DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is a Non-Final Office Action in response to Applicant’s response to election/restriction filed on May 21, 2026.
Claims 1-7, and 14-26 have been examined in this application. Claims 8-13 are cancelled and claims 21-26 are newly presented.
The information disclosure statement (IDS) filed on June 25, 2026 has been considered.
Election/Restrictions
Claims 8-13 are cancelled from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on May 21, 2026.
Claim Objections
Claims 6-7 are objected to because of the following informalities: the claims recite limitation directed to the biometric device and client device, which are outside the claimed scope of claim 1. The claims should be cancelled or the devices should be positively recited as being part of the claimed scope that is claimed in claim 1. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 6-7, 19, and 26 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Per claims 6-7, 19 and 26, the claims recite “an identity of the user.” The claims at issue depend from claims that already recite “an identity of the user.” Therefore, it is not clear whether the “an identity of the user” in the claims at issue is referring to the same or different identity of the user.
Dependent claim 7 is rejected for mere dependency on the rejected claim.
Per claims 5, 18, and 25 the claims recite “wherein registering the user comprises publishing a registration entry on a distributed ledger.” The claimed entity that is performing the claimed scope is not defined by the Specification as comprising the distributed ledger/blockchain. As a result, the scope of the claims is not clear because it is not known whether the entity performing the functions comprises the blockchain or that the entity claimed merely sends the data to the blockchain for registration. For purposes of examination, the latter interpretation is used and any teaching of said interpretation is deemed as reading on the claims.
Per claims 19-20, and 26 the claims recite “the computing device to at least verify an identity of the user based at least in part on biometric data of the user obtained via a biometric security device” and “wherein the biometric security device is integrated within the client device.” The client device and the biometric security device are outside the scope of the claimed computing device; see Figure 1 and related text. Therefore, the scope of the claims is deemed indefinite. Any teaching of a computing device that verifies a user and user membership will be deemed as reading on the claimed scope.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-7, and 14-26 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claims 1-7, and 14-26 fall within at least one of the four categories of patent eligible subject matter (process, machine, manufacture, or composition of matter).
Claims 1-7, and 14-26 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of provisioning authentication data without significantly more.
The abstract idea is categorized under mathematical concepts, and mental processes. The abstract idea is further linked to mathematical formulas, relationships, calculations, and equations. Likewise the abstract idea is further linked to concepts performed in the human mind such as observation, evaluation, judgement, opinion, and performing these concepts using pen-and-paper. The claimed scope, under the broadest reasonable interpretation, is directed to registration of a user with a program by verifying the user using user identity, verify membership of the user with the program using a calculated algorithm that can be done using pen-and-paper, sending the calculation via verbal or written means, generate a corresponding calculation / algorithm using the proof calculation/algorithm and providing using verbal or written means the authentication to a user. The above is exemplary of both mental and mathematical concepts, which the claims capture.
Claim 1 recites:
A method, comprising:
receiving a request to register a user with a verification program;
registering the user with the verification program in response to verifying an identity of the user;
generating a verifier kit corresponding to a zero-knowledge proof algorithm, the verifier kit comprising a first application that verifies a proof of membership in the verification program according to the zero-knowledge proof algorithm;
providing the verifier kit to a transaction terminal;
generating a prover kit corresponding to the zero-knowledge proof algorithm, the prover kit comprising a second application by which the proof of membership can be generated according to the zero-knowledge proof algorithm; and
providing the prover kit to a client device associated with the user.
The judicial exception is not integrated into a practical application. The claims recite the following additional elements: A computing device comprising a processor and a memory; and machine-readable instructions stored in the memory, non-transitory, computer-readable medium, comprising machine-readable instructions, and a processor of a computing device. The additional elements are recited at a high level of generality, wherein the claims merely amount to an abstract idea that is implemented using generic computers, performing generic computer functions such as receiving data, analyzing the data, generating data, and sending data or outputting a response. Each of the additional elements / limitations are no more than mere instructions to apply the exception using generic computer components or a generic device. Accordingly, even in combination, the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to merely instructions to apply the exception using generic computer components. The claim limitations do not improve another technology or technical field, improve the functioning of a computer itself, apply the abstract idea with, or by use of, a particular machine (not a generic computer, not adding the words "apply it" or words equivalent to "apply the abstract idea", not mere instructions to implement an abstract idea on a computer, adding insignificant extra solution activity to the judicial exception, generally linking the user of the judicial exception to a particular technological environment or field of use), effects a transformation or reduction of a particular article to a different state or thing, or adds meaningful limitations that amount to more than generally linking the use of the abstract idea to a particular technological environment. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept.
The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea.
Claims 2-7 and related dependent claims linked to independent claims 14 and 21 recite additional elements such as obtaining a public key from a biometric security device, the public key derived from a private key and the private key corresponding to a biometric data of the user, which is obtained by the biometric security device. Such additional elements are also recited at a high level, capture mathematical concepts which can also be carried out mentally. The user device and the biometric security device are not part of the claimed scope, but even if they were such limitations / additional elements fail to amount to a practical application.
Per claims 3 and 4, the claim recites “, wherein registering the user with the verification program comprises generating a registration entry based at least in part on the public key” and “wherein the registration entry comprises corresponds to a cryptographic accumulator commitment generated using the public key.” The claim fails to include additional elements that amount to a practical application as the registration entry is high level amounting to mere instructions implemented on a generic device.
Per claim 5, the claim recites “wherein registering the user comprises publishing a registration entry on a distributed ledger.” The distributed ledger is not part of the claimed scope and thus the limitation amounts to mere sending of the registration to a blockchain instead of actually registering the user in the blockchain. Even if the blockchain is part of the claimed scope, said registration in the blockchain is high level, amounting to mere instruction being carried out by a generic device.
Per claim 6, the claim recites “further comprising verifying an identity of the user based at least in part on biometric data of the user obtained via a biometric security device.” The biometric security device is not part of the claimed scope. Merely obtaining data, the data being biometric data can be done by a user using their eyes to collect user facial or print data or other data that is deemed biometric.
Per claim 7, the biometric security device and the client device are not part of the claimed scope. Even if they were, they amount to mere generic devices performing generic functions to implement / apply the abstract idea.
Each of the additional elements / limitations are no more than mere instructions to apply the exception using generic computer components or a generic device. Accordingly, even in combination, the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
The dependent claims fail to recite additional elements that would amount to a practical application or amount to significantly more than the judicial exception as discussed above.
The claims are not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7, and 14-26 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2024/0169350 to Fiske (Fiske), in view of U.S. Patent Application Publication 2018/0270065 to Brown et al. (Brown).
Per claims 1, 14, and 21, Fiske teaches all of the following limitations:
A method, comprising [Abstract and Paragraphs 0001, 0027-0028]:
receiving a request to register a user with a verification program (user registers to enable card not present authentication) [Paragraph 0111];
registering the user with the verification program in response to verifying an identity of the user (user uses personal information along with a password for verification and registration) [Paragraph 0111-0116 and 0143 and 0256];
generating a verifier kit corresponding to a zero-knowledge proof algorithm, the verifier kit comprising a first application that verifies a proof of membership in the verification program according to the zero-knowledge proof algorithm (user information is obtained and used to generate authentication data to authenticate the user) [Paragraphs 0247-0248, 0250-0253 and 0260-0266];
providing the verifier kit to a transaction terminal (the data comprising the code and cryptographic data – determined as the kit is sent to service provider wherein the data is also provided to a blockchain network for validation) [Paragraphs 0250-0253 and 0266];
generating a prover kit corresponding to the zero-knowledge proof algorithm, the prover kit comprising a second application by which the proof of membership can be generated according to the zero-knowledge proof algorithm (verification of the data is carried out and generation of a proof or in this case prover kit is done and sent to user device) [Paragraphs 0268-0272, 0277-0280]; and
providing the prover kit to a client device associated with the user (user device receives proof either from blockchain or service provider system 185-usable interchangeably) [Paragraph 0280 see Also Figures 3 and 5].
Fiske does not explicitly disclose:
Though Fiske teaches generating a verification kit or data to be verified and generating a proof kit or prover kit comprising proof of user data using user biometric data and other user secure data, generation of secure data include a seed, private and public key, and signing the verification data, as indicated above, Fiske does not explicitly disclose generating a verifier kit corresponding to a zero-knowledge proof algorithm… and generating a prover kit corresponding to the zero-knowledge proof algorithm…
Brown teaches generating a verifier kit corresponding to a zero-knowledge proof algorithm… and generating a prover kit corresponding to the zero-knowledge proof algorithm… [Paragraphs 0009-0012 and Paragraphs 0150-0154].
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Fiske, which teaches utilizing secure user data to generate secure data using cryptographic means and sending the data for verification by a blockchain/issuer system, to include the teachings of Brown to explicitly disclose the use of a zero-knowledge proof algorithm to generate the verification and prover kit or data in motivation of optimizing security measures and providing an alternative means for authenticating the user and provisioning data to carry out a card not present transaction.
Per claims 2, 15, and 22, Fiske teaches obtaining a public key from a biometric security device associated with the user, the public key being derived from a private key, the private key corresponding to biometric data of the user that is obtained via the biometric security device [Paragraphs 0173-0177 and Figures 3E, 3F and 7-9].
Per claims 3, 16 and 23, Fiske teaches wherein registering the user with the verification program comprises generating a registration entry based at least in part on the public key [Paragraphs 0173-0177 and Figures 3E, 3F and 7-9].
Per claims 4, 17, and 24, Fiske teaches wherein the registration entry comprises corresponds to a cryptographic accumulator commitment generated using the public key (amount of transaction/transaction information is based on the public key) [Paragraphs 0268-0270, and 0285].
Per claims 5, 18, and 25, Fiske teaches wherein registering the user comprises publishing a registration entry on a distributed ledger [Paragraphs 0258].
Per claims 6, and 19, Fiske teaches verifying an identity of the user based at least in part on biometric data of the user obtained via a biometric security device [Paragraphs 0179].
These claims are outside the scope of the claims.
Per claims 7, and 20, Fiske teaches wherein the biometric security device is integrated within the client device [Paragraph 0104].
This claim is outside the scope of the claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on for PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EL MEHDI OUSSIR whose telephone number is (571)270-0191. The examiner can normally be reached M-F 9AM - 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha W. Patel can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sincerely,
/EL MEHDI OUSSIR/Primary Examiner, Art Unit 3699