DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 03/09/2022.
Claims 1, 4, 7, 8, 11, 14, 15 and 18 are amended.
Claims 2, 9 and 16 are canceled.
Claims 1, 3-8, 10-15 and 17-20 are pending.
Claims 1, 3-8, 10-15 and 17-20 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant's arguments filed 03/09/2022 have been fully considered but they are not persuasive. 
101
The claims recite the steps of “receiving … a document… sending… the document… receiving …encrypted data…. decrypting the data…. verifying the data… encrypting… the verification result… and  sending the encrypted verification results….” The claim recites an abstract idea that is directed towards a mental process, in this case, a document is received, and sent, encrypted data is received, decrypted and verified and the result is sent. 

The claim does currently recite additional elements but these elements do not integrate the judicial exception into a practical application. 
In particular, the decrypting/encrypting step is a mathematical equation and depending on the simplicity of the encryption, the decryption can be a mental process, therefore the limitation is not an additional element that would integrate the abstract idea into a practical application. 
Additionally, from Applicant’s the disclosure there does not appear to be an encryption of the verification result using a public key of the service institution, even then the use of a key encode a message does not integrate the abstract idea into a practical application. The encryption/decryption of information are more geared towards security and the improvement of a process. “it is important to keep in mind that an improvement in the abstract idea itself (e.g. a recited fundamental economic concept) is not an improvement in technology. For example, in Trading Technologies Int’l v. IBG, 921 F.3d 1084, 1093-94, 2019 USPQ2d 138290 (Fed. Cir. 2019), the court determined that the claimed user interface simply provided a trader with more information to facilitate market trades, which improved the business process of market trading but did not improve computers or technology.” MPEP 2106.05(a) (II)
112
Due to Applicant’s amendments, prior 112 rejections are withdrawn.
103
Law teaches the newly added limitation
Law teaches encrypting, by the TEE based on asymmetric encryption, the verification result using the public key of the service institution; (¶ 44, 80, 120-122, 125-127, 132)
Claim Interpretation – According to the disclosure (¶ 116), “a result of execution of each smart contract can also be signed by using a private key that is properly stored in the TEE and corresponding to the smart contract. As such, it can be proved that a result is a result of execution of a specific contract in the off-chain privacy computing node… Only a corresponding public key can verify the signature, or if a corresponding public key cannot verify the signature, it cannot be proved that the result is an execution result of a corresponding contract. ”
Law - With respect to data-in-transit, the login network uses public keys associated with the various endpoints (with sufficient trusted attestation of the said public keys) to provide end-to-end encryption and integrity…. The verification system assembles the KYC results into a document, and the verification system embeds the public key1 into the document. It then signs the document using the verification system’s private key…The document is then encrypted using a hash or some other function, and the encrypted document is stored on the blockchain (block 615). One or more 3rd parties can access this information or portions of this information via verification system 201 , or it can obtain a verification of the Pll data, and take action with respect to the user. (¶ 44, 80, 120, 121)

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1, 3-8, 10-15 and 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. As described below, the claim(s) are/is directed to abstract idea(s), but there are no additional elements of the claim(s) that add sufficiently more to the abstract idea(s) to be permissible under 35 U.S.C. 101.

Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (101 Analysis: Step 1). Even if the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (101 Analysis: Step 2a (Prong 1), and if so, Identify whether there are any additional elements recited in the claim beyond the judicial exception(s), and evaluate those additional elements to determine whether they integrate the exception into a practical application of the exception. (101 Analysis: Step 2a (Prong 2). If additional elements does not integrate the exception into a practical application of the exception, claim still requires an evaluation of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. If the claim as a whole amounts to significantly more than the exception itself (there is an inventive concept in the claim), the claim is eligible. If the claim as a whole does not amount to significantly more (there is no inventive concept in the claim), the claim is ineligible. (101 Analysis: Step 2b). 
The 2019 PEG explains that the abstract idea exception includes the following groupings of subject matter: a) Mathematical concepts b) Certain methods of organizing human activity and c) Mental processes
Analysis
In the instant case, claim 1 is directed to a method, claim 8 is directed to an article of manufacture and claim 15 is directed to an article of manufacture.

101 Analysis: Step 2a (Prong 1) – Identifying an Abstract Idea
The claims recite the steps of “receiving … a document… sending… the document… receiving …encrypted data…. decrypting the data…. verifying the data… encrypting… the verification result… and  sending the encrypted verification results….” The claim recites an abstract idea that is directed towards a mental process, in this case, a document is received, and sent, encrypted data is received, decrypted and verified and the result is sent. 

101 Analysis: Step 2a (Prong 2) – Identifying a Practical Application
 The claim does currently recite additional elements but these elements do not integrate the judicial exception into a practical application. 
In particular, the decrypting/encrypting step is a mathematical equation and depending on the simplicity of the encryption, the decryption can be a mental process, therefore the limitation is not an additional element that would integrate the abstract idea into a practical application. 
Furthermore, the first verification step appears to be remote to the scope of the claims and the broadly claimed verifying of the decrypted data could be the mental process of comparing information. Applicant’s limitations are the automation of the abstract idea. Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 134 S.Ct. at 2356 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)). Mere instructions to apply the exception using generic computer components and limitations to a particular field of use or technological environment do not amount to practical applications.

101 Analysis - Step 2b
Viewed as a whole, instructions/method claims recite the concept of mental process as performed by a generic computer. The method claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Instead, the claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer. The dependent claims recite further steps like the sending and receipt of information, ex see claims 2, 5, 6 and their similar dependent claims. Claims 3, and 4 and their similar dependent claims further describe the limitations of claim 1.  And claims 7 and 14 recite “invoking… a smart contract”. According to the disclosure (¶ 107), “A user can deploy and invoke a smart contract by using the EVM in Ethereum. In the deployment phase, the user can send a transaction for creating a smart contract to Ethereum… In the invoking phase, a user (which can be the same or different from the user deploying the smart contract) sends a transaction used to invoke a smart contract to the Ethereum network, where the from field of the transaction is an address of an external account corresponding to the user, the to field is a contract address of the smart contract that needs to be invoked, and the data field includes a method and a parameter for invoking the smart contract… After consensus is reached between the nodes by using the consensus mechanism, the smart contract invoked.”  The process of invoking a smart contract starts with the sending of transaction. The sending of information is an insignificant extra-solution activity. See Alice Corp. Pty. Ltd., 134 S.Ct. at 2360. 
Additionally, from Applicant’s the disclosure there does not appear to be an encryption of the verification result using a public key of the service institution, even then the use of a key encode a message does not integrate the abstract idea into a practical application. The encryption/decryption of information are more geared towards security and the improvement of a process. “it is important to keep in mind that an improvement in the abstract idea itself (e.g. a recited fundamental economic concept) is not an improvement in technology. For example, in Trading Technologies Int’l v. IBG, 921 F.3d 1084, 1093-94, 2019 USPQ2d 138290 (Fed. Cir. 2019), the court determined that the claimed user interface simply provided a trader with more information to facilitate market trades, which improved the business process of market trading but did not improve computers or technology.” MPEP 2106.05(a) (II)
Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment. 
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. 
Dependent claims do not resolve the deficiency of independent claims and accordingly stand rejected under 35 USC 101 based on the same rationale.
Dependent claims 3-7, 10-14 and 17-20 are rejected.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 3-8, 10-15 and 17-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 1, 8 and 15 recite “ encrypting, by the TEE based on asymmetric encryption, the verification result using the public key of the service institution… and sending, from the TEE to the service institution, the encrypted verification result to be decrypted based on a private key corresponding to the public key of the service institution” According to the disclosure (¶ 37, 48, 74, 81, 83, 92, 102, 116), “If asymmetric encryption is used, that is, an encryption key and a decryption key are two different but corresponding keys, one is a public key for encryption, and the another is a private key for decryption, generally, the sales agency can encrypt the user ID in the verification result by using a public key of the financial institution, and then send the user ID to the financial institution, so the financial institution decrypts the user ID by using a corresponding private key… the second smart contract can be executed, so as to perform KYC verification based on the basic data, for example, perform matching on the decrypted user data, so as to obtain a verification result… , the matching result is, for example, {user ID, KYC result}, and the KYC result is, for example, passed or failed. That the privacy computing platform sends the matching result to the financial institution … generally, the first institution can encrypt the user ID in the verification result by using a public key of the second institution, and then send the user ID to the second institution, so the second institution decrypts the ID by using a corresponding private key.” The specification repeatedly explains that the user data is encrypted and decrypted. The user data and verification result are not the same information. Encrypting one does not mean the other is also encrypted. The disclosure does not provide support for an encrypted verification result, much more, does not provide support for encrypting, by the TEE based on asymmetric encryption, the verification result using the public key of the service institution… and sending, from the TEE to the service institution, the encrypted verification result to be decrypted based on a private key corresponding to the public key of the service institution. Dependent claims 3-7, 10-14 and 17-20 are rejected.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-8, 10-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Andrade (US 10,484,178) (“Andrade”), and further in view of Law (WO 2020092351) (“Law”). 
Regarding claims 1, 8 and 15, Andrade discloses receiving, in a trusted execution environment (TEE) deployed on a blockchain node from a service institution, a distributed digital identity (DID) of the service institution and a corresponding DID document, wherein the corresponding DID document comprises a key of the service institution (column 5, line 64-67, column 6, line 1-3, 38-48, column 10, line 11-18, column 13, line 22-32, column 15, line 10-67, column 16, 11-59);
Andrade - The receiving verified documents component 108 may be configured to receive from a first entity, at a blockchain or trust utility, information related to one or more verified first documents. The verified first documents maybe those documents associated with a first user (individual). The first entity may include of an, institution, business, company, and/or other entities… One or more documents 206 may be encrypted using, for example, an entity key to provide unique access. (column 5, line 64-67, column 6, line 1-3, column 10, line 11-18)

sending, from the TEE to a service provider, the corresponding DID document (column 6, line 49-67, column 10, line 11-38, column 14, line 1-17column 19, line 29-67);
Andrade - n some implementations, blockchain or trust utility 202 may receive from a second entity 208 a request for the information related to the verified documents 206 associated with the first user. . . blockchain or trust utility 202 may receive a decision (approval or denial) from the first user, regarding the request for the information related to the verified documents associated with the first user… The request is then sent by server 712 along path #4 to the user 750, with the “requester verification address” of company B, for approving company B's request for the user's ID proof document.  (column 10, line 11-38, column 19, line 29-64)

in response to that the information of the service institution in the corresponding DID document has been verified by the service provider(column 5, line 56-67, column 16, line 6-31), 
Andrade - Company A's computer system receiving Company B's request may check the IP address of the computer system from which the request was received to ensure that the checked IP address is on a list of authorized IP addresses in Company A's database (e.g., by verifying that the checked IP address is the same as an authorized IP address associated with Company B). (column 16, line 6-31)

receiving, in the TEE from the service provider, encrypted user basic data corresponding to a user identity (ID), wherein the encrypted user basic data is encrypted by the service provider (column 5, line 56-67, column 9, line 1-67, column 10, line 19-24, column 17, line 1-19, 53-67); 
Andrade - System 100 may be configured to receive one or more identifiers in connection with one or more requests to verify an identity of one or more individuals. For example, the first identifier may be received in connection with a request to verify an identity of the first individual… n some implementations, blockchain or trust utility 202 may receive from a second entity 208 a request for the information related to the verified documents 206 associated with the first user. One or more documents 206 may be encrypted using, for example, an entity key to provide unique access. (column 9, line 14-22, column 10, line 19-24)

decrypting, in the TEE, the encrypted user basic data (column 9, line 23-29, column 18, line 10-38; claim 7, 9); 
Andrade - System 100 may be configured to extract the biometric data associated with the one or more individuals from the corresponding verification addresses. For example, the first biometric data associated with the first individual may be extracted from the first verification address. Extracting Information(e.g., biometric data) from a verification address may include decrypting information.(column 9, line 23-29)

verifying, by the TEE, decrypted user basic data to obtain a verification result indicating whether the user ID is verified; and (column 9, line 58-65, column 10, line 48-67, column 18, line 10-38)
Andrade - According to some implementations, system 100 may be configured such that, responsive to receiving the request to verify the identity of the first individual, a prompt may be provided to the first individual for biometric data matching the first biometric data and a private key matching the first private key. (column 9, line 58-65)

sending, from the TEE to the service institution, the verification result (column 10, line 25-37, column 16, line 32-59, column 18, line 1-67).  
Andrade -  system 100 may give (grant) or deny access to the first user. If the request for the information is approved by the first user, access may be given by blockchain or trust utility 202 for second entity 208 to obtain access to the information. (column 10, line 25-37)

Andrade does not disclose wherein the corresponding DID document comprises a public key of the service institution; in response to that the public key of the service institution in the corresponding DID document has been verified by the service provider  encrypting, by the TEE based on asymmetric encryption, the verification result using the public key of the service institution; sending, from the TEE to the service institution, the encrypted verification result to be decrypted based on a private key corresponding to the public key of the service institution.

Law teaches wherein the corresponding DID document comprises a public key of the service institution; in response to that the public key of the service institution in the corresponding DID document has been verified by the service provider,  (¶ 44, 120, 122, 125-127, 132)
Law - The verification system assembles the KYC results into a document, and the verification system embeds the public key1 into the document. It then signs the document using the verification system’s private key …This digitally signed authentication payload is sent to the verification system in operation 214 that verifies the signature with the public key retrieved from the blockchain (operation 215) and writes the results to the blockchain (or sidechain) as necessary.. (¶ 44, 120)

encrypting, by the TEE based on asymmetric encryption, the verification result using the public key of the service institution; (¶ 44, 80, 120-122, 125-127, 132)
Claim Interpretation – According to the disclosure (¶ 116), “a result of execution of each smart contract can also be signed by using a private key that is properly stored in the TEE and corresponding to the smart contract. As such, it can be proved that a result is a result of execution of a specific contract in the off-chain privacy computing node… Only a corresponding public key can verify the signature, or if a corresponding public key cannot verify the signature, it cannot be proved that the result is an execution result of a corresponding contract. ”
Law - With respect to data-in-transit, the login network uses public keys associated with the various endpoints (with sufficient trusted attestation of the said public keys) to provide end-to-end encryption and integrity…. The verification system assembles the KYC results into a document, and the verification system embeds the public key1 into the document. It then signs the document using the verification system’s private key…The document is then encrypted using a hash or some other function, and the encrypted document is stored on the blockchain (block 615). One or more 3rd parties can access this information or portions of this information via verification system 201 , or it can obtain a verification of the Pll data, and take action with respect to the user. (¶ 44, 80, 120, 121)

sending, from the TEE to the service institution, the encrypted verification result to be decrypted based on a private key corresponding to the public key of the service institution(¶ 44, 80, 120-122, 125-127, 132)
Law - With respect to data-in-transit, the login network uses public keys associated with the various endpoints (with sufficient trusted attestation of the said public keys) to provide end-to-end encryption and integrity… the process continues to block 616, where the verification system submits the Pll and public key1 to the one or more multiple KYC providers. At block 617, the one or multiple KYC providers assemble the KYC results into a document, and then embed the public key1 in the document…The verification system 201 sends the date of birth of a person to a first KYC provider and a second KYC provider. If both KYC providers verify the data, then the session proceeds.  (¶ 80, 122, 123)

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Andrade and Law in order to provide strong user authentication using a decentralized computing system (Law; ¶ 2-4).
Regarding claims 3, 10 and 17, Andrade discloses wherein the user ID comprises an account registered by a user at the service provider or assigned to the user by the service provider in response to an operation initiated by the user at the service provider (column 4, line 23-35, column 7, line 7-67, column 8, line 57-67, column 1, line 1-10).  
Regarding claims 4, 11 and 18, Andrade discloses wherein a data sharing request is sent from the service institution to the service provider by using the TEE (column 6, line 49-67, column 18, line 1-67, column 19, line 1-28).  
Regarding claims 5, 12 and 19, Andrade discloses receiving, by the TEE from the service institution, the data sharing request by invoking a smart contract; and sending, from the TEE to the service provider, the data sharing request (column 3, line 66-67, column 4, line 1-22, 55-67, column 6, line 49-67, column 10, line 1-18, column 20, line 1-67).  
Regarding claims 6, 13 and 20, Andrade discloses deploying, at the TEE, a smart contract; receiving, from the service institution at the TEE, an invoking request by using the smart contract, wherein the invoking request triggers the TEE to send the data sharing request; and in response to receiving the invoking request, sending, from the TEE to the service provider, the data sharing request (column 6, line 49-67, column 13, line 22-42, column 17, line 1-26).  
Regarding claims 7 and 14, Andrade discloses wherein obtaining the encrypted user basic data corresponding to the user ID comprises: receiving, by the TEE deployed on the blockchain node, a transaction initiated by the service provider; and in response to receiving the transaction, invoking, by the TEE deployed on the blockchain node, a smart contract deployed in the TEE, wherein parameters in the transaction comprise the user ID and the encrypted user basic data (column 9, line 1-67, column 10, line 1-18, column 13, line 22-42, column 17, line 1-26).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094.  The examiner can normally be reached on Monday-Friday 9:00 am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA PATEL can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ILSE I IMMANUEL/Primary Examiner, Art Unit 3685