DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to applicant’s correspondence of 02/28/2022.    

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/28/2022 has been entered.
 
Response to Arguments
Applicant's arguments filed on 02/28/2022 have been fully considered but they are not persuasive. In the Arguments/Response filed on 02/28/2022 (hereafter Response) Applicant disputes rejection of the limitations of claims 1 – 6 in order to overcome the prior art rejection under 103 presented in the Office Action on 08/27/2021 (hereafter OA). 
On p. 6 of the Response Applicant argues that Savanah teaches away from returning the data to the user 23 (i.e. the vendor). Savanah further teaches away from returning a package of verification data to the user 23 (vendor) because Savanah utilizes a distributed network to securely store the data for later retrieval by user 24 (the buyer). The point of a distributed network is that data cannot be modified once entered onto the network, and therefore users 23 can be assured that the verification data of user 24 is correct, and user 24 can be assured that the data (D1) is correct. Modifying Savanah to return the data (D1) to the user 23 to subsequently send to user 24 would therefore remove this security, and so would not be considered by a skilled person.
Examiner respectfully disagrees. Rejection of the limitation of ‘without retaining the verification data on the server’ is relied upon Kurani (Kurani, in col. 4, ll. 6 – 8 discloses “Upon receiving approval from the individual, the identity verification computing system may return an identity verification message to the entity.”). Data packets in Kurani may be processed by a system comprising a processor communicating with the random access memory (RAM). (Kurani, in col. 4, ll. 27 – 30 discloses “The memory may be one or more devices (e.g., RAM, ROM, Flash memory, hard disk storage, etc.) for storing data and/or computer code for completing and/or facilitating the various processes described herein”). It is understood that storage and deletion of numerical information in RAM (i.e., not retaining data in the memory upon completion the data processing) are standard well documented operations of a computer system and could not be considered as limitation.
Rejection of the limitation ‘returning a package of the verification data to the user (2)’ is relied upon new ground of rejection.
On p. 7 of the Response Applicant further argues that Savanah does not teach ‘using that package to confirm the identity of the user by reference to the cryptographic hash’
Examiner respectfully disagrees. The cited limitation represents the central point of the inventive concept as disclosed in the claim 1, i.e. an identification process based on a comparative numerical analysis of user’s personal information (i.e. original identification data) ‘by reference to the cryptographic hash’. In other word, the identification is suggested to be processed referring not to the original data but to the relevant hash values. This limitation is explicitly taught by Savanah: i.e. obtaining hash values H1, H2 and key-pairs PU2, P2 stored in the distributed hash table (DHT) and verifying data identity/ownership based on comparison of encrypted values (Savanah, in Para. [0075] discloses “the data (D1) may comprise information that identifies the vendor of the computer software. This may include personal details such as name, address, contact details or a public key associated with the vendor.” Savanah, in Para. [0075] discloses “the method 100 further includes determining 120 a first hash value (H1) of the computer software.” Savanah, in Para. [0081] discloses “the second hash value (H2) may be determined based on the hash of the concatenation of the data (D1)” Savanah, in Para. [0075] discloses “For the second hash value (H2) to be the key of a key-value pair in the DHT 13, and the data (D1) and the first hash value (H1) to be the value in the key-value pair, the key and value are sent to any participating node of the DHT 13.” Savanah, in Para. [0139] discloses “the identifier may be included in the value field of the message put (key, value) and sent to a participating node in the DHT 13” Savanah, in Para. [0160] discloses “verifying 640 the ownership of the computer software based on the comparing of the second user public key (PU2) and the second public key (P2)”).
Other arguments discussed in the Remarks are moot in view of new ground of rejection for claims 1 – 6.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 5, 6 are rejected under 35 U.S.C. under 112d or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Claim(s) 5, 6 fail(s) to include all of the limitations of the claim upon which it depends.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 6 are rejected under 35 U.S.C. 103 as being unpatentable over Savanah et al. (US 2019/0163883 A1) (hereafter Savanah), in view of Buldas et al. (US 2014/0245020), and in view of Kurani et al. (US 10298396) (hereafter Kurani).

Regarding claim 1 Savanah teaches: A method of establishing user identity, the method comprising the steps of: forwarding verification data from a user to a server (Savanah in Para. [0014] discloses “The invention may provide a computer-implemented control and verification method/system.”); creating a cryptographic hash of the verification data (Examiner note: the verification data comprise license, as stated on p.2, in 2d paragraph; a hash value is generated by a cryptographic process, therefore a cryptographic hash is met by a hash) (Savanah in Para. [0073] discloses “the identifier of the licence may comprise a cryptographic hash of the contents of the licence.”); 
[returning a package of the verification data to the user] (Buldas) 
[without retaining the verification data on the server] (Kurani)
and subsequently, using that package to confirm the identity of the user by reference to the cryptographic hash (Examiner note: a hash value is generated by a cryptographic process, therefore a cryptographic hash is met by a hash; the limitation is met by obtaining hash values H1, H2 and key-pairs PU2, P2 stored in the distributed hash table (DHT) and verifying data identity/ownership based on comparison of encrypted values) (Savanah in Para. [0083] discloses “The additional information may further comprise a device identifier of a device associated with the first node 3, second node 7, first user 23 or second user 24…the device identifier may comprise a hash value” Savanah, in Para. [0075] discloses “the data (D1) may comprise information that identifies the vendor of the computer software. This may include personal details such as name, address, contact details or a public key associated with the vendor.” Savanah, in Para. [0075] discloses “the method 100 further includes determining 120 a first hash value (H1) of the computer software.” Savanah, in Para. [0081] discloses “the second hash value (H2) may be determined based on the hash of the concatenation of the data (D1)” Savanah, in Para. [0075] discloses “For the second hash value (H2) to be the key of a key-value pair in the DHT 13, and the data (D1) and the first hash value (H1) to be the value in the key-value pair, the key and value are sent to any participating node of the DHT 13.” Savanah, in Para. [0139] discloses “the identifier may be included in the value field of the message put (key, value) and sent to a participating node in the DHT 13” Savanah, in Para. [0160] discloses “verifying 640 the ownership of the computer software based on the comparing of the second user public key (PU2) and the second public key (P2)”).
Savanah fails to explicitly teach: returning a package of the verification data to the user
Buldas from the analogous technical field teaches: returning a package of the verification data to the user (Examiner note: verification data package is met by the signature vector 8000 and key-based signed certificate) (Buldas, in Para. [0112] discloses “The core may return the data signature vector 8000 to clients and/or other layers directly” Buldas, in Para. [0119] discloses “it would also be possible to implement an option, whenever a client submits an authentication registration request, to generate and return not only the data signature vector but also a key-based signed certificate, which may be issued by any higher layer system such as the current gateway, aggregator, or even core.”). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Savanah, in view of the teaching of Buldas which discloses returning the verification/authentication package to the client/user in order to better organize the verification process (Buldas, [0112, 0119]).
Savanah, as modified by Buldas fails to explicitly teach: without retaining the verification data on the server
Kurani from the analogous technical field teaches: without retaining the verification data on the server (Examiner note: Data packets in Kurani may be processed by a system comprising a processor communicating with the random access memory (RAM). It is understood that storage and deletion of numerical information in RAM (i.e., not retaining data in the memory upon completion the data processing) are standard well documented operations of a computer system and could not be considered as limitations.) (Kurani, in col. 4, ll. 27 – 30 discloses “The memory may be one or more devices (e.g., RAM, ROM, Flash memory, hard disk storage, etc.) for storing data and/or computer code for completing and/or facilitating the various processes described herein” Kurani, in col. 11, ll. 50 – 54 discloses “Such machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer or other machine with a processor. By way of example, such machine-readable media can comprise RAM, ROM, EPROM, EEPROM, CD-ROM”). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Savanah, as modified by Buldas, in view of the teaching of Kurani which discloses processing the verification data without keeping the data on a server in order to better organize and accelerate the verification process (Kurani, [col. 4, ll. 27 – 30, col. 11, ll. 50 – 54]).

Regarding claim 2 Savanah, as modified by Buldas and Kurani, teaches: The method according to claim 1, wherein the cryptographic hash is recorded in a distributed ledger (Savanah in Para. [0036] discloses “The present disclosure generally relates to methods and systems for utilising a distributed hash table and a peer-to-peer (P2P) distributed ledger, such as the Bitcoin blockchain”. Savanah in Para. [0065] discloses “The method 100 also includes determining 150 a metadata (M) that is based on the second hash value (H2) for inclusion on the peer-to-peer distributed ledger 14.”).

Regarding claim 3 Savanah, as modified by Buldas and Kurani, teaches: The method according to claim 2, wherein the distributed ledger is a blockchain (Savanah in Para. [0044] discloses “As is well known in the art, the blockchain is a transaction type ledger of database where storage capacity is distributed across networked nodes”). 

Regarding claim 4 Savanah, as modified by Buldas and Kurani, teaches: The method according to claim 2, wherein the distributed ledger is a distributed hash table (Savanah in Para. [0044] discloses “The method may comprise using a distributed hash table and a peer-to-peer distributed ledger (blockchain).”).

Regarding claim 5, claim 5 discloses a system that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 5 and rejected for the same reasons.

Regarding claim 6, claim 6 dependent on claim 5 discloses a system that is substantially equivalent to the method of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 6 and rejected for the same reasons.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431                                                                                                                                                                                                        



/TRANG T DOAN/Primary Examiner, Art Unit 2431