Prosecution Insights
Last updated: July 17, 2026
Application No. 18/929,346

SYSTEMS AND METHODS FOR PROTECTING THE IDENTITY OF USERS AND ENTITIES

Final Rejection §103
Filed
Oct 28, 2024
Examiner
KORZUCH, WILLIAM R
Art Unit
2491
Tech Center
2400 — Computer Networks
Assignee
Wells Fargo Bank, N.A.
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
1y 7m
Est. Remaining
75%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
3 granted / 4 resolved
+17.0% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
6 currently pending
Career history
12
Total Applications
across all art units

Statute-Specific Performance

§103
89.5%
+49.5% vs TC avg
§102
7.9%
-32.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 4 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed on May 4, 2026 have been fully considered but they are not persuasive. Applicant asserts on page 12, “[i]n particular, Cona does not disclose or suggest selecting an identity token from a set of identity tokens for a particular data request and defining the second subset of unprotected attributes for that request as the attributes included in the selected identity token.” It is the Examiner’s position that Cona mentions in paragraph [0039] that EDIT tokens enable a user to have multiple digital identities that can each be tailored with individual rights and personal data for discrete purposes. Cona also teaches in paragraph [0049], “it is possible to create a digital identity and a specific identifier with specific set of credentials to be used for a particular service provider or for situations where only those specific credentials are needed.” This would be an EDIT token from a set of identity tokens for a particular request and would contain the attributes in the selected token that are required for the particular situation. Applicant further asserts, “Cona in [0005] states: "[digital identity] is also sometimes used more generally to include the digital 'footprint' left by an individual's activities online, such as their browsing history and the content of cookies or online postings" Therefore, using a digital identity that is associated with usage data or browsing history in Cona is not responsive to updating a usage log of an identity pass corresponding with a data request, the usage log being stored as part of the identity pass and comprising entries indicating, for a plurality of data requests handled by the identity pass, at least the data request and the second subset of identity attributes provided in response to the data request. Cona does not disclose or suggest a usage log at the identity-pass level in which each entry identifies both the particular data request and the subset of identity attributes disclosed in response to that request. The other references of record are silent with respect to such features.” It is the Examiner’s position that Cona does disclose the usage log being stored as part of the identity pass (Cona, paragraph [0005}, “usage data with service providers”) and the usage data would include the data requests and the second subset of the attributes provided in response to the data requests (Cona, paragraph [0063], “[t]he specific transaction data stored in the distributed ledger may be limited to the verification transaction (e.g., the EDIT, the nature of the action requested, a timestamp).” It would have been obvious to provide the identity pass with access to the usage log ledger since it would provide the identity pass with the usage data (“log”) as taught by Cona (Paragraph [0005]). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 7-10, 13-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over CONA et al (U.S. Patent Publication 2019/0333054, hereinafter “Cona”) in view of Sweeney et al (International Publication WO 2019/210391, hereinafter “Sweeney”). Regarding claim 1, Cona teaches a first computing system (Cona, Figure 2) comprising at least one processor and at least one memory coupled to the at least one processor, wherein the at least one processor is configured to: receive an identity pass request for a user (Cona, paragraph [0080], “submit a request for a digital identity”); receive at least attributes associated with the user (Cona, paragraph [0082], “identity information”); transmit an authentication request for at least one verifiable credential of the user (Cona, paragraph [0083], “IdP personnel may then validate the identity and qualifications to determine if the user should be accredited for the privilege set/access rights requested and generate a digital identity credential”); receive the at least one verifiable credential of the user (Cona, paragraph [0083], “generate a digital identity credential”); generate an identity pass comprising a set of identity tokens (Cona, paragraph [0084], “a digital identity may include an EDIT as an access token”) and the at least one verifiable credential, wherein the set of identity tokens comprises at least a first identity token comprising attributes of the user (Cona, paragraph [0084], “that includes an appropriate “claim” for the user”); generate a graphical user interface (GUI) comprising a representation of the identity pass (Cona, Figure 1(a) shows a graphical representation of a “Digital Identity”); receive a data request corresponding with the at least one verifiable credential or at least one of the set of identity tokens of the identity pass (Cona, paragraph [0054], “When a user submits a request for a transaction with a service provider…. An EDIT may be used to verify the required qualification data for the digital identity to allow the transaction to proceed”), wherein the data request is for an exchange (transaction) using an exchange instrument (digital wallet), by the user, or providing at least one of the attributes of the user; verify the at least one verifiable credential based at least on verifying a cryptographic object (Cona, paragraph [0054], “the hash”), an issuer, or a status of the at least one verifiable credential; responsive to verifying the at least one verifiable credential, determine, based at least on the data request, a first subset of the attributes corresponding with protected information of the user and a second subset of the attributes corresponding with unprotected information of the user (Cona, paragraph [0062], “verifying proof of the right to obtain the data requested for the circumstances”, that is depending on the circumstances, some of the user data is protected and some is unprotected), wherein the second subset comprises attributes included in the at least one identity token selected for use in satisfying the data request (Cona, paragraph [0049], “[w]ith a system of the invention, it is possible to create a digital identity and a specific identifier with specific set of credentials to be used for a particular service provider or for situations where only those specific credentials are needed”); access a data storage storing the identity pass, wherein accessing comprises querying for unprotected information of the user corresponding with the at least one of the set of identity tokens, and wherein the query returns the unprotected information to satisfy the exchange or permit access to at least one of the attributes of the user (Cona, paragraph [0062], “what type of information was provided”); transmit, to a second computing system, the unprotected information to satisfy the data request (Cona, paragraph [0062], “the request for, and exchange of, user personal data”), or, permit access, to the second computing system, to the unprotected information to satisfy the data request; and update a usage log of the identity pass corresponding with the data request (Cona, paragraph [0062], “A history of that “due process” request transaction (i.e., the request for, and exchange of, user personal data…..may be recorded in the ledger”), the usage log being stored as part of the identity pass (Cona, paragraph [0005}, “usage data with service providers”) and comprising entries indicating, for a plurality of data requests, at least the data request and the second subset of the attributes provided in response to the data request (Cona, paragraph [0063], “[t]he specific transaction data stored in the distributed ledger may be limited to the verification transaction (e.g., the EDIT, the nature of the action requested, a timestamp)”) . Cona does not specify whether the identity pass includes one or more interactive elements, wherein selection of the one or more interactive elements comprises updating the representation corresponding with the identity pass. Sweeney shows in Figure 2O-3O that it is known for identity passes to include one or more interactive elements, wherein selection of the one or more interactive elements comprises updating the representation corresponding with the identity pass (i.e. the graphical representation changes as you interact with it). Therefore, it would have been it would have been obvious to one of ordinary skill in the art at the time of filing the invention to make the identity pass of Cona to be interactive as taught by Sweeney. The rationale is as follows: One of ordinary skill in the art would have been motivated to make the pass interactive so that the user can control what information that they want to share (See Figure 3N of Sweeney). Furthermore, it would have been obvious to one of ordinary skill in the art at the time of filing the invention to provide the interactive identity pass of Cona in view of Sweeney with access to the usage log ledger. The rationale is as follows: One of ordinary skill in the art would have been motivated to provide the interactive identity pass of Kona in view of Sweeney with access to the usage log ledger since it would provide the identity pass with the usage data (“log”) as taught by Cona (Paragraph [0005]). Regarding claim 2, Cona teaches (Paragraph [0005]) that a digital identity as shown in Figure 1(a) can include “usage data with service providers”). Selecting the usage data of the identity pass would update the representation of the identity pass to present the usage log, and when the usage log is updated so will be the representation of the identity pass in the GUI, when it is selected. Regarding claim 3, Cona further shows wherein the identity pass is stored on a distributed ledger and the distributed ledger is a semi-private distributed ledger allowing selective access to the distributed ledger (See Cona, paragraph [0062] for description of the distributed ledger). Regarding claim 4, Cona further shows wherein the authentication request is transmitted to the user (See Cona, paragraphs [0083]-[0085] where the digital identity credential is transmitted to the user), a government entity, or third-party. Regarding claim 5, Cona further shows wherein the query returns the unprotected information and the at least one processor is further configured to determine, based at least on the data request, a portion of the unprotected information to satisfy the data request (See Cona, paragraph [0062]). Regarding claim 7, Cona further shows wherein the at least one processor is further configured to: verify, using at least one authentication protocol, the data request; and transmit, to the second computing system, the at least one of the set of identity tokens (See Cona, paragraph [0079], “the user must be authorized to access the data requested under a tiered access system”). With regard to claims 8 and 13, they are the method claims that correspond to system claims 1 and 3 above, and are therefore rejected for the same reasons. Regarding claim 9, Cona further teaches updating the identity pass (See Cona, paragraph [0023], “the modification of a digital identity”). Regarding claim 10, Cona further teaches generating a second identity token of the set of identity tokens (Cona, paragraph [0038], “access tokens”) comprising access credentials corresponding to the exchange instrument. Regarding claim 14, Cona teaches wherein the identity pass request is generated responsive to an onboarding process (See Cona, paragraph [0080], “a user may submit a request for a digital identity credential to an authorized IdP”). With regard to claims 15 and 17-19, they are the computer readable medium claims that correspond to claims 1-3 and 5 above, and are therefore rejected for the same reasons. Regrading claim 20, Cona teaches the at least one processor is further configured to generate a second identity token of the set of identity tokens (Cona, paragraph [0023], “access tokens”) comprising access credentials corresponding to the exchange instrument. Claims 6, 11, 12 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over CONA et al (U.S. Patent Publication 2019/0333054, hereinafter “Cona”) in view of Sweeney et al (International Publication WO 2019/210391, hereinafter “Sweeney”) as applied to claims 1, 8 and 15 above, and further in view of Cinaqui Pereira et al (U.S. Patent 12,192,370, hereinafter “Cinaqui Pereira”). Regarding claims 6, 11 and 16, Cona does teach generating a second identity token (Paragraphs [0038] and [0039], “access tokens” and “multiple digital identities”) comprising supplementary information and updating the identity pass based at least on the second identity token (Cona, paragraph [0062]). Cona in view of Sweeney does not teach requiring user approval to receive the information. Cinaqui Pereira teaches (Columns 8 and 9, claim 5) a user approving or denying a request for information. It would have been obvious to one of ordinary skill in the art at the time of filing the invention to provide the user of Kona in view of Sweeney with the ability to approve or deny a request for information as taught by Cinaqui Pereira. The rationale is as follows: One of ordinary skill in the art would have been motivated to provide the user of Kona in view of Sweeney with the ability to approve or deny a request for information as taught by Cinaqui Pereira so that the user can control the information that they want to share. Regrading claim 12, Cona does not specifically mention credit score as part of the personal data of a user. Official Notice is taken that a credit score is known personal data to be associated with a digital identity. It would have been obvious to one of ordinary skill in the art at the time of filing the invention to provide the digital identity of Kona in view of Sweeney and Cinaqui Pereira with credit score information. The rationale is as follows: One of ordinary skill in the art would have been motivated to provide the digital identity of Kona in view of Sweeney and Cinaqui Pereira with credit score information so that the user could use their digital identity in financial transactions, such as applying for a credit card or personal loan, where it would be required. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM R KORZUCH whose telephone number is (571)272-7589. The examiner can normally be reached Mon.-Fri. 8:00-4:00. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /WILLIAM R KORZUCH/Supervisory Patent Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

Oct 28, 2024
Application Filed
Feb 05, 2026
Non-Final Rejection mailed — §103
Apr 20, 2026
Interview Requested
Apr 29, 2026
Applicant Interview (Telephonic)
Apr 30, 2026
Examiner Interview Summary
May 04, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12684243
BACK LIGHT CORRECTING DEVICE, METHOD OF OPERATING BACK LIGHT CORRECTING DEVICE, PROGRAM OF OPERATING BACK LIGHT CORRECTING DEVICE, AND IMAGING APPARATUS
2y 0m to grant Granted Jul 14, 2026
Patent 12615268
DETECTING MALICIOUS BEHAVIOR FROM HANDSHAKE PROTOCOLS USING MACHINE LEARNING
3y 7m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 2 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
75%
With Interview (+0.0%)
3y 3m (~1y 7m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 4 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month