Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The communication received on 12/13/21 has been entered.

Response to Arguments/Amendments

In light of Amendment and applicant’s arguments the objections to claim 9 and the 35 USC § 112 rejection of claims 3 and 13 are withdrawn.
Additionally, the examiner acknowledges applicant’s attempt to address the specification issue.  Applicant’s amendment removed “https://” portions of the hyperlinks leaving the remaining parts of the strings.  Although the remaining string could be interpreted by a browser as a hyperlink or, in other words, from the point of view of the browser the remaining strings could be equated to the hyperlinks, the examiner consulted MPEP that expressly provides the reason of the hyperlinks being precluded in the specification: 
“When a patent application with embedded hyperlinks and/or other forms of browser-executable code issues as a patent (or is published as a patent application publication) and the patent document is placed on the USPTO Web page, when the patent document is retrieved and viewed via a Web browser, the URL is interpreted as a valid HTML code and it becomes a live web link. When a user clicks on the link with a mouse, the user will be transferred to another Web page identified by the URL, if it exists, which could be a commercial website. USPTO policy does not permit the USPTO to link to any commercial sites since the USPTO exercises no control over the organization, views or accuracy of the information contained on these outside site”
Clearly, placing just the string (within a document) without (the removed) “https://” would not cause the issue (described in the MPEP) when the document was to be published as currently amended.
Consequently, the amendment is accepted and the objection to the specification is withdrawn.
Applicant's arguments as pertaining to the art rejection have been considered they were not found persuasive. Specifically:

Argument I
French does not teach or suggest generating and storing a verification attribute that indicates "that sensor data of a biological feature of [a] user detected by [a] mobile device has been matched to information characterizing biological features of the user," let alone providing such a verification attribute to a requester with other data attributes associated with the user, as is required in Claim 1.  French describes the general concept of sending signed information in messages to verify the identity of the sender and sending a cryptographic signature of a user with a message to verify the identity of the sender to the receiving entity. (See French, paras. 228-30 and 244-255.)

Response I
The argued limitations were not addressed by French’s teaching.  Applicant is reminded that in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Argument II
Govindarajan does not describe generating or storing any verification attributes that can later be retrieved based on a match between sensor data and stored biological information, as is required in Claim 1.
Govindarajan is directed to a method of user identification and payment that is concerned with keeping as much private and confidential information as possible protected, and not providing such information to a third party (para 2-3 and 12-13), where a unique unidentifiable payment token is transmitted to a merchant to make a payment after verifying a user's identity based on captured biometric information of the user matching stored biometric information (para 2-3 and 12) and upon verifying the identity of a user for a purchase, a payment token is transmitted to a merchant.

Response II
The examiner was unable to find the argued limitation within the claim 1, or any other claims.  Thus, it appears that applicant argues the intended meaning of the claims rather than the actual required limitations.
In case applicant requests any additional clarification of Govinadarajan’s teaching, applicant should expressly provide the exact limitation that was rejected over this prior art with the support of any alleged deficiencies. 

Argument III
A person of ordinary skill in the art would not be motivated to combine French 
and Govindarajan because if Govindarajan were to store a verification attribute that could be used for future identity verification in the same manner as recited in Claim 1, a hacker could simply retrieve the verification attribute to spoof the identity of the user for a transaction, rendering Govindarajan unsatisfactory for its intended purpose.

Response III
It is not clear whether applicant overlooked that the examiner suggested that including French’s teaching into Govindarajan or whether applicant failed to appreciate the value of including verification data such as digital signature taught by French.
While a skilled artisan would readily appreciate various benefit of such verification data (non repudiation, integrity etc.), as indicated in the rejection it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include French teaching into Govinadrajan given the benefit of security and integrity.


Argument IV
Govindarajan teaches away from combining French with Govindarajan to 
render the features of Claim 1 obvious.  This is because in Govindarajan "a user does not need to provide confidential information" to a merchant (para 15) and including the 

Response IV
The above argument seems to repeat, although in different words with different ending, the previously stated argument.  Consequently, the examiner directs applicant’s attention to the response to the previous argument.

Claims 1-20 are pending.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2,  7, 9-11 and 14-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Govindarajan (USPUB 20180005244) in view of Stallings (William Stallings, “Cryptography and Network Security: Principles and Practice (5th Edition), ISBN-10: 0136097049, 1/10) and French (USPUB 20160292676).
As per claims 1-2,  7, 9-11 and 14-15, Govindarajan teaches a method for securely communicating data, the method comprising the steps of: initiating a secure communication between a mobile device comprising one or more processors executing instructions stored in memory, and a requester 
Govindarajan does not teach initiating the secure communication using a cryptographic key; however, such solution would have been obvious to one of ordinary skill in the art of computing before the effective filling date of the invention as illustrated by Stallings (see various session establishment schemes involving key exchange between two communicating parties enabling encrypted channel 
Additionally, Govindarajan as modified teaches that the data indicating that sensor data of a biological feature of the user detected by the mobile device has been matched to the information characterising the biological feature of the user provided to the requestor and; generated from one or more data items of a physical token issued to the user, the one or more data items including information characterising a biological feature of the user and communicated to other communication party (the requestor) includes only data attributes and not verification data.  However, including data with verification data would have been obvious to one of ordinary skill in the art before the effective filling date of the invention as illustrated by French (the items of information with signature (signed information) sent to POS, para 228-230 and 244-255, for example).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include French’s teaching into Govindarajan as modified given the benefit of security and integrity.
Furthermore, Govindarajan as modified teaches the step of initiating the secure communication between the mobile device and the requester uses a cryptographic key to verify the identity of the requester (Govindarajan: the user device provides the merchant device a corresponding payment token that is transmitted to the merchant device and provides a payment form a user account to the merchant, para 34, 54, etc., Govindarajan: chapters 16-17 and 19, for example, e.g. Fig. 16.6, pg. 496, Fig. 17.18, pg. 556, etc.  See the motivation to combine above), the information 
As per claims 16 and 19-20, Govindarajan teaches a mobile device comprising one or more processors; one or more sensors configured to generate sensor data; and memory storing computer-executable instructions (see user device 102 in Fig. 1 and 2 and the associated text) that enable the mobile device reading one or more data items from a physical token issued to the user, the one or more data items including information characterising a biological feature of the user and one or more data attributes associated with the user and received from the external source; detecting the biological feature of the user using one or more sensors of the mobile device to generate sensor data; determining a match between the sensor data and the information characterising a biological feature of the user; after determining the match, generating a verification attribute, wherein the verification attribute indicates that the sensor data of the biological feature of the user detected by the mobile 
Govindarajan does not but French suggests generating the verification attributes that are separate from (provided separately) with the data (the items of information with signature (signed information) sent to POS, para 228-230 and 244-255, for example).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include French’s teaching into Govindarajan given the benefit of security and integrity. 
Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Govindarajan in view of Stallings and French, and further in view of Paczkowski (USPN 10951615).
While a skilled in the art of identity documents would readily appreciate that the attributes such as passports, credit cards or identity cards have at least expiration dates and that they have numbers representing data attributes, including an identifier of the external organization and/or cryptographic signature of the external organization (for example, industry identifier and bank identification number in the credit card numbers). Furthrmore, Govindarajan as modified teaches retrieving the stored data describing the one or more data attributes, including an identifier of the external organization and/or cryptographic signature of the external organization and Govindarajan as modified also teaches retrieving the stored cryptographic key used 
Govindarajan as modified does not, but Paczkowski teaches the storing in the distributed leger (col. 1 line 55-col. 2 line 28).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include the known technique of storing as taught by Paczkowski into Govindarajan as modified invention given the benefit of efficiency/reliability.
Claims 6 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Govindarajan in view of Stallings and French, and further in view of Wong (USPUB 20170178237).
Govindarajan as modified teaches requests and response transactions as discussed above.
Govindarajan as modified does not teach storing these transactions within the distributed ledger.  However, such storing would have been obvious to one of ordinary skill in the art before the effective filling date of the invention as illustrated to .
Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Govindarajan in view of Stallings and French, and further in view of Moshal (USPUB 20140316991).
Govindarajan as modified teaches initiating the secure communication between a user of a mobile device and a requester further including the cryptographic key of the user and/or a cryptographic key of the requester.  
Govindarajan as modified does not teach displaying by the device to the requester and/or by the requester to the device graphical representation of data that includes the cryptographic key.  However, Moshal teaches such solution (scanning QR code to recover the encryption key to encrypted data to be transmitted to the merchant, para 133).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include Moshal’s teaching into Govindarajan’s as modified invention given the benefit of usability.
Claims 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Govindarajan in view of Stallings and French, and further in view of Haldenby (USPN 10284378).
As discussed above Govindarajan as modified teaches communication of the verification attribute. Furthermore Govindarajan as modified teaches storing a cryptographic key of the user for securing communication (e.g. 56-57) cryptographic key stored in a distributed ledger (a controlling entity maintaining, updating and revoking various public/private keys stored on the distributed ledger (col. 4 lines 55-59).  It would have been obvious to one of ordinary skill in the art before the effective 
Furthermore, Official Notice is taken that having the distributed ledger based on a blockchain, stored as a hashgraph and/or stored as a non-linear structure based on directed acyclic graphs would have been old and well known before the effective filling date of the invention in the art of distributed ledgers given the benefit of customization and/or predictable benefit of providing reliable and secure storage.

Conclusion

Allowable Subject Matter
Claim 12 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840.  The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PIOTR POLTORAK/Primary Examiner, Art Unit 2433