DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This is a reply to the amendment filed on 01/05/2026, in which, claim(s) 1-18 are pending. Claim(s) 1, 8, 11, 13-14 and 16-18 are amended. No claim(s) are cancelled or newly added.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/30/2026 was filed after the mailing date of the non-Final Office Action on 11/19/2025. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Claim Objection:
Applicant’s arguments with respect to objection of claim(s) 1, 11 and 16-18 have been considered and are persuasive. The objection of claim(s) 1, 11 and 16-18 have been withdrawn in view of the amendment to claim.
Claim Rejections - 35 U.S.C. § 112:
Applicants’ arguments with respect to 35 U.S.C. 112(b) with rejection of claim(s) 8 and 13-14 have been fully considered and are persuasive. The rejection of 35 U.S.C. 112(b) of claim(s) 8 and 13-14 have been withdrawn in view of the amendment to claim.
Double Patenting Rejection:
Applicant’s remarks regarding double patenting rejections have been acknowledged. Applicant responds “Applicant hereby submits a Terminal Disclaimer concurrently with this Response to…”. However, no filing of a Terminal Disclaimer is received in the response.
Therefore, the double patenting rejections are maintained.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-18 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-11 of Patent 11,582,032.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-18 are anticipated by claims 1-11 of Patent 11,582,032.
Claims 1-18 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-12 of Patent 12,072,963.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-18 are anticipated by claims 1-12 of Patent 12,072,963.
Claims 1-18 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-14 of Copending Application 18/782,801.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Patent No. 11,582,032 (17/018,273)
Instant Application (18/783,017)
Claim 1. A system for sharing user preferences, pertaining to one or more products, without having the user reveal their identity, comprising:
a processor and a memory coupled to the processor, wherein the processor is configured to execute instructions stored in the memory for:
registering a user by,
receiving a set of biometric samples of the user, corresponding to one or more biometric factors,
processing the set of biometric samples to compute a Secret-Key (S1) corresponding to the user,
generating a Unique-Number (N1) using a random number generation algorithm,
applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1) to compute a Public-Key (P1), wherein the Function (F1) is based on Asymmetric Key Encryption, wherein the Function (F1) consumes the Secret-Key (S1) and the Unique-Number (N1) to compute the Public-Key (P1), wherein the Public-Key (P1) is distinct from the Secret-Key (S1),
capturing a set of attributes and preferences of the user pertaining to a category of products associated with one or more business categories,
storing the Unique-Number (N1) on a user device and in a data repository,
storing the set of attributes and preferences in the data repository, and
storing the Public-Key (P1) on the user device and in a peer-to-peer distributed hash-table;
authenticating the user by,
receiving a biometric sample captured from the user in real-time;
processing the biometric sample to generate a Secret-Key (S2);
fetching the Public-Key (P1) corresponding to the user from the user device;
computing a Real-Time-Unique-Number (N2) using the Public-Key (P1), the Secret-Key (S2) and the Function (F1);
authenticating the user based on comparison of the Real-Time-Unique-Number (N2) with the Unique-Number (N1) stored on the user device; and
recommending to an authenticated user, a candidate product from a product catalog associated with a business entity, based on the set of attributes and preferences associated with the authenticated user.
Claim 1. A system for managing tokenized personally identifiable information, comprising:
a processor; and a memory coupled to the processor, wherein the processor is configured to execute instructions stored in the memory for:
registering users on an authenticator application, based on a user registration process, including: registering a first user as an enterprise representative, registering a second user as an enterprise customer, and registering a third user as a law enforcement agent; wherein for each registered user: capturing authenticated personal identification information from an External Identity System, encrypting the authenticated personal identification information, and storing the encrypted personal identification information on the user's device; wherein for the second user: storing the encrypted personal identification information in an enterprise database, tokenizing the personal identification information by: dividing the encrypted information into data packets, assigning a unique identifier to each packet, storing the data packets and the unique identifiers in the enterprise database, and generating a master token linking all the unique identifiers corresponding to the second user, storing the master token in the enterprise database; registering users on applications: registering the first user on an enterprise application as the enterprise representative, registering the second user on the enterprise application as the enterprise customer, and registering the third user as the law enforcement agent on a law enforcement application; processing an information disclosure request by: receiving, through the law-enforcement application, the information disclosure request and the corresponding transaction identifier, if the law enforcement agent has not identified the enterprise customer under investigation; receiving, through the law-enforcement application, the information disclosure request and the corresponding tokenized enterprise customer identifier, if the law enforcement agent has identified the enterprise customer under investigation; authenticating the law enforcement agent's identity based on a user authentication process, identifying a target tokenized enterprise customer and a target enterprise representative corresponding to the transaction identifier listed in the information disclosure request, transmitting the information disclosure request to the target enterprise representative, authenticating the target enterprise representative's identity based on the user authentication process, affixing the target enterprise representative's biometrically authenticated digital signature, as a first signature, to the information disclosure request, transmitting the information disclosure request signed by the enterprise representative back to the law enforcement agent along with a second signature request, affixing the law enforcement agent's biometrically authenticated digital signature, as a second signature, to the information disclosure request, and decrypting the relevant encrypted enterprise customer identification information; and maintaining an audit log of all information disclosure requests along with the first signature and the second signature.
Claim 2. The system of claim 1, wherein the user registration process comprises: receiving a set of biometric samples of the user; processing the biometric samples to compute a Secret-Key (S1); generating a Unique-Number (N1) using a random number generation algorithm; applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1) to compute a Public-Key (P1), wherein the Function (F1) is based on Asymmetric Key Encryption; storing the Unique-Number (N1) on the user device and in a data repository; and storing the Public-Key (P1) on a storage device.
Patent No. 12,072,963 (17/481,468)
Instant Application (18/783,017)
Claim 1. A system for affixing a signature using biometric authentication, the system comprising:
a processor and a memory coupled to the processor, wherein the processor is configured to execute instructions stored in the memory for:
registering a user by,
receiving a set of biometric samples of the user, corresponding to one or more biometric factors,
processing the set of biometric samples to compute a Secret-Key (S1) corresponding to the user,
generating a Unique-Number (N1) using a random number generation algorithm,
applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1) to compute a Public-Key (P1),
storing the Unique-Number (N1) on a user device and in a data repository, and
storing the Public-Key (P1) on a storage device;
receiving a document signing request from an application, wherein the document signing request corresponds to a document to be signed;
initiating a first authentication process by,
receiving a biometric sample captured from the user in real-time,
processing the biometric sample to generate a Secret-Key (S2),
fetching the Public-Key (P1) corresponding to the user from the user device,
computing a Real-Time-Unique-Number (N2) using the Public-Key (P1), the Secret-Key (S2) and the Function (F1), and
authenticating the user based on comparison of the Real-Time-Unique-Number (N2) with the Unique-Number (N1) stored on the user device;
displaying contents of the document to be signed by the user upon successful first authentication of the user;
capturing the user's approval to affix the user's signature to the document;
initiating a second authentication process; and
transmitting the user's signature to the application upon successful first authentication and second authentication of the user.
Claim 1. A system for managing tokenized personally identifiable information, comprising:
a processor; and a memory coupled to the processor, wherein the processor is configured to execute instructions stored in the memory for:
registering users on an authenticator application, based on a user registration process, including: registering a first user as an enterprise representative, registering a second user as an enterprise customer, and registering a third user as a law enforcement agent; wherein for each registered user: capturing authenticated personal identification information from an External Identity System, encrypting the authenticated personal identification information, and storing the encrypted personal identification information on the user's device; wherein for the second user: storing the encrypted personal identification information in an enterprise database, tokenizing the personal identification information by: dividing the encrypted information into data packets, assigning a unique identifier to each packet, storing the data packets and the unique identifiers in the enterprise database, and generating a master token linking all the unique identifiers corresponding to the second user, storing the master token in the enterprise database; registering users on applications: registering the first user on an enterprise application as the enterprise representative, registering the second user on the enterprise application as the enterprise customer, and registering the third user as the law enforcement agent on a law enforcement application; processing an information disclosure request by: receiving, through the law-enforcement application, the information disclosure request and the corresponding transaction identifier, if the law enforcement agent has not identified the enterprise customer under investigation; receiving, through the law-enforcement application, the information disclosure request and the corresponding tokenized enterprise customer identifier, if the law enforcement agent has identified the enterprise customer under investigation; authenticating the law enforcement agent's identity based on a user authentication process, identifying a target tokenized enterprise customer and a target enterprise representative corresponding to the transaction identifier listed in the information disclosure request, transmitting the information disclosure request to the target enterprise representative, authenticating the target enterprise representative's identity based on the user authentication process, affixing the target enterprise representative's biometrically authenticated digital signature, as a first signature, to the information disclosure request, transmitting the information disclosure request signed by the enterprise representative back to the law enforcement agent along with a second signature request, affixing the law enforcement agent's biometrically authenticated digital signature, as a second signature, to the information disclosure request, and decrypting the relevant encrypted enterprise customer identification information; and maintaining an audit log of all information disclosure requests along with the first signature and the second signature.
Claim 2. The system of claim 1, wherein the user registration process comprises: receiving a set of biometric samples of the user; processing the biometric samples to compute a Secret-Key (S1); generating a Unique-Number (N1) using a random number generation algorithm; applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1) to compute a Public-Key (P1), wherein the Function (F1) is based on Asymmetric Key Encryption; storing the Unique-Number (N1) on the user device and in a data repository; and storing the Public-Key (P1) on a storage device.
Copending Application (18/782,801)
Instant Application (18/783,017)
Claim 1. A System for managing an Operating System using tokenized identity, the system comprising:
a processor and a memory coupled to the processor, wherein the processor is configured to execute instructions stored in the memory for:
a) maintaining a token repository, wherein the token repository is configured to maintain a user token, a Unique-Number, and a Public-Key corresponding to each user from a set of users; b) registering a user by, receiving a set of biometric samples of the user corresponding to one or more biometric factors, processing the set of biometric samples to compute a Secret-Key (S1) corresponding to the user, generating a Unique-Number (N1) using a random number generation algorithm, applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1) to compute a Public-Key (P1), storing the Unique-Number (N1) on a provisioned virtual remote device and in a token repository, wherein the provisioned virtual remote device is a virtual machine corresponding to the user, wherein the provisioned virtual remote device is hosted over a remote server, wherein the token repository is hosted over a centralized server and storing the Public-Key (P1) in the token repository, on the provisioned virtual remote device, and on a thin client application on a personal local device, receiving a user input on the thin client application corresponding to one or more immutable attributes of the user, generating an immutable attribute token for each immutable attribute, and storing the immutable attribute tokens along with the Public-Key (P1) in the token repository; c) transmitting to a user, a session signing request from a proxy-user management application, wherein the proxy-user management application is integrated with a device Operating System (OS), wherein the session signing request corresponds to a user-authenticated session, on the device Operating System (OS), wherein the session signing request is received via a thin client session running on a client device; d) initiating a first authentication process for authenticating the user via the thin client session by, receiving a biometric sample captured from the user in real-time, processing the biometric sample to generate a Secret-Key (S2), when using a thin client application on a personal local device, selecting the Public-Key (P1) from the thin client application, fetching the corresponding Public-Key (P1) from the token repository, computing a Real-Time-Unique-Number (N2) using the Public-Key (P1), the Secret-Key (S2) and the Function (F1), and authenticating the user based on comparison of the Real-Time-Unique-Number (N2) with the Unique-Number (N1) stored in the token repository, when using a thin client application on a non-personal local device, receiving a user input corresponding to the one or more immutable attributes of the user, generating a token corresponding to each of the one or more immutable attributes, querying the token repository for the one or more tokens, fetching the public-keys (P1-Pn) corresponding to the one or more tokens, computing a Real-Time-Unique-Number (N2) for each Public-Key (P1-Pn), the Secret-Key (S2) and the Function (F1), identifying a target Real-Time-Unique-Number (N2t), wherein the target Real-Time-Unique-Number (N2t) matches the Unique-Number (N1) stored in the token repository, and authenticating the user based on comparison of the target Real-Time-Unique-Numbers (N2t) with the Unique-Number (N1) stored in the token repository; e) fetching from the token repository, a user token (T1) corresponding to the Unique-Number (N1); f) Identifying from a set of proxy-user management application instances, a proxy-user management application instance corresponding to the user token (T1); g) displaying a request to sign the proxy-user management application session and the corresponding device OS session; h) capturing the user's approval to affix the user's biometrically authenticated signature to the session; i) initiating a second authentication process; and j) recording the user's biometrically authenticated signature in the proxy-user management application session log.
Claim 1. A system for managing tokenized personally identifiable information, comprising:
a processor; and a memory coupled to the processor, wherein the processor is configured to execute instructions stored in the memory for:
registering users on an authenticator application, based on a user registration process, including: registering a first user as an enterprise representative, registering a second user as an enterprise customer, and registering a third user as a law enforcement agent; wherein for each registered user: capturing authenticated personal identification information from an External Identity System, encrypting the authenticated personal identification information, and storing the encrypted personal identification information on the user's device; wherein for the second user: storing the encrypted personal identification information in an enterprise database, tokenizing the personal identification information by: dividing the encrypted information into data packets, assigning a unique identifier to each packet, storing the data packets and the unique identifiers in the enterprise database, and generating a master token linking all the unique identifiers corresponding to the second user, storing the master token in the enterprise database; registering users on applications: registering the first user on an enterprise application as the enterprise representative, registering the second user on the enterprise application as the enterprise customer, and registering the third user as the law enforcement agent on a law enforcement application; processing an information disclosure request by: receiving, through the law-enforcement application, the information disclosure request and the corresponding transaction identifier, if the law enforcement agent has not identified the enterprise customer under investigation; receiving, through the law-enforcement application, the information disclosure request and the corresponding tokenized enterprise customer identifier, if the law enforcement agent has identified the enterprise customer under investigation; authenticating the law enforcement agent's identity based on a user authentication process, identifying a target tokenized enterprise customer and a target enterprise representative corresponding to the transaction identifier listed in the information disclosure request, transmitting the information disclosure request to the target enterprise representative, authenticating the target enterprise representative's identity based on the user authentication process, affixing the target enterprise representative's biometrically authenticated digital signature, as a first signature, to the information disclosure request, transmitting the information disclosure request signed by the enterprise representative back to the law enforcement agent along with a second signature request, affixing the law enforcement agent's biometrically authenticated digital signature, as a second signature, to the information disclosure request, and decrypting the relevant encrypted enterprise customer identification information; and maintaining an audit log of all information disclosure requests along with the first signature and the second signature.
Claim 2. The system of claim 1, wherein the user registration process comprises: receiving a set of biometric samples of the user; processing the biometric samples to compute a Secret-Key (S1); generating a Unique-Number (N1) using a random number generation algorithm; applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1) to compute a Public-Key (P1), wherein the Function (F1) is based on Asymmetric Key Encryption; storing the Unique-Number (N1) on the user device and in a data repository; and storing the Public-Key (P1) on a storage device.
Allowable Subject Matter
Claims 1-18 would be allowable if the Applicant overcomes double patenting rejection issued in this office action by filing a valid eTD.
Independent Claim(s) and their respective dependent claims would be allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:
In claims 1 and 17-18:
“identifying a target tokenized enterprise customer and a target enterprise representative corresponding to the transaction identifier listed in the information disclosure request,
transmitting the information disclosure request to the target enterprise representative,
authenticating the target enterprise representative's identity based on the user authentication process,
affixing the target enterprise representative’s biometrically authenticated digital signature, as a first signature, to the information disclosure request,
transmitting the information disclosure request signed by the enterprise representative back to the law enforcement agent along with a second signature request,
affixing the law enforcement agent’s biometrically authenticated digital signature, as a second signature, to the information disclosure request, and
decrypting the relevant encrypted enterprise customer identification information; and
maintaining an audit log of all information disclosure requests along with the first signature and the second signature” in combination with other limitations recited as specified in the independent claim(s).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497
Prosecution Insights