DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the amendment and response to office action filed 11/25/2020.
Claims 1-23 are currently pending and have been examined.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 07/20/2020 has been entered.

Response to Amendment/Arguments
101: Step 2A Prong 1
With respect to applicant’s argument, the basis of Examiner’s 101 determination is Alice, not XY, LLC nor In re American Academy of Science Tech Center. Under Alice, the claims continue to be not patent eligible.

101: Step 2A Prong 2
Applicant contends each of the purported abstract ideas in the independent claims are integrated with at least one technological element of the claim to meaningfully limit that claim. Examiner respectfully disagrees. First, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims.


101: Step 2B
With respect to applicant’s argument, the basis of Examiner’s 101 determination is Alice, not Amdocs (Israel) Ltd. nor DDR Holdings, LLC. Under Alice, the claims continue to be not patent eligible.

103
Applicant contends the references do not teach “the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, the identity data including information controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee”. However, this limitation is nonfunctional descriptive material and thus, does not serve to differentiate the claim from the prior art. See MPEP 2111.05; In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994); Ex parte Nehls, 88 USPQ2d 1883 (BPAI 2008).

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

The claims have been evaluated for patent subject matter eligibility under 35 U.S.C. 101 using the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

Claims 1-14 and 21:
Step 1
Claims 1-14 and 21 are directed to a computer-implemented method (i.e. process). Therefore, these claims fall within the four statutory categories of invention.



Step 2A Prong One
Claim 1 recites (i.e., sets forth or describes) encrypting data and decrypting data, an abstract idea. Specifically, but for the additional elements, Claim 1 under its broadest reasonable interpretation recites the following limitations grouped within the “mathematical concepts” grouping of abstract ideas because the claim recites mathematical calculations (mathematical operation), such as encryption and decryption.
Encrypted with the digital public key
Decrypted with the digital signing key
Accordingly, the claim recites an abstract idea. 

Step 2A Prong Two
Claim 1 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the additional elements “server computer” and “distributed ledger maintained solely in a computer network” merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims. Some additional elements amount to mere data gathering, which is a form of insignificant extra-solution activity (e.g. “receiving … a wage payment information from an employer regarding an employee”, “receiving … a copy of a digital public key uniquely associated with the employee”, “issuing … a transaction … performing wage issuance, along with identity data … the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, and the identity data including information controllable by the employee to designate which level of the multi-level identity data can be accessed using a data level code and a digital signing key belonging to the employee” and “receiving … a designation that identifies a third party with a level of the identity data of the employee, enabling the third-party accessing the level of the identity data … using the data level code”).

Step 2B
The additional elements, taken individually and in combination, do not result in claim 1, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “Receiving or transmitting data over a network”, “Storing and retrieving information in memory”, “Creating output data” and “Determining an outcome” are well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amount to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 2-14 and 21 further recite (i.e., set forth or describe) the abstract idea of encrypting data and decrypting data. Each dependent claim as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Further, the additional elements in each dependent claim, taken individually and in combination, do not result in each dependent claim, as a whole, amounting to significantly more than the judicial exception. Therefore, the dependent claims are also not patent eligible.

Claims 15-17 and 22:
Step 1
Claims 15-17 and 22 are directed to a computer-implemented system (i.e. machine). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 15 recites (i.e., sets forth or describes) encrypting data and decrypting data, an abstract idea. Specifically, but for the additional elements, Claim 15 under its broadest reasonable interpretation recites the following limitations grouped within the “mathematical concepts” grouping of abstract ideas because the claim recites mathematical calculations (mathematical operation), such as encryption and decryption.
encrypted with the digital public key
decrypted with the digital signing key
Accordingly, the claim recites an abstract idea. 

Step 2A Prong Two
Claim 15 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the additional elements “processor”, “computer readable storage media storing computer code thereon” and “distributed ledger maintained solely in a computer network” merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims. Some additional elements amount to mere data gathering, which is a form of insignificant extra-solution activity (e.g. “receiving a wage payment information from an employer regarding an employee”, “receiving a copy of a digital public key uniquely associated with the employee”, “issuing a transaction … at a time of wage issuance, along with identity data … the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, and the identity data including information controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee” and “receiving … a designation that identifies a third party with a level of the identity data of the employee, enabling the third-party accessing the level of the identity data … using the data level code”.

Step 2B
The additional elements, taken individually and in combination, do not result in claim 15, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “Receiving or transmitting data over a network”, “Storing and retrieving information in memory”, “Creating output data” and “Determining an outcome” are well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amount to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 16-17 and 22 further recite (i.e., set forth or describe) the abstract idea of encrypting data and decrypting data. Each dependent claim as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Further, the additional elements in each dependent claim, taken individually and in combination, do not result in each dependent claim, as a whole, amounting to significantly more than the judicial exception. Therefore, the dependent claims are also not patent eligible.

Claims 18-20 and 23:
Step 1
Claims 18-20 and 23 are directed to a non-transitory computer-readable storage media (i.e. manufacture). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 18 recites (i.e., sets forth or describes) encrypting data and decrypting data, an abstract idea. Specifically, but for the additional elements, Claim 18 under its broadest reasonable interpretation recites the following limitations grouped within the “mathematical concepts” grouping of abstract ideas because the claim recites mathematical calculations (mathematical operation), such as encryption and decryption.
encrypted with the digital public key
decrypted with the digital signing key
Accordingly, the claim recites an abstract idea. 

Step 2A Prong Two
Claim 18 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the additional elements “computer code stored on the computer readable storage media, which when executed by a processor, causes the processor to perform the steps of” and “distributed ledger maintained solely in a computer network” merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims. Some additional elements amount to mere data gathering, which is a form of insignificant extra-solution activity (e.g. “receiving a wage payment information from an employer regarding an employee”, “receiving a copy of a digital public key uniquely associated with the employee”, “issuing a transaction … at a time of wage issuance, along with identity data … the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, and the identity data including information controllable by the employee to designate which level of the multi-level identity data can be accessed using a data level code and a digital signing key belonging to the employee” and “receiving … a designation that identifies a third party with a level of the identity data of the employee, enabling the third-party accessing the level of the identity data … using the data level code”.

Step 2B
The additional elements, taken individually and in combination, do not result in claim 18, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “Receiving or transmitting data over a network”, “Storing and retrieving information in memory”, “Creating output data” and “Determining an outcome” are well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amount to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 19-20 and 23 further recite (i.e., set forth or describe) the abstract idea of encrypting data and decrypting data. Each dependent claim as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Further, the additional elements in each dependent claim, taken individually and in combination, do not result in each dependent claim, as a whole, amounting to significantly more than the judicial exception. Therefore, the dependent claims are also not patent eligible.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a): 

(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:

The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-23 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. 

Lack of Algorithm
Claims 1, 15 and 18 recite “the identity data including information controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee”. The PGPub discloses “the identity data including information controllable by the employee to designate which level of the multi-level identity data can be accessed using a data level code and a digital signing key belonging to the employee” (see para 72). However, the PGPub is silent with respect to how this information is controllable by the employee. Therefore, this claim fails written description as Applicant has provided neither algorithm nor the steps/procedure taken in sufficient detail so that one of ordinary skill in the art would understand how Applicant’s intended function of “controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee” is to be performed. See MPEP 2161.01.
Claims 1, 15 and 18 recites “receiving … a designation … enabling the third-party to access …”. The PGPub discloses “a level of the multi-level identity data of the employee can be made available to a third party” (see para 72). However, the PGPub is silent with respect to a designation, silent with respect to an enabling function, and silent with respect to how this designation enables the third party to access. Therefore, this claim fails written description as Applicant has provided neither algorithm nor the steps/procedure taken in sufficient detail so that one of ordinary skill in the art would understand how Applicant’s intended function of “enabling” is to be performed. See MPEP 2161.01.
Claim 7 recites “using … and subsequently allowing the employer to decrypt the certain level of the identity data to give the employer control over the certain level of the identity data”. The PGPub discloses “and subsequently allowing the employer to decrypt the certain level of the multi-level identity data to give the employer control over the certain level of the multi-level identity data” (see para 74). However, the PGPub is silent with respect to how the employer is allowed to decrypt and silent with respect to how the employer is given control. Therefore, this claim fails written description as Applicant has provided neither algorithm nor the steps/procedure taken in sufficient detail so that one of ordinary skill in the art would understand how Applicant’s intended function of “allowing” and “give the employer control” are to be performed. See MPEP 2161.01.
Claims 21-23 recite “making … the decrypted level of the identity data available to the third party”. The PGPub discloses “a level of the multi-level identity data of the employee can be made available to a third party” (see para 72). However, the PGPub is silent with respect to how this level of the multi-level identity data is made available to the third party. Therefore, this claim fails written description as Applicant has provided neither algorithm nor the steps/procedure taken in sufficient detail so that one of ordinary skill in the art would understand how Applicant’s intended function of “making … available” is to be performed. See MPEP 2161.01.
Claims 2-14, 16-17 and 19-23 are also rejected as they depend from either claims 1, 15 or 18.

New Matter
Claims 1, 15, 18 and 21-23 recite “receiving … a designation that identifies a third party”. The PGPub discloses “a third party upon being identified with the data level code“ (see para 72). However, the PGPub is silent with respect to the receiving of a designation. New matter is added.
Claim 1, 15 and 18 recite “receiving … a designation … enabling the third-party to access …”. The PGPub discloses “a level of the multi-level identity data of the employee can be made available to a third party” (see para 72). However, the PGPub is silent with respect to a designation and silent with respect to an enabling function. New matter is added.
Claims 2-14, 16-17 and 19-23 are also rejected as they depend from either claims 1, 15 or 18.

The following is a quotation of 35 U.S.C. 112(b): 

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards his invention.

Claims 15-20 and 22-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Unclear Scope
Claim 15 is directed to a computer comprising claimed structure of a processor and a computer readable storage media storing computer code thereon. However, the claim recites limitations directed to “at least one server computer” (e.g. “receiving, by at least one server computer …”). As such, it is unclear whether the claims are solely directed towards the processor and a computer readable storage media storing computer code thereon, or a combination of the processor and a computer readable storage media storing computer code thereon with the at least one server computer. Therefore, the scope is unclear. See In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989) and MPEP 2173.02 (III)(B) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process.”
Claim 18 is directed to a computer readable storage media comprising computer code stored on the computer readable storage media. However, the claim recites limitations directed to “at least one server computer” (e.g. “receiving, by at least one server computer …”). As such, it is unclear whether the claims are solely directed towards the computer readable storage media comprising computer code stored on the computer readable storage media, or a combination of the computer readable storage media comprising computer code stored on the computer readable storage media with the at least one server computer. Therefore, the scope is unclear. See In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989) and MPEP 2173.02 (III)(B) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process.”
Claims 16-17, 19-20 and 22-23 are also rejected as they depend from either claims 15 or 18.

The following is a quotation of 35 U.S.C. 112(d): 

(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 22-23 are rejected under 35 U.S.C. 112(d) as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  

Claims 22-23 recite “receiving a designation that identifies a third party” and “decrypting the level of the identity data with the digital signing key”. However, these limitations contradict “receiving … a designation that identifies a third party” and “the level of the multi-level identity data, decrypted with the digital signing key” recited in claims 15 and 18, as the functionality is already performed. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-23 are rejected under 35 U.S.C. 103 as being unpatentable over Wright (US 2019/0050832 A1) in view of Ebrahimi (US 2016/0330027 A1) in view of Andrade (US 2019/0007402 A1).


Claims 1, 15 and 18:
Wright teaches:
a processor; a computer readable storage media storing computer code thereon, which when executed by the processor, causes the processor to perform the steps of; computer code stored on the computer readable storage media, which when executed by a processor, causes the processor to perform the steps of (Fig.12; para 203)
receiving, by at least one server computer, a wage payment information from an employer regarding an employee (paras 100-102)
receiving, by the at least one server computer, a copy of a digital public key uniquely associated with the employee (paras 103)
Wright does not teach:
issuing, by the at least one server computer, a transaction to a distributed ledger maintained solely in a computer network performing [at a time of] wage issuance, along with identity data encrypted with the digital public key, the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, the identity data including information controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee
receiving, by the at least one server computer, a designation that identifies a third party with a level of the identity data of the employee, enabling the third-party accessing the level of the identity data, decrypted with the digital signing key, using the data level code
Ebrahimi teaches:
issuing, by the at least one server computer, a transaction to a distributed ledger maintained solely in a computer network performing [at a time of] wage issuance, along with identity data encrypted with the digital public key (paras 38, 40-41, 56, 58-59)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wright with the teachings of Ebrahimi because combining prior art elements according to known methods to yield predictable results is obvious (see KSR).
Neither Wright nor Ebrahimi teach:
the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, the identity data including information controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee
receiving, by the at least one server computer, a designation that identifies a third party with a level of the identity data of the employee, enabling the third-party accessing the level of the identity data, decrypted with the digital signing key, using the data level code
Andrade teaches:
receiving, by the at least one server computer, a designation that identifies a third party with a level of the identity data of the employee (paras 15, 27, 50), enabling the third-party accessing the level of the identity data (paras 28, 51), decrypted with the digital signing key, using the data level code (paras 17, 28)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wright and Ebrahimi with the teachings of Andrade because combining prior art elements according to known methods to yield predictable results is obvious (see KSR). The limitation “the identity data uniquely associated with the employee, the identity data being multi-level identity data based on levels of data sensitivity, the identity data including information controllable by the employee to designate which level of the identity data can be accessed using a data level code and a digital signing key belonging to the employee” is nonfunctional descriptive material and thus, does not serve to differentiate the claim from the prior art. See MPEP 2111.05; In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994); Ex parte Nehls, 88 USPQ2d 1883 (BPAI 2008).

Claims 2, 16 and 19: 
Wright and Ebrahimi and Andrade teach all limitations of claims 1, 15 and 18. Andrade also teaches:
transmitting, by the at least one server computer, the signing key and the data level code to the employee (para 18)

Claims 3, 17 and 20: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1, 15 and 18. Andrade also teaches:
receiving, by the at least one server computer, the signing key and the data level code identifying a level of the identity data (paras 15, 27, 30-31, 47, 50, 52)
reading, by the at least one server computer, the level of the identity data from the distributed ledger (paras 28, 51)

Claim 4: 
Wright and Ebrahimi and Andrade teach all limitations of claim 3. Andrade also teaches:
receiving, by the at least one server computer, a decryption function using the signing key (paras 17, 28)
decrypting, by the at least one server computer, encrypted data using the signing key to form unencrypted data (paras 17, 28)
supplying, by the at least one server computer, the unencrypted data to a third party (paras 28, 51)

Claim 5: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1. Andrade also teaches:
using, by the at least one server computer, the identity data and a signing key associated with the public key verifying an identity of the employee (paras 50-52)

Claim 6: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1. Wright also teaches:
using, by the at least one server computer, the identity data and encrypting the identity data with the public key of the employer giving an employer control over access permission to the identity data (paras 34-41, 146; claims 21-22)

Claim 7: 
Wright and Ebrahimi and Andrade teach all limitations of claim 6. Wright also teaches:
using, by the at least one server computer, the identity data and encrypting a certain level of the identity data with the public key of the employer (paras 34-41, 146; claims 21-22)
Andrade also teaches:
subsequently allowing the employer to decrypt the certain level of the identity data giving the employer control over the certain level of the identity data (paras 17, 28)

Claim 8: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1. Wright also teaches:
the distributed ledger comprises a blockchain (paras 90)
Andrade also teaches:
associating, by the at least one server computer, the identity data with biometrics about the employee, the biometrics stored as hashed data on-chain (paras 20-22, 47)

Claim 9: 
Wright and Ebrahimi and Andrade teach all limitations of claim 8. Wright also teaches:
the on-chain data comprises any one of employment history, credentials, skills, appraisals, training, and personal information regarding the employee (paras 102, 127)

Claim 10: 
Wright and Ebrahimi and Andrade teach all limitations of claim 8. Wright also teaches:
associating, by the at least one server computer, the identity data with additional off-chain data about the employee (paras 102, 127)

Claim 11: 
Wright and Ebrahimi and Andrade teach all limitations of claim 10. Wright also teaches:
the additional off-chain data comprises any one of employment history, credentials, skills, appraisals, training, and personal information regarding the employee (paras 102, 127)

Claim 12: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1. Wright also teaches:
associating, by the at least one server computer, the identity data with off-chain data about the employee (paras 102, 127)

Claim 13: 
Wright and Ebrahimi and Andrade teach all limitations of claim 12. Wright also teaches:
the off-chain data comprises any one of employment history, credentials, skills, appraisals, training, and personal information regarding the employee (paras 102, 127)

Claim 14: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1. Wright also teaches:
the distributed ledger comprises a blockchain (paras 90)

Claim 21: 
Wright and Ebrahimi and Andrade teach all limitations of claim 1. Andrade also teaches:
making, by the at least one server computer, the decrypted level of the identity data available to the third party (paras 28, 51)

Claims 22 and 23: 
Wright and Ebrahimi and Andrade teach all limitations of claims 15 and 18. Andrade also teaches:
receiving a designation that identifies a third party with the data level code for a level of the identity data of the employee (paras 15, 27, 50)
decrypting the level of the identity data with the digital signing key (paras 17, 28)
making the decrypted level of the identity data available to the third party (paras 28, 51)

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Arastoo (Ari) Shahabi whose telephone number is (571)272-2565.  The examiner can normally be reached on M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Arastoo (Ari) Shahabi/Examiner, Art Unit 3685                                                                                                                                                                                                        
/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685