DETAILED ACTION
The following NON-FINAL Office action is in response to Application filed on December 6, 2024 for application 18971236
Acknowledgements
Claims 21-33 have been added.
Claims 8-20 have been canceled.
Claims 1-7 and 21-33 are pending.
Claims 1-7 and 21-33 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Claims 8-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected species B and C, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 02/02/2026.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-7 and 21-33 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-7 are directed to a method, claims 21-27 are directed to a product (switching node) and claims 28-33 are directed to a non-transitory computer-readable medium. Therefore, these claims fall within the four statutory categories of invention.
The claims recite verifying identity of a user which is an abstract idea. Specifically, the claim recites “receiving encrypted data to verify an identity of a user account…; routing the encrypted data to verify the identity of the user account; receiving a registration request associated with the user account including a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account; receiving a response indicating that the identity of the user account is verified; in response to receiving the response registering the client ID with the at least one FIDO key; and transmitting a message to the relying party that the identity of the user account is verified” which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test, classified under “fundamental economic principles or practices”, specifically “mitigating risk” as part of a transaction (See MPEP 2106, specifically 2106.04(a)) because – for example, in this case, the claims involve a series of steps for verifying identity of a user associated with a contactless card and registering a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account. Accordingly, the claim recites an abstract idea (See MPEP 2106, specifically 2106.04(a)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See MPEP 2106.04(d)), the additional elements of the claims such as the use of a switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key merely involves using a computer as a tool to perform an abstract idea and/or generally links the use of a judicial exception to a particular technological environment. The use of a switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment] does not render the claim patent eligible because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Specifically, a switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key perform the steps or functions of “receiving encrypted data to verify an identity of a user account…; routing the encrypted data to verify the identity of the user account; receiving a registration request associated with the user account including a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account; receiving a response indicating that the identity of the user account is verified; in response to receiving the response registering the client ID with the at least one FIDO key; and transmitting a message to the relying party that the identity of the user account is verified”. The additional claim elements are not indicative of integration into a practical application, because the claims do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See MPEP 2106, specifically 2106.05), the additional elements of the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key, to perform the steps amounts to no more than using the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key to automate and/or implement the abstract idea of verifying identity of a user. As discussed above, taking the claim elements separately the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key perform the steps of Claim 1. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of verifying identity of a user. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims further describe the detailed steps required to registering the client ID with the at least one FIDO key such as storing the client ID and the associated at least one FIDO key and querying the database using the client ID from the subsequent authentication request to determine whether the client ID and associated at least one FIDO key are stored further elaborating on the abstract idea of verifying identity of a user. The dependent claims recite additional elements such as “the distributed storage system”, however, they do not integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7 and 21-33 are rejected under 35 U.S.C. 103 as being unpatentable over OSBORN et al. (US 2020/0265427 A1) in view of Nowak et al. (US 10,917,405 B2)
Regarding Claim 1, 21 and 28, OSBORN discloses: a method comprising:
receiving, at a switching node, encrypted data of a payment instrument (“¶0073 contactless card”) via a relying party server, the encrypted data to verify an identity of a user account associated with the payment instrument; (¶0047, ¶0048, ¶0064, ¶0195)
routing, by the switching node, the encrypted data to an authentication server to verify the identity of the user account; (¶0048, ¶0050 “verifying the MAC cryptogram may be performed by a device other than client device 110, such as a server 120”, ¶0084 “also referred to as server 320 may be configured to validate one or more credentials from contactless card 305 and/or client device 310 by comparison with one or more credentials in database”, ¶0165, ¶0172, ¶0175, ¶0178, ¶0179, ¶0180 “one or more servers may receive the encrypted data from the device and may decrypt it in order to compare the received data to record data accessible to the one or more servers”, ¶0196-¶0197)
[receiving, at the switching node, a registration request from a computing device associated with the user account], the registration request including a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account; (¶0185, ¶0190, ¶0196 “the tablet may transmit the user's contactless card information (e.g., account number, account holder name, account holder address, security code, a unique card identifier) and/or transaction information ( e.g., amount, merchant name, merchant location, date, time goods or services purchased) to the third-party to process a payment for the transaction)
receiving, by the switching node, a response from the authentication server indicating that the identity of the user account is verified; (¶0175 “a server activates a card and application may then displays a message indicating successful activation of the card”, ¶0181 “the one or more servers may transmit a return message based on the successful activation of the card”, ¶0193 “server 1310 may then perform any authentication processes necessary and sends the results of the authentication processes to client device”)
in response to receiving the response from the authentication server, registering, by the switching node, the client ID with the at least one FIDO key; and (¶0186, ¶0188, ¶0190, ¶0191 “Once the server 1310 receives the FIDO public key, the server 1310 may store the FIDO public key in the database in association with an account for the user”)
transmitting, by the switching node, a message to the relying party server that the identity of the user account is verified. (¶0159, ¶0161, ¶0180, ¶0188, ¶196)
OSBORN does not disclose: [receiving, at the switching node, a registration request from a computing device associated with the user account].
Nowak however discloses:
[receiving, at the switching node, a registration request from a computing device associated with the user account] (Col. 4 lines 57-59, Col. 6 lines 34-67 )
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the method of OSBORN to include “[receiving, at the switching node, a registration request from a computing device associated with the user account]”, as disclosed in Nowak, in order to provide a platform for providing a variety of FIDO authentication services to clients (see Nowak abstract).
Regarding Claims 2, 23, and 29, OSBORN discloses: wherein registering the client ID with the at least one FIDO key includes storing, by the switching node, the client ID and the associated at least one FIDO key in a distributed storage system associated with the switching node (¶0191).
Regarding Claims 3, 23 and 30, OSBORN discloses: storing, by the switching node, the client ID and the associated at least one FIDO key in the distributed storage system for a predetermined period of time (¶0191).; and removing the client ID and the associated at least one FIDO key from the distributed storage system after the predetermined period of time has expired (¶0113).
Regarding Claims 4, 24 and 31, OSBORN discloses: wherein the processing circuit is further caused to: receive, from the relying party server, a subsequent authentication request including the at least one FIDO key and the client ID; query the distributed storage system using the client ID from the subsequent authentication request to determine whether the client ID and associated at least one FIDO key are stored in the distributed storage system; in response to the client ID and associated at least one FIDO key being stored in the distributed storage system, access the associated at least one FIDO key in the distributed storage system; and compare the at least one FIDO key in the distributed storage system to the at least one FIDO key received in the subsequent authentication request (¶0175 “a server activates a card and application may then displays a message indicating successful activation of the card”, ¶0181 “the one or more servers may transmit a return message based on the successful activation of the card”, ¶0193 “server 1310 may then perform any authentication processes necessary and sends the results of the authentication processes to client device”)
Regarding Claims 5 and 25, OSBORN discloses: in response to the at least one FIDO key from the subsequent authentication request corresponding to the at least one FIDO key associated with the client ID in the distributed storage system, authorizing, by the switching node, the subsequent authentication request (¶0186, ¶0188, ¶0190, ¶0191 “Once the server 1310 receives the FIDO public key, the server 1310 may store the FIDO public key in the database in association with an account for the user”)
Regarding Claims 6, 26 and 32, OSBORN discloses: before storing the client ID and the associated at least one FIDO key in the distributed storage system: sending a request, by the switching node, to a computing device associated with the user account to permit the switching node to store the client ID and the at least one FIDO key in the distributed storage system; and receiving a message, at the switching node and from the computing device, indicating the switching node is authorized to store the client ID and the associated at least one FIDO key in the distributed storage system (¶0165, ¶0172, ¶0175, ¶0178, ¶0179, ¶0180 “one or more servers may receive the encrypted data from the device and may decrypt it in order to compare the received data to record data accessible to the one or more servers”, ¶0196-¶0197)
Regarding Claims 7, 27 and 33, OSBORN discloses: in response to the computing device of the relying party server receiving the indication that the user account is verified, permitting a transaction to proceed or permitting an access request to proceed (¶0159, ¶0161, ¶0180, ¶0188, ¶196).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZEHRA RAZA/Examiner, Art Unit 3697
/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697