allow for verification of that relationship. See also Johansen, para. 27; employee of a business.) Wherein the organization has an authenticated identity with respect to the first user; generating an authenticated identity object, based on receiving, from one or more of the organization account or the first user account, an indication of the authenticated identity of the organization with respect to the first user, wherein the authenticated identity object is a data object that represents the authenticated identity of the organization with respect to the first user; (para. 93; association record signed using a party’s private key. See also Johansen, para. 27, 38; customer is an account holder with an business. Both account and association records are identity objects. It would have been obvious to one of ordinary skill prior to the effective filing date to have a customer sign an account with a private key to verify themselves to the business, see Johansen, para. 61; verification of customer’s identity. See also Coffing, paras. 69-70, 74, 78-80, 82; user logs in and server verifies the user’s identity. Figs. 1-3, paras. 69-70, 74; authentication server stores user name and password that provide access to an account that has user ID, device ID and tokens.) wherein the authenticated identity object is maintained in a storage accessible to the server device, (paras. 46-47; verification system can access association record.) wherein the dynamic token indicates that the second user has access to the authenticated identity object; (A dynamic token was previously taught. paras. 46-47; Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records.) confirming that the second user is the agent of the organization based on the second user account having access to the authenticated identity object; (paras. 46-47; Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. See also Johansen, para. 57; display of account information to employee.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of Coffing with the registration of the organization in order to verify a person’s status of association with an organization. (Hatti, para. 1) But modified Coffing does not explicitly teach authenticating based on confirming the authenticated identity of the organization with respect to the first user. Johansen, however, does teach and wherein the first user account and the organization account each have access to the authenticated identity object; (paras. 33, 37-38, 46, 57; both user and employee of organization can view account information.) based on the organization account having given access to the authenticated identity object to the second user account; (paras. 33, 37-38, 46, 57; employee of organization can view account information.) confirming the authenticated identity of the organization with respect to the first user based on the authenticated identity object; (paras. 47-49; Selection of employee based upon customer’s account information and contact card is displayed for an employee. Therefore the authentication is based upon a confirmation of the identity object.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Coffing with the authenticating based on confirming the authenticated identity of the organization with respect to the first user in order to present only employees who are specialized for the customer to the customer. With respect to Claim 2, modified Coffing teaches the method of claim 1, and Johansen also teaches wherein the authenticated identity of the organization with respect to the first user is a pre-existing relationship of the first user and the organization. (para. 37; account information for a customer.) The same motivation to combine as the independent claim applies here. With respect to Claim 3, modified Coffing teaches the method of claim 1, and Hatti also teaches wherein receiving the indication of the authenticated identity includes receiving, from one or more of the first user account or the organization account, an indication of a trusted relationship between the organization and the first user. (paras. 96-97; system verifies association status of user. para. 116; system identifies status is valid. To the extent that the association does not explicitly identify a trust relationship, Examiner takes official notice of a trusted relationship and it would have been obvious to one of ordinary skill prior to the effective filing date to identify a trusted relationship as an association status in order to allow for verification of the trusted relationship. See also Johansen, para. 27, 38; customer is an account holder with an business.) The same motivation to combine as the independent claim applies here. With respect to Claim 4, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein receiving the authentication request is based on a secure login of the first user to the first user account, and wherein receiving the dynamic token is based on a secure login of the second user to the second user account. (paras. 69-70, 74, 78-80, 82; user logs in and server verifies the user’s identity. para. 133; User B logs in to gain access to the service. Para. 132; user A and User B may both provide data to authenticate that there is an intended transmittal between the users. Regardless, it would have been obvious to one of ordinary skill prior to the effective filing date to require a log in prior to submitting a token in order to keep track of messages sent and received between users and profiles viewed by users, see para. 38.) With respect to Claim 5, modified Coffing teaches the method of claim 4, and Coffing also teaches wherein the secure login of the first user account and of the second user account each includes an associated user providing a password and one or more biometrics on an associated client device. (paras. 17, 74, 79; login using password. para. 74, 88-89; credentials may include biometrics) With respect to Claim 6, modified Coffing teaches the method of claim 1, and Hatti also teaches wherein receiving the dynamic token from the first client device includes receiving, from the first client device, an indication of the organization. (paras. 47-48, 113; system requesting verification transmits organization id along with user id.) The same motivation to combine as the independent claim applies here. With respect to Claim 7, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein generating the authenticated identity object includes receiving identity information associated with one or more of the first user or the organization and associating the identity information with the authenticated identity object. (Figs. 1-3, paras. 69-70, 74; authentication server stores user name and password that provide access to an account that has user ID, device ID and tokens.) With respect to Claim 9, modified Coffing teaches the method of claim 7, and Coffing also teaches wherein providing the IOI includes providing, to the first client device, a portion of the identity information associated with the authenticated identity object. (para. 63, 71, 134; system returns User A’s profile to User B. para. 20, 24; token provides access to whatever granular detail of profile information the user wants to share.) With respect to Claim 10, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein the authenticated identity object maintained in the storage is encrypted. (para. 153; profile information may be encrypted. It would have been obvious to one of ordinary skill prior to the effective filing date to encrypt the stored profile in order to protect user information. See, e.g., para. 103; profile contains credit card information.) With respect to Claim 11, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein the dynamic token includes one or more of a quick read (QR) code, an alphanumeric code, a password, or a passphrase. (para. 155-156; system may use QR codes in same manner as tokens. Para. 72; token stores password information. Para. 96; generation of tokens due to random code such as a cryptographic key.) With respect to Claim 12, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein generating the dynamic token includes determining a time threshold for the dynamic token to expire. (para. 15, 63; tokens may be set to expire over time.) With respect to Claim 14, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein the dynamic token is received by the first user from the second user through a dialogue between the first user and the second user including one or more of in-person communication, telecommunication, messaging, or email. (Fig. 1, para. 63, 70, 83; User A transmits token to User B. para. 63, 85-86, 97; in person communication. Para. 67, 86; token passes over messaging or email.) With respect to Claim 15, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein the dynamic token is received by the first user from the second user through an interaction of the first user and the second user exchanging data through one or more of a QR code, a bar code, near-field communication (NFC), radio frequency identification (RFID), Bluetooth, or a data network. (para. 97; NFC. Para. 155-156; qr code) With respect to Claim 16, modified Coffing teaches the method of claim 1, and Coffing also teaches wherein receiving the dynamic token from the first client device is based on user input by the first user to the first client device. (para. 71; Request for another party’s profile, which suggests an input. Profile delivery may be due to subsequent input where input is prompted.) With respect to Claim 17, Coffing teaches a method of authenticating an individual, comprising: registering, at a server device, a first user account for a first user; (para. 6, 95, 99, 109, 141; user creates profile that is stored in a database. para. 15, 27, 38; system provides access to profiles that include user-defined data such as name, phone number or contact information) registering, at the server device, a second user account for a second user; (para. 6, 95, 99, 109, 141; user creates profile that is stored in a database. para. 15, 27, 38; system provides access to profiles that include user-defined data such as name, phone number or contact information) generating, based on the authentication request, a dynamic token associated with the authenticated identity object; (paras. 69-70, 80, 82; server generates tokens and provides them to the user’s device. paras. 15, 63, 69-70; tokens may be single use, finite use, or may expire over time.) providing the dynamic token to the first client device; (para. 69-70, 80, 82; server generates tokens and provides them to client device.) receiving the dynamic token from a second client device, the dynamic token having been received by the second user from the user of the first client device; (Fig. 1, para. 63, 70, 83; User A transmits token to User B. Fig. 4, para. 71; User B sends User A’s token that it has received to the authentication server.) determining, by the server device, that the identity of the user of the first client device is the authenticated identity of the first user based on: verifying that the dynamic token received from the second client device is associated with the authenticated identity object maintained at the server device; (Verifying association will be taught later. paras. 71-73; server determines if token is valid by keeping a record of tokens as they are generated and looking up the received token on the list.) and providing, to the second client device, an indication of identity (IOI) indicating that the user of the first client device is the first user having the authenticated identity with respect to the second user. (para. 63, 71, 134; system returns User A’s profile to User B.) But Coffing does not explicitly teach authenticating an association. Hatti, however, does teach generating an authenticated identity object based on receiving an indication of the authenticated identity of the first user from the second user account, wherein the authenticated identity object is a data object that represents the authenticated identity of the first user with respect to the second user; (para. 93; association record signed using a party’s private key. paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. Then see Johansen, paras. 33, 37-38, 46, 57; employee of organization can view account information. para. 27, 38; customer is an account holder with an business. Both account and association records are identity objects. See also Coffing, paras. 69-70, 74, 78-80, 82; user logs in and server verifies the user’s identity. Figs. 1-3, paras. 69-70, 74; authentication server stores user name and password that provide access to an account that has user ID, device ID and tokens.) wherein the authenticated identity object is maintained in a storage accessible to the server device, (paras. 46-47; verification system can access association record.) wherein the dynamic token indicates that the first user has access to the authenticated identity object; (A dynamic token was previously taught. paras. 46-47; Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records.) receiving an authentication request from a first client device to authenticate an identity of a user of the first client device as the authenticated identity of the first user with respect to the second user; (paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. To the extent the reference does not explicitly disclose an user to user association, Examiner takes official notice of agents of an organization and it would have been obvious to one of ordinary skill prior to the effective filing date to register the relationship in order to allow for verification of that relationship.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of Coffing with the authentication of an association in order to verify a person’s status of association with an organization. (Hatti, para. 1) But modified Coffing does not explicitly teach authenticating based on confirming the authenticated identity of the first user with respect to the second user. Johansen, however, does teach wherein the first user has an authenticated identity with respect to the second user; (First see Hatti, paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. Then see Johansen, paras. 33, 37-38, 46, 57; employee of organization can view account information.) and wherein the first user account and the second user account each have access to the authenticated identity object; (paras. 33, 37-38, 46, 57; both user and employee of organization can view account information.) confirming the authenticated identity of the first user with respect to the second user based on the authenticated identity object; (paras. 47-49; Selection of employee based upon customer’s account information and contact card is displayed for an employee. Therefore the authentication is based upon a confirmation of the identity object. See also Hatti, paras. 46-47; Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Coffing with the authenticating based on confirming the authenticated identity of the first user with respect to the second user in order to present only employees who are specialized for the customer to the customer. With respect to Claim 18, modified Coffing teaches the method of claim 17, and Coffing also teaches wherein the authenticated identity object is accessible to only the first user and the second user. (paras. 20, 24, 75; profile data may be shared granularly. Para. 15; profile contains private data. Therefore the identity object is only visible to the first user because the first user is the owner and the second user because the second user has a token that allows access.) With respect to Claim 19, Coffing teaches a method of authenticating a first user, the method comprising: receiving, at a server device, a request from a first client device to authenticate an identity of a user of the first client device with respect to a second user of a second client device; (Authenticating an association will be taught later. para. 6, 95, 99, 109, 141; user creates profile that is stored in a database. para. 15, 27, 38; system provides access to profiles that include user-defined data such as name, phone number or contact information. Fig. 1, para. 63, 70, 83; User A transmits token to User B. Fig. 4, para. 71; User B sends User A’s token that it has received to the authentication server.) generating, based on the request, a dynamic token associated with the authenticated identity object, (paras. 69-70, 80, 82; server generates tokens and provides them to the user’s device. paras. 15, 63, 69-70; tokens may be single use, finite use, or may expire over time.) providing the dynamic token to the first client device; (para. 69-70, 80, 82; server generates tokens and provides them to client device.) receiving the dynamic token from a second client device based on user input by a second user to the second client device, the dynamic token having been received by the second user from the first user; (Fig. 1, para. 63, 70, 83; User A transmits token to User B. Fig. 4, para. 71; User B sends User A’s token that it has received to the authentication server. para. 71; Request for another party’s profile, which suggests an input. Profile delivery may be due to subsequent input where input is prompted.) authenticating, by the server device, the identity of the user of the first client device is the authenticated identity of the first user with respect to the second user based on: verifying that the dynamic token received from the second client device is associated with the authenticated identity object maintained at the server device; (Verifying association will be taught later. paras. 71-73; server determines if token is valid by keeping a record of tokens as they are generated and looking up the received token on the list.) and providing, to the second client device, an indication of identity (IOI) indicating that the user of the first client device is the first user having the authenticated identity with respect to the second user. (para. 63, 71, 134; system returns User A’s profile to User B.) But Coffing does not explicitly teach authenticating an association. Hatti, however, does teach identifying an authenticated identity object, the authenticated identity object being a data object that represents the authenticated identity of the first user with respect to the second user, (para. 93; association record signed using a party’s private key. paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. See also Johansen, paras. 33, 37-38, 46, 57; employee of organization can view account information. para. 27, 38; customer is an account holder with an business. Both account and association records are identity objects. See also Coffing, paras. 69-70, 74, 78-80, 82; user logs in and server verifies the user’s identity. Figs. 1-3, paras. 69-70, 74; authentication server stores user name and password that provide access to an account that has user ID, device ID and tokens.) wherein the authenticated identity object is maintained in a storage accessible to the server device, (paras. 46-47; verification system can access association record.) wherein the dynamic token indicates that the first user is associated with the authenticated identity object; (A dynamic token was previously taught. paras. 46-47; Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of Coffing with the authentication of an association in order to verify a person’s status of association with an organization. (Hatti, para. 1) But modified Coffing does not explicitly teach authenticating based on confirming the authenticated identity of the first user with respect to the second user. Johansen, however, does teach wherein the first user has an authenticated identity with respect to the second user; (First see Hatti, paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. Then see Johansen, paras. 33, 37-38, 46, 57; employee of organization can view account information.) authenticate an identity of a first user of the first client device with respect to a second user of a second client device; authenticating, by the server device, the identity of the user of the first client device is the authenticated identity of the first user (First see Hatti, paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. To the extent the reference does not explicitly disclose an user to user association, Examiner takes official notice of agents of an organization and it would have been obvious to one of ordinary skill prior to the effective filing date to register the relationship in order to allow for verification of that relationship.) confirming the authenticated identity of the first user with respect to the second user based on the authenticated identity object; (paras. 47-49; Selection of employee based upon customer’s account information and contact card is displayed for an employee. Therefore the authentication is based upon a confirmation of the identity object. See also Hatti, paras. 46-47; Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Coffing with the authenticating based on confirming the authenticated identity of the first user with respect to the second user in order to present only employees who are specialized for the customer to the customer. With respect to Claim 20, modified Coffing teaches the method of claim 19, and Coffing also teaches further comprising: receiving a second request from the second client device to authenticate the identity of the second user; (This claim is essentially the reverse of Claim 19, and therefore the same citations apply because the system verifies User B in the same way it verifies User A. para. 6, 95, 99, 109, 141; user creates profile that is stored in a database. para. 15, 27, 38; system provides access to profiles that include user-defined data such as name, phone number or contact information.) generating, based on the second request, a second dynamic token associated with the authenticated identity object; (paras. 69-70, 80, 82; server generates tokens and provides them to the user’s device. paras. 15, 63, 69-70; tokens may be single use, finite use, or may expire over time.) providing the second dynamic token to the second client device; (para. 69-70, 80, 82; server generates tokens and provides them to client device.) receiving the dynamic token from the first client device based on user input of the first user to the first client device, the second dynamic token having been received by the first user from the second user; (Fig. 1, para. 63, 70, 83; User A transmits token to User B. Fig. 4, para. 71; User B sends User A’s token that it has received to the authentication server.) authenticating the identity of the second user with respect to the first user based on verifying that the second dynamic token received from the first device is associated with the authenticated identity object maintained at the server device; (Verifying association will be taught later. paras. 71-73; server determines if token is valid by keeping a record of tokens as they are generated and looking up the received token on the list.) and providing, to the first client device, an indication of the identity of the second user. (para. 63, 71, 134; system returns User A’s profile to User B.) and Hatti also teaches authenticating the identity of the second user with respect to the first user (paras. 46-47; verifier receives identity instance and extracts association record. Association record relates an organization ID to a user ID and includes association details. Para. 152; employment records. To the extent the reference does not explicitly disclose an user to user association, Examiner takes official notice of agents of an organization and it would have been obvious to one of ordinary skill prior to the effective filing date to register the relationship in order to allow for verification of that relationship.) The same motivation to combine as the independent claim applies here. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Coffing (US Pub. 2009/0117883) in view of Hatti (US Pub. 2020/0295948), in view of Johansen (US Pub. 2018/0165849) and further in view of Kwon (US Pub. 2022/0166769). With respect to Claim 13, modified Coffing teaches the method of claim 1, but does not teach end-to-end encryption. Kwon, however, does teach wherein providing the dynamic token to the first client device includes transmitting the dynamic token to the first client device through an end-to-end encrypted communication to the first client device, and receiving the dynamic token from the second client device includes receiving the dynamic token through an end-to-end encrypted communication from the second client device. (para. 57; communication of a token over a channel that is end-to-end encrypted.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Coffing with the end-to-end encryption in order to increase the security of the transfer of the token. Remarks Applicant argues at Remarks, pgs. 10-12 that Claims 1, 17 and 19 are nonobvious because Coffing does not disclose an authenticated identity object that “represents the authenticated identity of the organization with respect to the first user” and a dynamic token which “indicates that the second user has access to the authenticated identity object.” Spec, para. 24 defines an authenticated identity as one that is “confirmed, validated or otherwise authenticated by one or more entities.” Spec, para. 25 defines “authenticated identity object” as “a data or software object that is representative of an authenticated identity of an entity (e.g. a trusted relationship between parties).” Coffing discloses a token exchange mechanism is which a User B transmits a token to User A, and User A submits the token to an identification verification system which confirms the identity of User B. Applicant describes Coffing as “a system for exchanging access to a profile…it is apparent that Coffing does not describe subject matter related to any pre-existing authenticated identity…” Hatti discloses an identity verification tool. An organization in Hatti uses a private key. “The private key is used for signing any records in which an organization wants others to trust as authentic and untampered…In an embodiment, the association record is signed using the organization’s private key.” (para. 93) The association record “refers to information describing association of the subject of the present disclosure with an organization.” (para. 4) Hatti specifically contemplates the usage to verify “current and historical employment records.” (para. 152) Applicant does not discuss Hatti other than to state that in a general manner it does not cure the deficiencies of Coffing. Coffing in view of Hatti teach a system that allows an organization to attest to the employment of an employee, as it specifically contemplates the association being attested to as an employer/employee relationship. Further, the disclosure of Hatti would be equally applicable to any other association, because association is not limited. Regardless, Examiner thinks an exemplary association is helpful to cite as a means to concretely think about the claim scope and rejection, so Examiner now cites Johansen. Johansen discloses that a customer of a business has a customer account, and that employees of the business, as one would expect with any business that provides services, have access to the account in order to provide services to the customer. Johansen contemplates a financial customer account with balances (para. 38) and specialists such as home mortgage or business loan specialists that may interact with the account (paras. 27, 49). Johansen explicitly contemplates that when a customer seeks to contact the business, the customer account information may be used to identify an employee. The customer is presented with a business card of employees, (para. 48). Johansen identifies a financial customer association. Johansen and Hatti therefore contemplate using a private key to attest to the relationship, and in combination teach a chain of association from the customer to the financial services employer to the specialist loan officer employee, all of whom acknowledge their association and all of which are capable of accessing the relevant account information in order to effectuate the customer receiving banking services from the financial institution. Johansen further discloses the rationale of a customer being shown particular profiles based on their account association and the employee being shown customer information based on the same account association. In other words, to the extent amended Claim 1 requires that the system only identifies the second user as an agent to people who have an association with the organization (Examiner questions whether authenticating “based on” a confirmation of the association functions as a negative limitation that would exclude authenticating the agent’s identity to a first user that did not have an association) Johansen’s system is a system that provides profiles of particular employees based on the user’s location and account information and the employees availability. The employee being selected based on account information teaches the amended feature. As the amended Claim 1 requires both the first user/organization association and the organization/second user association, Examiner agrees Coffing in view of Hatti is insufficient to teach the full scope and adds Johansen. To the extent that Applicant’s argument is that Coffing fails to teach authenticated identity objects and Hatti does not cure, Examiner disagrees inasmuch as Hatti discloses an attestation of association. The amended claims are obvious over the combination above. Examiner supplements the record to make a concern of record. Examiner questions whether the claims are directed to eligible subject matter. Examiner thinks it is clear that the claims should not be rejected under 101 under Office procedure because the Office evaluates a practical application without respect to conventionality, see MPEP 2106.04(d)(I). (“Step 2A specifically excludes consideration of whether the additional elements represent well-understood, routine, conventional activity.”) All claims recite a dynamic token, which is a conventional feature in the art but improves security over a non-dynamic token. However, as evidenced by Coffing’s 2009 publication date and the Specification’s failure to provide an enabling teaching, dynamic tokens were well-understood, routine and conventional in computer security by the effective filing of the instant application. Examiner notes only that the Supreme Court “has long ‘warned…against’ interpreting 101 ‘in ways that make patent eligibility depend simply on the draftsman’s art.’” (Alice v. CLS Bank, 573 US 208 (2014)) The Office’s bright-line rule appears to create a situation where a claim is eligible simply because it includes a feature that at some time in the past may have improved the art, regardless of whether the instant claim is directed to eligible subject matter. Examiner is concerned because the instant claims appear to be directed to either a judgment or a business practice. Coffing, a 2009 publication, makes reference to analog business or contact cards in its background section. (Coffing, para. 3) Coffing provides a digital means for trading business or contact cards, which are conventionally known to include employment information. Hatti discloses identity verification that explicitly uses association information such as employment information. Johansen discloses contact cards for employees of a business. The use of an analog card to transfer contact and employment information is conventional. By the time of the effective filing, the use of a digital dataset that simulated the analog contact card and the transfer of that dataset between computing devices was conventional. The instant Claim 1 performs the act of “providing, to the first client device, an indication of identity (IOI) indicating that second user is the agent of the organization having the authenticated identity with respect to the first user.” In other words, the claim performs the act of transmitting identity information. With the exception of the dynamic token which was previously discussed as conventional, the entirety of Claim 1 is directed toward a judgment limiting under what circumstances to provide this information to a given user based upon the relationships between the user submitting the identification request, the agent that provided the token that purports to identify them, and the organization that employs the agent. This claim does not promote computer security, rather it makes what is accurately described as either a judgment or a business decision about when and to whom to call a real-world human authenticatedly identified, it merely uses a computer as a processing tool to perform the judgment. The functioning of Claim 1 is that a first user who has an association with the organization gets the identity of the agent, and presumably some other person who does not have an association does not. That information control is not a technological solution to a technological problem. Again, excepting the conventional dynamic token from the claim, the claim is little more than using a computer to perform a query/response with a gatekeeping judgment informing upon the character of the response about a topic that is unrelated to improving a computer. Examiner is concerned that the instant amendment does not assert nonobviousness in authenticating based on verifying a dynamic token, which is the only plausibly computer-related security in Claim 1, but instead creates limitations that deal with the analog acts of whether a user has an association with an organization (e.g. a customer relationship, see Spec, para. 78) or whether an organization employs a person, (Spec, para. 41) and asserts that those limitations create nonobvious emissions of IOI data. Examiner has the secondary function of helping Applicant to find patentable, which inherently requires eligible, subject matter and Examiner supplements the record. Applicant may wish to consider that a claim that is nonobvious because of a judgment as to when to call an identity authenticated based on analog relationships simply memorialized on a computer may create enforceability problems. But Examiner’s primary function is to apply Office procedure. The claims assert a dynamic token. When conventionality is not considered, dynamic tokens are a practical application, and render the claim eligible. No eligibility rejection is proper. All claims are obvious and all claims are rejected. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205. The examiner can normally be reached on M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NICHOLAS P CELANI/Examiner, Art Unit 2449
Read full office action

Prosecution Timeline

Mar 01, 2024
Application Filed
Dec 10, 2025
Non-Final Rejection mailed — §101, §103
Mar 13, 2026
Interview Requested
Mar 23, 2026
Applicant Interview (Telephonic)
Mar 23, 2026
Examiner Interview Summary
Apr 08, 2026
Response Filed
May 21, 2026
Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682092
SYSTEMS AND METHODS FOR USER DATA COLLECTION
3y 8m to grant Granted Jul 14, 2026
Patent 12647250
CIPHERTEXT CONVERSION SYSTEM, CIPHERTEXT CONVERSION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM
1y 9m to grant Granted Jun 02, 2026
Patent 12634201
Detecting site locations of unknown network devices
4y 10m to grant Granted May 19, 2026
Patent 12625938
ELECTRONIC DEVICE FOR PERFORMING USER AUTHENTICATION BY USING USER BIOMETRIC INFORMATION, AND OPERATION METHOD THEREOF
4y 6m to grant Granted May 12, 2026
Patent 12592949
METHODS AND SYSTEMS FOR CATEGORIZING CYBER INCIDENT LOGS FEATURING DYNAMIC RELATIONSHIPS TO PRE-EXISTING CYBER INCIDENT REPORTS IN REAL-TIME
2y 5m to grant Granted Mar 31, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
46%
Grant Probability
89%
With Interview (+42.7%)
3y 2m (~10m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 461 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month