DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to preliminary amendment filed 1/16/2025. Claims 2-21 have been examined. This office action is Non-Final.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2, 6-12, and 16-21 are rejected under 35 U.S.C. 103 as being unpatentable over Coxe et al. (2015/0332029) in view of Kamal et al. (2019/0261169).
As per claim 2, Coxe discloses an identity network, comprising:
one or more processors (Coxe: para. 0156); and
a memory having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to (Coxe: para. 0156-0157):
receive a sign-up request for a user from a relying party, wherein the sign-up request includes requested information (Coxe: para. 0052, receive, a sign-up request for a user from a relying party, the sign-up request is (i.e. new account creation request) includes requested information (i.e. assertions/attributes));
receive a request for details of the sign-up request from an identity provider (Coxe: para. 0110, receive a selection, by the user choosing from the list of IDPs (i.e. details of the sign-up request));
in response to receiving the request for details of the sign-up request, provide the details of the sign-up request to the identity provider (Coxe: para. 0110, receiving a selection, by the user choosing from the list of IDPs);
receive, from the identity provider, a validation of authentication of the user (Coxe: para. 0113, validation of authentication of the user);
in response to receiving the validation, request, from the identity provider, the requested information (Coxe: para. 0110-0113, requested information);
receive from the identity provider at least a portion of the requested information (Coxe: para. 0113, receive from the identity provider at least a portion of the requested information and session identifier); and
transmit the at least the portion of the requested information to the relying party (Coxe: para. 0113, 0120, transmitting the encrypted requested information to the RP (relying party)).
Coxe does not disclose; however, Kamal discloses store a token associated with the user for the identity provider to create a stored relationship between the user and the identity provider.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to include store a token associated with the user from the identity provider to create a stored relationship between the user and identity provider of Kamal with Coxe, the motivation is that this is a security issue that the token is used to generate the fraud score (Kamal: para. 0053).
As per claim 6, Coxe discloses the identity network of claim 2, wherein: the token enables the identity provider to be identified as a previously selected identity provider in subsequent login attempts by the user (Coxe: para. 0112).
As per claim 7, Coxe discloses the identity network of claim 2, wherein the instructions further cause the one or more processors to: generate the token upon receiving a selection of the identity provider (Coxe: para. 0012).
As per claim 8, Coxe discloses the identity network of claim 2. Coxe further discloses wherein the instructions further cause the one or more processors to: receive the token from the user as part of a user selection of the identity provider (Coxe: para. 0112).
As per claim 9, rejected under similar basis as claim 1 above.
As per claim 10, Coxe discloses the method for using an authenticated digital identity in account creation of claim 9, further comprising: sharing a cryptographic key with the identity provider, wherein the validation is encrypted with the cryptographic key (Coxe: para. 0012, 0014.
As per claim 11, Coxe discloses the method for using an authenticated digital identity in account creation of claim 10, wherein: the cryptographic key is a unique key generated for a specific session associated with the sign-up request (Coxe: para. 0012, 0014, and 0136-0137).
As per claim 12, Coxe discloses the method for using an authenticated digital identity in account creation of claim 10, further comprising: generating the cryptographic key (Coxe: para. 0012, 0014).
As per claim 16, rejected under similar scope as claim 1 above.
As per claim 17, Coxe discloses the non-transitory computer-readable medium of claim 16, wherein the instructions further cause the one or more processors to: encrypting the at least the portion of the requested information with a cryptographic key prior to transmitting the at least the portion of the requested information to the relying party (Coxe: para. 0014).
As per claim 18, Coxe discloses the non-transitory computer-readable medium of claim 16, wherein the instructions further cause the one or more processors to: obtain other information regarding the user from a third party source; calculate a confidence score of the user based at least in part on the other information; and transmit the confidence score to the relying party (Coxe: para. 0050, transmit the confidence score to the relying party).
As per claim 19, Coxe and Kamal disclose the non-transitory computer-readable medium of claim 16, wherein the instructions further cause the one or more processors to: identifying suspicious activity associated with a user device of the user; and sending an alert to the identity provider about the suspicious activity (Kamal: para. 0050, fraud detection (i.e. suspicious activity).
Same motivation as claim 1 above.
As per claim 20, Coxe and Kamal disclose the non-transitory computer-readable medium of claim 19. Kamal further discloses wherein: identifying the suspicious activity associated with the user device comprises applying one or both of a suspicious activity model and a normal activity model to activity associated with the user device (Kamal: para. 0023, 0050, 0053, discloses applying a suspicious activity model).
Same motivation as claim 1 above.
As per claim 21, Coxe and Kamal disclose the non-transitory computer-readable medium of claim 16, wherein: provide a confidence score associated with a digital identity of the user to the relying party (Kamal: para. 0050).
Same motivation as claim 1 above.
Claim Objections
Claims 3-5, and 13-15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The prior art of Coxe (2015/0332029) and Kamal (2019/0261169) do not disclose or suggest the claims above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 7:00am-3:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip J Chea can be reached at (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
4/28/2026
/J.E.J/Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499
Prosecution Insights