DETAILED ACTION
This Office Action is in response to the Amendment filed on 12/02/2025.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 12/02/2025, claim 1 has been amended.
Claims 1-20 have been examined and are pending; claims 1, 14, and 19 are independent. This Action is made FINAL.
Response to Arguments/Remarks
As to the claim interpretation, the Applicant has amended the claim 1 following Examiner suggestion, and subsystem components and their functionalities given full scope consideration of the claimed system.
As to the claim interpretation, under 112(f) to claims 1-13, the claim interpretations are maintained.
Applicant’s Remarks: the Applicant pointed out the guidelines and examples of MPEP 2181(I) and 2181(I)(A), and submits that the terms, “the back-end application system [ ] is configured ,” “identity broker system is configured to,” and “password manager system is configured to,” and “are not nonce terms, and the claims should not be interpreted under 112(f) (Applicant Arguments/Remarks, 12/02/2025, pages 9-10).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the addressed terms are nonce terms. The Examiner points out the reference that the Applicant pointed out contains the example “system for” as nonce terms that shall be interpreted under 112(f). The claim is directed to a system, containing a set of subsystems, calling “back-end application system, “identity broker system” and “password manager system.” These components are systems, without any structural modifier. “back-end application,” identity broker,” and “password manager” are noun modifier, and does not provide any context for structure.
Applicant’s arguments in the instant Amendment, filed on 12/02/2025, with respect to the prior-art rejections to claims 1-20, and limitations listed below, have been fully considered but they are not persuasive. The applied prior art continues to teach the claim limitations including the new limitations that are added or modified by the instant amendment.
Applicant’s Remarks: As to independent claims 1, 14, and 19, the Applicant submits that the applied prionart failed to teach the features, “generate a subject identifier for the user, wherein the subject identifier comprises a plurality of elements, wherein at least one of the plurality of elements comprises a subject identifier fragment, wherein the subject identifier fragment indicates a unique identifier string for the user.” Providing evidence, the Applicant submits that the Applied PriorArt Hassani, at best teaches a unique strings of characters associated with biometric information of the user, but does not include any other element. As the claims cites a plurality of elements of which at least one of them is subject identifier fragment (Applicant Arguments/Remarks, 12/02/2025, pages 7-8).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that applied PriorArt teaches the all the limitations of the independent claims, 1, 14, and 19, including the limitations addressed above by the Applicant. Claim does not refine as to what type/format of data is the subject identifier fragment is, and as to what format/structure of the whole set of data, including all the fragment/elements. Giving the broadest interpretation of the claim limitations, one of ordinary skill in the art, an identifier that contains a part that can be considered as “subject identifier fragment” and other part(s), would read on the limitations. Hassani reference teaches generating an authentication identifier, authentication identifier is a randomly generated unique string of characters [i.e., subject identifier fragment]. The authentication identifier includes or associated with [i.e., in addition to the string of characters] biometric template and personally identifiable information of the user [i.e., other elements/fragment] (Hassani: pars 0029-0030). Therefore, broadly interpreted Hassani teaches the claim limitations.
Additionally, as to the dependent claims 2, 15, and 20, the Applicant argues that the claims are (Applicant Arguments/Remarks, 12/02/2025, pages 11-12).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the dependent claims 2-6, 10-13, 15 and 17-20 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and the reference applied to the claims 2-6, 10-13, 15 and 17-20.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the Examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the Examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 14, 15, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hassani et al (“Hassani,” US 2020/0027091, published on 01/23/2020), in view of Griffin-Allwood et al (“Griffin-Allwood,” US 2025/0202882, filed on 12/14/2023).
As to claim 1, Hassani teaches a system (Hassani: pars 0016-0017; Fig 1, systems and methods of managing user’s authentication data for a decentralized cloud-based authentication in allowing user access to a system or entertainment service content), comprising:
a back-end application system, and password manager system, wherein the back-end application system is associated with a domain and is configured to: receive a content request for accessing content on the domain from a user device associated with a user (Hassani: pars 00017, 0023, 0042; Fig 1, a request for accessing the system or content served by the system is received from a user using a user device, associated with one of the cloud servers [i.e. associated with a domain]. Part of the system receive and process an access token [i.e., pass-key] [i.e., password manager system]); and
based on the content request, provide an identification request to an identity broker system; [ ] generate a subject identifier for the user, wherein the subject identifier comprises a plurality of elements, wherein at least one of the plurality of elements comprises a subject identifier fragment, wherein the subject identifier fragment indicates a unique identifier string for the user (Hassani: pars 0029-0030, generating an authentication identifier, authentication identifier is a randomly generated unique string of characters. The authentication identifier includes or associated with [i.e., in addition to the string of characters] biometric template and personally identifiable information of the user);
based on generating the subject identifier for the user [ ], generate a SPK for the user based on the subject identifier fragment from the subject identifier (Hassani: pars 0030, 0042, an access token [i.e., a secure pass-key] is generated from the authentication identifier); and
provide the SPK to the user device and to the password manager system; and the password manager system, wherein the password manager system is configured to: store the SPK received from the identity broker system (Hassani: pars 0030, 0042, the access token [i.e., pass-key] is sent to the user for the user to use access authentication);
receive the SPK from the user device (Hassani: pars 0030, 0042, the system receives the access token [i.e., pass-key] from user); and
grant access to the user device to content on the domain based on comparing the stored SPK with the received SPK (Hassani: pars 0030, 0042, the received access token [i.e., pass-key] is compared with a passkey to determine if there is a match, and if so, access may be granted).
While Hassani performs an enrolment process (Hassani: pars 0019, 0028), Hassani does not explicitly teach the identity broker system, wherein the identity broker system is configured to: based on receiving the identification request, determine whether the user is enrolled in subject identifier authentication; based on determining that the user is not enrolled in the subject identifier authentication; provide, to the user device, a request to enroll in secure pass key (SPK) authentication; based on receiving user input from the user device indicating approval to enroll in the SPK authentication.
However, in an analogous art, Griffin-Allwood teaches the identity broker system, wherein the identity broker system is configured to: based on receiving the identification request, determine whether the user is enrolled in subject identifier authentication (Griffin-Allwood: pars 0018, 0020, before redirecting the user on the client device to perform the login to the identity provider, performing an enrollment process to register the client device [i.e., determination that user is not enrolled with the user authentication information]);
based on determining that the user is not enrolled in the subject identifier authentication; provide, to the user device, a request to enroll in secure pass key (SPK) authentication; based on receiving user input from the user device indicating approval to enroll in the SPK authentication (Griffin-Allwood: pars 0018, 0020, performing an enrollment process to register the client device with the web service provider as a trusted device for SSO for the user, where during the enrollment process receiving, on the client device, user input to access the cryptographically protected resource provided by the web service provider; redirecting the user on the client device to perform a login).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Griffin-Allwood with the method/system of Hassani to include the limitation(s), the identity broker system, wherein the identity broker system is configured to: based on receiving the identification request, determine whether the user is enrolled in subject identifier authentication; based on determining that the user is not enrolled in the subject identifier authentication; provide, to the user device, a request to enroll in secure pass key (SPK) authentication; based on receiving user input from the user device indicating approval to enroll in the SPK authentication, where one would have been motivated for having the process to request the user to enroll and receiving user input to enroll for accessing service/content (Griffin-Allwood: pars 0018, 0020).
As to claim 2, the combination of Hassani and Griffin-Allwood teaches system of claim 1,
Hassani further teaches wherein the subject identifier is a decentralized identifier (DID), wherein the plurality of elements of the DID comprise a scheme element, a DID method element, and a namespace specific string, wherein a portion of the namespace specific string indicates the subject identifier fragment, and wherein the identity broker system is configured to generate the SPK for the user by: generating the SPK such that the subject identifier fragment indicated by the portion of the namespace specific string of the DID is the SPK (Hassani: pars 0016-0017, 0029-0030, 0042, a decentralized cloud-based authentication for system/content access associated with a cloud server. Generating an authentication identifier, authentication identifier is a randomly generated unique string of characters, and generating the access token [i.e., a secure pass-key] from the authentication identifier).
As to claim 3, the combination of Hassani and Griffin-Allwood teaches system of claim 1,
Griffin-Allwood further teaches wherein the content request indicates user information of the user and the identification request comprises the user information, and wherein the identity broker system is configured to determine whether the user is enrolled in the subject identifier authentication by: comparing the user information with stored information within a wallet system; and determining that the user is not enrolled in subject identifier authentication based on the comparison (Griffin-Allwood: pars 0018, 0020, before redirecting the user on the client device to perform the login to the identity provider, performing an enrollment process to register the client device [i.e., determination that user is not enrolled with the user authentication information]).
As to claim 14, Hassani teaches a method (Hassani: pars 0016-0017; Fig 1, systems and methods of managing user’s authentication data for a decentralized cloud-based authentication in allowing user access to a system or entertainment service content), comprising:
based on a content request for content from a user device associated with a user (Hassani: pars 00017, 0023; Fig 1, a request for accessing the system or content served by the system is received from a user using a user device), generating a subject identifier for the user, wherein the subject identifier comprises a plurality of elements, wherein at least one of the plurality of elements comprises a subject identifier fragment indicating a unique identifier string for the user (Hassani: pars 0029-0030, generating an authentication identifier, authentication identifier is a randomly generated unique string of characters);
based on generating the subject identifier for the user, generating a SPK for the user based on the subject identifier fragment from the subject identifier (Hassani: pars 0030, 0042, an access token [i.e., a secure pass-key] is generated from the authentication identifier. The authentication identifier includes or associated with [i.e., in addition to the string of characters] biometric template and personally identifiable information of the user); and
providing the SPK to the user device (Hassani: pars 0030, 0042, the access token [i.e., pass-key] is set to the user), wherein the user device accesses the requested content based on using the SPK (Hassani: pars 0030, 0042, the system receives the access token [i.e., pass-key] from user, and compare with a passkey to determine if there is a match, and if so, access may be granted).
While Hassani performs an enrolment process (Hassani: pars 0019, 0028), Hassani does not explicitly teach providing, to the user device, a request to enroll in secure pass key (SPK) authentication; based on receiving user input indicating approval to enroll in the SPK authentication.
However, in an analogous art, Griffin-Allwood teaches providing, to the user device, a request to enroll in secure pass key (SPK) authentication; based on receiving user input indicating approval to enroll in the SPK authentication (Griffin-Allwood: pars 0018, 0020, performing an enrollment process to register the client device with the web service provider as a trusted device for SSO for the user, where during the enrollment process receiving, on the client device, user input to access the cryptographically protected resource provided by the web service provider; redirecting the user on the client device to perform a login).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Griffin-Allwood with the method/system of Hassani to include the limitation(s), providing, to the user device, a request to enroll in secure pass key (SPK) authentication; based on receiving user input indicating approval to enroll in the SPK authentication, where one would have been motivated for having the process to request the user to enroll and receiving user input to enroll for accessing service/content (Griffin-Allwood: pars 0018, 0020).
As to claim 15, the claim is similar to the claim 2, and therefore, rejected for the same reason set forth above for claim 2.
As to claim 19, the claim is directed to a computer-readable medium, and the scope of the claim limitations is similar to the scope of claim 14, and therefore, rejected for the same reason set forth above for claim 1.
As to claim 20, the claim is similar to the claim 2, and therefore, rejected for the same reason set forth above for claim 2.
Allowable Subject Matter
The dependent claims 4, 6, 9, 11, 16, and 18, and their respective dependent claims 5, 7, 8, 10, 12, 13, and 17, are considered allowable over the cited prior art, but are objected, incorporating the reasons stated in the Non-Final office action mailed out on 09/25/2025.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355. The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/JAHANGIR KABIR/ Primary Examiner, Art Unit 2439