DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the filed claim set dated 04/28/2022.
Claim 19 of the original claims was previously withdrawn by Applicant due to a restriction requirement, and Applicant elected to prosecute claims 1 - 18 and 20 - 23 of said original claims.

Claim 24 was later added as a new claim to the claim set.
Claims 1 - 4, 7, 9, 13, 18, 20, and 23 have been amended by Applicant.
Claims 5 - 6, 8, 10 - 12, 14 - 17, and 21 - 22 remain as original.
Claims 1 - 18 and 20 - 24  are pending and have been examined.
THIS ACTION IS MADE FINAL.

Response to Arguments
The prior Objection as to the drawings (Fig. 1 - Fig. 6) is withdrawn due to Applicant's arguments and doings.
Applicant argues per 35 USC 101 that the application is not directed to an abstract idea. Remarks 7 - 8. Examiner respectfully disagrees. The abstract idea previously set forth still stands, and is:
using biometric and other authorizations for validating transactions.
Examiner disagrees with Applicant's narrow reading of express examples of abstract ideas. The category of abstract ideas regarding "commercial interactions" is potentially infinite, assuming that they fall within the correct context, and the category is otherwise not necessarily limited to those express examples set forth in the 2019 PEG which act in part as guideposts. Here, we are authenticating a user so that user can potentially make a monetary transaction. This is quite enough to encompass the above referenced abstract idea. The said idea is simply automated by the computer without more.
Applicant argues per 35 USC 101 that the application provides an improvement to the functioning of a computer. Remarks 8. Applicant argues in this vein however quite generally that computer security is improved by the use of validation. Remarks 8. How so?  No facts support this argument. Every computer driven transaction between users has some form of verification so that users will know where and from whom money is flowing.
Due to Applicant's arguments and amendments, examiner has remapped the claim set as amended utilizing different art.  The claims are now primarily rejected per 35 USC 102, with the remainder of claim(s) rejected per 35 USC 103.  As such, Applicant's  arguments as to 35 USC 103 address an irrelevant combination of citations no longer utilized, and the argument is therefore moot (this also includes any argument pertaining to new claim 24).
Generally as to obviousness, examiner submits that it is determined on the basis of the evidence as a whole and the relative persuasiveness of the arguments. See In re Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992); In re Hedges, 783 F.2d 1038, 1039, 228 USPQ 685,686 (Fed. Cir. 1992); In re Piasecki, 745 F.2d 1468, 1472, 223 USPQ 785,788 (Fed. Cir. 1984); and In re Rinehart, 531 F.2d 1048, 1052, 189 USPQ 143,147 (CCPA 1976). Using this standard,  examiner submits that the burden of presenting a prima facie case of obviousness was successfully established in the prior Office Action of 10/28/2021, and also respecting the pending amended claim set of 04/28/2022, as seen below.
Examiner further recognizes that references cannot be arbitrarily altered or modified, and that there must be some reason why a person having ordinary skill in the relevant art would be motivated to make the proposed modifications. Although the motivation or suggestion to make modifications must be articulated, it is respectfully submitted that there is no requirement that the motivation to make modifications must be expressly articulated within the references themselves. References are evaluated by what they suggest to one versed in the art, rather than by their specific disclosures, In re Bozek, 163 USPQ 545 (CCPA 1969).
Examiner also notes that the motivation to combine the applied references is, where appropriate in the below detailed analysis pursuant to 35 USC 103, additionally accompanied by select passages from the respective references which specifically support that particular motivation. It is also respectfully submitted that motivation based on the logic and scientific reasoning of one ordinarily skilled in the art at the time of the invention, which evidence can also support a finding of obviousness, is otherwise provided in the detailed 35 USC 103 analysis of the claim set below.  In re Nilssen, 851 F.2d 1401, 1403, 7 USPQ2d 1500, 1502 (Fed. Cir. 1988) (references do not have to explicitly suggest combining teachings); Ex parte Clapp, 227 USPQ 972 (Bd. Pat. App. & Inter. 1985) (examiner must present convincing line of reasoning supporting rejection); and Ex parte Levengood, 28 USPQ2d 1300 (Bd. Pat. App. & Inter. 1993) (reliance on logic and sound scientific reasoning).
Examiner recognizes that obviousness can only be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to a person of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims  1 – 18 and 20 - 24 are rejected pursuant to 35 USC 101 because the claimed invention is directed to an abstract idea without significantly more.

Claims 1 - 18 and 24 are directed to a method (process),  and claims 20 - 23  are directed to a system (machine). The independent claims above referenced are directed to eligible statutory categories of invention pursuant to 35 USC 101. (Step 1: YES, the independent claims all fall within a statutory category).
Examiner has identified independent method claim 1 as the claim that represents the claimed invention for 35 USC 101 analysis, as it's sufficiently similar to independent system claim 20 (claim 20 is much broader than, and is read on, by claim 1).
Claim 1 as amended recites, in part, the limitations of:
validating the identity of a user; receiving a request from a requestor to match the user's identity to previously enrolled particulars of the user; determining that the user's identity has not yet been validated; providing at least one pre-selected identity proofing solution as an alternative to self- validation of the user's identity for the request; querying the identity proofing solution provider to confirm the user's identity by providing the requested identity; on receipt of confirmation, validating the user's identity to the requestor.  

The several dependent claims either further refine the abstract idea of claim 1 and 20, further apply computer elements as a tool to the abstract idea, and/or they further contain narrowing elements, as noted below:
wherein the identity proofing solution is selected by the user. (Claim 2); wherein multiple identity proofing solutions are selected and queried to enhance certitude (claim 3); testing for the presence of the confirmed user by receiving at least one identifier from the user; and associating the identifier with the confirmed user.  (claims 4, 21); wherein the identifier is a biometric identifier. (claims 5, 22); wherein the request is with respect to an event, and the previously enrolled particulars are with respect to a ticket or transaction associated with the event. (claim 6); wherein the at least one identity proofing solution is pre-selected having regard to factors including user provided information, information from or detected by the user's device, location of the user, location of the requestor, or security policies of the requestor. (claim 7); wherein the factors are weighted. (claim 8); wherein the identity proofing solutions are self-sovereign or user- centric identity proofing solutions. (claim 9); wherein the requestor is the user. (claim 10); wherein the previously enrolled particulars include name of the user, and at least one of the following with respect to the user: age, address, date of birth, phone number or device ID, ticket information, financial or payment information, health status or vaccination status. (claim 11); wherein the authentication token comprises a FIDO standard authentication token, or an EMV standard authentication token. (claim 12);  wherein the confirmation is sent to the requestor without providing the requestor with information about the user held by the selected identity proofing solution. (claim 13, 23); wherein the biometric identifier is a physical identifier selected from the group consisting of: fingerprint, retina scan, palm vein scan, facial recognition scan, DNA scan, palm print, hand geometry scan, iris recognition scan, voiceprint, and odour/scent scan. (claim 14);  wherein the biometric identifier is a behavioural identifier selected from the group consisting of typing rhythm, gait, and speech pattern. (claim 15); wherein the biometric identifier is selected by the requestor. (claim 16); wherein the biometric identifier is selected based on detected capabilities of the user's device or devices connected to the user's device. (claim 17); further comprising taking at least one post-validation step selected from the list consisting of: allowing admission of the user to a place or event; confirming or completing a transaction; adding the user to a whitelist; granting a particular status to the user; and removing a restriction on the user.  (claim 18). providing a list of the identity proofing solution providers for selection by the user; receiving user input identifying the at least one of the identity proofing solution providers for use to validate the user's identity in response to requests from requestors; and wherein the user has previously proved the user's identity with the at least one of the identity proofing solution providers and the user's identity is associated by the at least one of the identity proofing solution providers with the at least some of the previously enrolled particulars for the user (claim 24).
The abstract idea is using biometric and other authorizations for validating transactions.
The above cited abstract idea under its broadest reasonable interpretation falls into the category of a commercial interaction, which is one of the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. (Step 2A - Prong 1: YES. The claims recite an abstract idea).
The above referenced claim limitations do not integrate the abstract idea into a practical application as those limitations simply apply generic computer components (i.e., "system" and "modules" to the recited abstract idea. They otherwise attempt to use a computer as a tool to perform the abstract idea. The additional above detailed structural limitations of the independent claims are once again being applied to the abstract idea.
The recitation of a generic computer component(s) in a claim does not necessarily preclude that claim from reciting an abstract idea. The limitations of the above analyzed claim(s) are all recited at a high-level of generality (e.g., a generic computer performing a generic computer function). The claims' additional elements (noted above) do not integrate the articulated abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea, and those additional elements are also set forth at a high level of generality. 
The independent claims as above lack any elements, whether computer related or not,  which are sufficient to amount to significantly more than the above stated abstract idea(s), either considered separately or as an ordered combination.
The claims are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additionally claimed elements in the claims do not integrate the abstract idea into a practical application).
The claims lack additional elements which are sufficient to amount to significantly more than the abstract idea (judicial exception), whether considered separately or as an ordered combination. This lack of providing significantly more than the judicial exception is also referred to as a claim lacking an  “inventive concept”. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements consisting here of various pieces of computer hardware (in both the independent and dependent claims) amount to no more than mere instructions to perform the judicial exception by applying generic computer(s) / computer components to it. Mere instructions to perform a judicial exception by applying generic computer components to it cannot provide an inventive concept. This application's lack of providing significantly more than the judicial exception is also referred to as its claims lacking an “inventive concept. See MPEP 2106.05(f) where applying a computer as a tool is not indicative of significantly more. Additionally, the above noted non-computer related elements do not change the outcome of the analysis, as they all depend from said independents and they simply further limit ways which the abstract idea may be performed.  (Step 2B: NO. The claims do not provide significantly more than the judicial exception).

Claims 1 - 18 and 20 - 24 are rejected per 35 USC 101.


Claim Rejections – 35 USC 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that forms the basis for the rejections under this section made in this Office Action:
(a) NOVELTY; PRIOR ART.— A person shall be entitled to a patent unless—

(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention;


Claims 1 - 11, 13 - 18, and 20 - 24 are rejected under 35 USC 102 (a)(2) as being anticipated by Bouse  (US20200167453A1).

Regarding claims 1 and 20:
Bouse  discloses:
providing a requestor interface for receiving respective requestor requests from, and communicating respective requestor responses to, respective requestor devices, (The method may further include providing a user interface to allow the user to register a specific participating entity as an authorized business partner. Providing the user interface may further include providing the user interface to allow the user to configure one or more types of transactions as permissible transactions between the user and the authorized business partner. Providing the user interface further comprises providing the user interface to allow the user to configure one or more types of permissible queries submitted by the authorized business partner and directed at a particular identity database.", [025]);
the respective requestor requests received for validating user identities; 
("In another aspect, some implementations may provide a machine-assisted method for a transaction database, the method including: receiving, from a first engine, machine-readable data encoding transactional characteristics unique to a particular transaction request initially submitted by a user at relying party, the machine-readable data applicable only once to the particular transaction request; receiving, from a second engine, an inquiry to validate the particular transaction request as well as to verify an identity of the user submitting the particular transaction request at the relying party, the query including transactional characteristics of the transaction request, the transactional characteristic unique to the particular transaction request; receiving, from a third engine, an authentication policy for the relying party to validate the transaction request and to verify the identity of the user; and based on the determined authentication policy, determining, by the authentication policy server, the validity of the submitted transaction request.", [045];
providing a user interface for receiving respective user authentication tokens from respective user devices,    ("Providing the user interface may further include providing the user interface to allow the user to configure one or more types of transactions as permissible transactions between the user and the authorized business partner. Providing the user interface further comprises providing the user interface to allow the user to configure one or more types of permissible queries submitted by the authorized business partner and directed at a particular identity database.", [025]) and ("In one aspect, some implementations provide a method for generating a token set that associate permissions and privileges with an identity, the method including: receiving, from a requester and at a computing device of a certification authority, a request for associating a first index of privileges and permissions with a foundation token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the digital biometric that identifies a person and has been issued to the requester by a trusted entity through a vetting process; extracting, from the request, the foundation token; determining that the extracted foundation token is valid; verifying that the requester is the person identified by the foundation token based on a biometric of the requester matching the extracted digital biometric; in response to determining that the foundation token is valid and verifying that the requester is the person identified by the foundation token, associating the first index of privileges and permissions of the first subscriber with the foundation token; and providing, to the requester, the foundation token associated with the first index of privileges and permissions of the first subscriber, the foundation token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.", [028]) and ("The data may be obtained by, for example, ... reading information by optical character recognition, scanning biometric information (such as a facial portrait) from the physical identification document. In some implementations, the physical credential may be presented in the form of a digital identification on the touch screen of a user device.", [0204]), and see ABSTRACT;
the user authentication tokens for use for validating the user identities; and ("In one aspect, some implementations provide a method for generating a token set that associate permissions and privileges with an identity, the method including: receiving, from a requester and at a computing device of a certification authority, a request for associating a first index of privileges and permissions with a foundation token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the digital biometric that identifies a person and has been issued to the requester by a trusted entity through a vetting process; extracting, from the request, the foundation token; determining that the extracted foundation token is valid; verifying that the requester is the person identified by the foundation token based on a biometric of the requester matching the extracted digital biometric; in response to determining that the foundation token is valid and verifying that the requester is the person identified by the foundation token, associating the first index of privileges and permissions of the first subscriber with the foundation token; and providing, to the requester, the foundation token associated with the first index of privileges and permissions of the first subscriber, the foundation token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.", [028]);
providing a proofing solution interface for communicating respective proofing solution requests to, and receiving respective proofing solution responses from, respective proof solution provider devices,   ("The method may further include based on the determined usage, providing feedback information to enable load balancing when submitting future queries to the identity database. The method may additionally include providing an application program interface through which the authentication policy engine extends service for the participant entity to access other identity databases different from the identity database. The method may further include providing the application program interface further comprises: providing the application program interface to allow a different authentication policy engine to access the identity database serviced by the authentication policy engine.", [018]) and ("In one aspect, some implementations provide a method for generating a token set that associate permissions and privileges with an identity, the method including: receiving, from a requester and at a computing device of a certification authority, a request for associating a first index of privileges and permissions with a foundation token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the digital biometric that identifies a person and has been issued to the requester by a trusted entity through a vetting process; extracting, from the request, the foundation token; determining that the extracted foundation token is valid; verifying that the requester is the person identified by the foundation token based on a biometric of the requester matching the extracted digital biometric; in response to determining that the foundation token is valid and verifying that the requester is the person identified by the foundation token, associating the first index of privileges and permissions of the first subscriber with the foundation token; and providing, to the requester, the foundation token associated with the first index of privileges and permissions of the first subscriber, the foundation token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.", [028]); 
the proofing solution requests communicated in response to requestor requests and including respective user authentication tokens to obtain validation of the user identities from one or more identity proofing solution providers as an alternative to self-validation by users of their respective user identities; ("In one aspect, some implementations provide a method for generating a token set that associate permissions and privileges with an identity, the method including: receiving, from a requester and at a computing device of a certification authority, a request for associating a first index of privileges and permissions with a foundation token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the digital biometric that identifies a person and has been issued to the requester by a trusted entity through a vetting process; extracting, from the request, the foundation token; determining that the extracted foundation token is valid; verifying that the requester is the person identified by the foundation token based on a biometric of the requester matching the extracted digital biometric; in response to determining that the foundation token is valid and verifying that the requester is the person identified by the foundation token, associating the first index of privileges and permissions of the first subscriber with the foundation token; and providing, to the requester, the foundation token associated with the first index of privileges and permissions of the first subscriber, the foundation token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.", [028]);
receiving a request from a requestor via the requestor interface to match a particular user's identity to previously enrolled particulars of the user that are enrolled with the requestor and provided with the request; ("Implementations may include one or more of the following features. The method may additionally include: receiving, from a requester and at the computing device of the certification authority, a request for associating a second index of privileges and permissions with the foundation token, the second index specifically encoding the privileges and permissions of a second subscriber, different from the first subscriber, in accessing transactional data of the requester, the request including the foundation token that identifies the person and has been issued to the requester by the trusted entity through the vetting process; extracting, from the request, the foundation token; determining that the extracted foundation token is valid; verifying that the requester is the person identified by the foundation token based on a biometric of the requester matching the foundation token;", [029]);
receiving an authentication token for the user via the user interface; ("Notably, the token may be installed or uploaded into a device of the user's choice, including, for example, a mobile tag, a smart phone/tablet, a portable computing device, a dongle, a NFC/RFID or other device capable of electronic communication.', [0261]) and ("Once the token is enabled, the token is activated with an underlying trusted identity. The trusted entity may be in an encrypted form and locked to the user's identity, which may present a physical identity document of the user. The enabled token can be used to authenticate to a registry service of the identity data eco-system. The use may further configure the token to define, for example, the types of transactions enabled by a successful authentication based on the token. The registry service may require authorization from the user to use the newly configured token, and may need the authentication that the token is valid. In this manner, the user may interface directly to the identity data eco-system, as well as the proxy certificate authority and associated policy engines. As an additional layer of security, a temporary PIN number assigned by the identity data eco-system may further secure the registry transaction from unauthorized access.", [262]);
communicating via the proofing solution interface for querying at least one of the one or more identity proofing solution providers to confirm the user's identity ("The recipient of the requested on-line transaction may include financial institutions, merchants, service providers, as well as government agencies. Example financial institutions may include any organization engaged in financial transactions, banks, securities brokerage firms, trust administrators, retirement plan administrators, college saving plans administrators, etc. The recipient merchant may include any vendor attempting to sell merchandise on-line. The recipient service provider may include any entity that charges a fee for a service, including, for example, accounting firms, consulting firms, etc. The recipient government agency may include any government agency or commission at the state or federal level, including, for example, social security agency, unemployment agency, taxation agency, department of human and health services and its state counterparts, department of motor vehicles, etc.", [081]);
by providing at least some of the previously enrolled particulars of the user and the authentication token received from the user; ("In one aspect, some implementations provide a method for generating a token set that associate permissions and privileges with an identity, the method including: receiving, from a requester and at a computing device of a certification authority, a request for associating a first index of privileges and permissions with a foundation token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the digital biometric that identifies a person and has been issued to the requester by a trusted entity through a vetting process; extracting, from the request, the foundation token; determining that the extracted foundation token is valid; verifying that the requester is the person identified by the foundation token based on a biometric of the requester matching the extracted digital biometric; in response to determining that the foundation token is valid and verifying that the requester is the person identified by the foundation token, associating the first index of privileges and permissions of the first subscriber with the foundation token; and providing, to the requester, the foundation token associated with the first index of privileges and permissions of the first subscriber, the foundation token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.", [028]).
on receipt of confirmation, communicating via the requestor interface a response to the requestor's device validating the user's identity to the requestor.  ("Verifying that the requester is the person identified by the foundation token may additionally include: confirming that the requester is the person identified by the foundation token by inquiring at a third-party certification authority, different from the trusted entity, that the requester is the person identified by the foundation token.", [030]) and ("The server may additionally confirm that the requesting user meets the pre-requisites for requesting the desired privileges and permissions. For example, when the requesting user attempts to engage in age-restricted activities, the server may perform an age calculation to confirm that the requesting user meets the age requirements. In another example, when the requesting user attempts to have access to restricted items, such as controlled substances, guns, ammunitions, etc., the server may check the request against rules. The rules may limit the amount, duration, or time-window of accessing such restricted items. If the request complies with the rules, the server at the certificate authority may allow the request to proceed.", [0291]) and ("Some implementations may provide a multi-tenancy environment where comparisons and computations can be performed upon data stored in multiple identity databases, the computational engine will prioritize and queue the requests, cache the interim results, and present results of the disposition. The identity databases may include local identity database 904, which may be located on device 910.", [0200]..
Regarding claim 2:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the at least one of the one or more identity proofing solution providers is selected by the user.  ("Data I/O 924 may further engage a communication channel (e.g., communication layers 912A and 912B). In some implementations, a user selection may be made via data I/O 924 with regard to methods discrimination 926. For example, a user may choose a computation method, or a threshold level for verifying an identity (digital, physical, or combined). Methods discrimination may apply to multimodal identity verification 928. For example, the identity verification may include multiple modalities including various biometrics (such as facial recognition, finger print, palm print, etc.) as well as physical identification documents. A particular modality may have a corresponding verification template algorithm or an associated threshold level for determining a successful match. As illustrated, the multimodal identification verification 928 may include determination contributions based on a physical credential 916.", [0205]).
Regarding claim 3:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein multiple identity proofing solution providers are selected and queried to enhance certitude. ("The recipient of the requested on-line transaction may include financial institutions, merchants, service providers, as well as government agencies. Example financial institutions may include any organization engaged in financial transactions, banks, securities brokerage firms, trust administrators, retirement plan administrators, college saving plans administrators, etc. The recipient merchant may include any vendor attempting to sell merchandise on-line. The recipient service provider may include any entity that charges a fee for a service, including, for example, accounting firms, consulting firms, etc. The recipient government agency may include any government agency or commission at the state or federal level, including, for example, social security agency, unemployment agency, taxation agency, department of human and health services and its state counterparts, department of motor vehicles, etc.", [081]).
 Regarding claims 4 and 21:
Bouse discloses all limitations of claims 1 and 20, respectively:
Bouse further teaches:
testing for the presence of the user as validated by receiving at least one identifier from the user; and associating the identifier with the user. ("Implementations may include the following additional features. The method may further include gathering the information identifying the user by: calling a method individually encapsulated in the transaction request; receiving a return value as a result of calling the method; and retrieving the information identifying the user in the received return value. Additionally, gathering the information identifying the user comprises: gathering information encoding a biometric of the user. Gathering the information identifying the user may include gathering personally identifiable information of the user. Gathering the information may include: gathering information encoding a pair of user-name and password to access an on-line account. Gathering information may include gathering data obtained from an identification document of the user.”, [012]).[AltContent: rect]

Regarding claims 5 and 22:
Bouse discloses all limitations of claims 4 and 21, respectively:
Bouse further teaches:
wherein the identifier is a biometric identifier. ("Implementations may include the following additional features. The method may further include gathering the information identifying the user by: calling a method individually encapsulated in the transaction request; receiving a return value as a result of calling the method; and retrieving the information identifying the user in the received return value. Additionally, gathering the information identifying the user comprises: gathering information encoding a biometric of the user. Gathering the information identifying the user may include gathering personally identifiable information of the user. Gathering the information may include: gathering information encoding a pair of user-name and password to access an on-line account. Gathering information may include gathering data obtained from an identification document of the user.”, [012]).
Regarding claim 6:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the request is with respect to an event, and the previously enrolled particulars are with respect to a ticket or transaction associated with the event.  ("and may ensure the rules for completing the data request are completed within policy compliance among contributors within the participating entity and between the parties engaged in a transaction event in the identity data transaction ecosystem, and with the ecosystem itself.", [0231]).
Regarding claim 7:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the at least one of the one or more identity proofing solution providers is pre-selected having regard to factors including user provided information, information from or detected by the user's device, location of the user, location of the requestor, or security policies of the requestor. ("..., identity of the providing party, network and geographical origination of this party; tokenization data from the participating parties including the requesting party and the providing party; type of transaction; amount of transaction; time of transaction origination; permitted time window for communication requests acknowledgement; timestamp of the data access; the actual payload data and accompanying metadata of payload; network carrier identity and routers/repeaters (and their locations) that handle the transaction information; and communication and security protocols used to enable the communication.", [0148]).  
Regarding claim 8:
Bouse discloses all limitations of claim 7:
Bouse further teaches:
wherein the factors are weighted. ("AVE 126 may interface to an authoritative identity database, such as an identity database at a department of motor vehicles, the state department, the social administration, the department of human and health services, etc. AVE 126 may submit a query (223) to identity database 210 in an effort to compare the identity information of user 202 against identity database 210. AVE 126 may compute an authenticity score indicating the relative authenticity of the identity information of user 202. In other words, the authenticity score may numerically attest to the identity of user 202. Query results may be received from identity database. In some implementations, a 1 to 1 mapping result may be returned from the identity database in response to the query. The query results may also be relayed by AVE 126 to TAE 122, along with the computed authenticity score.", [0106]).
 
Regarding claim 9:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the one or more identity proofing solution providers each provide respective identity proofing solutions that comprise self-sovereign or user-centric identity proofing solutions. ("FIG. 12B illustrates a system 1210 configured to address some of these challenges. As shown, a two-way user-centric pattern may enable a user, such as users 1212 and 1214, to configure privileges and permissions to the user's asset or account based on a foundation token issued to the user.", 274]).

  
Regarding claim 10:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the requestor is the user. ("The validity score may reflect numerically the relative degree of validity for the participant entity 204 to access the identity database when the participant entity 204 requested TAE 122 to, for example, verify the identity of the user requesting a transaction at the participant entity.", [0108]).
Regarding claim 11:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the previously enrolled particulars include name of the user, and at least one of the following with respect to the user: age, address, date of birth, phone number or device ID, ticket information, financial or payment information, health status or vaccination status. ("The information identifying the user may include information encoding a biometric of user 202, such as, for example, a finger print, a palm print, a written signature, etc. The information identifying the user may also include personally identifiable information of user 202. Example personally identifiable information may include name, birth date, address, height, weight, eye color, hair color, marital status, etc. Information identifying the user 202 may also include user-name and password pair for user 202 to access an on-line account.", [0125]).

Regarding claims 13 and 23:
Bouse discloses all limitations of claims 1 and 20, respectively:
Bouse further teaches:
wherein the confirmation is sent to the requestor without providing the requestor with information about the user held by the at least one of the one or more identity proofing solution providers. ("To address the privacy concern, a validated individual engine (VIE) may be introduced to administer an access right that is specific for a particular participant entity to submit queries to verify a particular user's identity. In other words, the VIE may implement an access right control at an individual level, rather than a systematic control (as administered by APS 128).", [0142]). 
 
Regarding claim 14:
Bouse discloses all limitations of claim 5:
Bouse further teaches:
wherein the biometric identifier is a physical identifier selected from the group consisting of: fingerprint, retina scan, palm vein scan, facial recognition scan, DNA scan, palm print, hand geometry scan, iris recognition scan, voiceprint, and odour/scent scan. ("During the enrollment process, the token unique identifier may be established, and may then be cryptographically tied to the user with an encryption scheme that, amongst its decoding protocols, includes multi-factor authentication such as a biometric (e.g., facial recognition, fingerprint, or voice).", [0257]).
  
Regarding claim 15:
Bouse discloses all limitations of claim 5:
Bouse further teaches:
wherein the biometric identifier is a behavioral identifier selected from the group consisting of typing rhythm, gait, and speech pattern. ("for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.", [0313]).
 
Regarding claim 16:
Bouse discloses all limitations of claim 5:
Bouse further teaches:
wherein the biometric identifier is selected by the requestor.  ("Once the applicant has passed the tests, biometric information identifying the applicant may be taken from the applicant, including, for example, a portrait of the applicant, a finger print of the applicant, a signature of the applicant, etc. Other personally identifiable information, such as hair color, eye color, blood type, birth date, etc., may also be collected from the applicant.", [099]).
 
Regarding claim 17:
Bouse discloses all limitations of claim 5:
Bouse further teaches:
wherein the biometric identifier is selected based on detected capabilities of the user's device or devices connected to the user's device. ("Once the applicant has passed the tests, biometric information identifying the applicant may be taken from the applicant, including, for example, a portrait of the applicant, a finger print of the applicant, a signature of the applicant, etc. Other personally identifiable information, such as hair color, eye color, blood type, birth date, etc., may also be collected from the applicant.", [099]).
 
Regarding claim 18:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
wherein the request from the re- questor is received for validating the user's identity for one  of: allowing admission of the user to a place or event; confirming or completing a transaction; adding the user to a whitelist; granting a particular status to the user; and removing a restriction on the user.  ("Moreover, the method may additionally include in response to determining that the participant entity, as an authorized business partner of the user, is authorized to engage in the requested transaction between the user and the participant entity, signaling the participant entity to proceed with the requested transaction.[024]).
Regarding claim 19 (withdrawn).
Regarding claim 24:
Bouse discloses all limitations of claim 1:
Bouse further teaches:
providing, via the user interface, a list of the identity proofing solution providers for selection by the user; and ("The transaction request may be submitted at a variety of places, including, for example, a financial institution, a merchant, a service provider, a government agency, etc. Indeed, the Internet may allow a consumer to conduct virtually all commercial, business, and social transactions on-line.", [080]) and ("The requested on-line transaction may access data owned by the recipient of the request. The recipient of the requested on-line transaction may include financial institutions, merchants, service providers, as well as government agencies. Example financial institutions may include any organization engaged in financial transactions, banks, securities brokerage firms, trust administrators, retirement plan administrators, college saving plans administrators, etc.", [081]);
receiving, via the user interface, user input identifying the at least one of the identity proofing solution providers for use to validate the user's identity in response to requests from requestors; and ("A user may submit a transaction request at a relying party. The relying party may include, for example, a financial institution, a healthcare provider, an insurance carrier, a merchant. In the context of relying party serving the user's transaction request, the user may also be known as the requesting party.", [0143]);
wherein the user has previously proved the user's identity with the at least one of the identity proofing solution providers and ("Implementations may include the following additional features. The method may further include gathering the information identifying the user by: calling a method individually encapsulated in the transaction request; receiving a return value as a result of calling the method; and retrieving the information identifying the user in the received return value. Additionally, gathering the information identifying the user comprises: gathering information encoding a biometric of the user. Gathering the information identifying the user may include gathering personally identifiable information of the user. Gathering the information may include: gathering information encoding a pair of user-name and password to access an on-line account. Gathering information may include gathering data obtained from an identification document of the user.", [012]);
the user's identity is associated by the at least one of the identity proofing solution providers with the at least some of the previously enrolled particulars for the user. ("The information identifying the user may also include personally identifiable information of user 202. Example personally identifiable information may include name, birth date, address, height, weight, eye color, hair color, marital status, etc. Information identifying the user 202 may also include user-name and password pair for user 202 to access an on-line account. Information identifying user 202 may be obtained from an identification document of the user. In some implementations, user 202 may attach a copy of an identification document along with the transaction request.", [0125]).



Claim Rejections – 35 USC 103


In the event the determination of the status of the application as subject to AIA  35 USC 102 and 103 (or as subject to pre-AIA  35 USC 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 USC 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 USC 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating
     obviousness or nonobviousness.


Claim 12   is rejected pursuant to 35 USC 103 as being unpatentable over Bouse  (US20200167453A1) in view of Stohr (US11184343B2).


 Regarding claim 12:
wherein the authentication token comprises a FIDO standard authentication token, or an EMV standard authentication token. ("The invention relates to a method for carrying out a cryptographically secured authentication, which complies with the Universal Authentication Framework UAF of the FIDO Alliance. In this manner, an existing infrastructure created according to the specifications of the FIDO Alliance can be employed and the proposed method can be embedded in the infrastructure using standard interfaces.", [BACKGROUND]) and see [ABSTRACT]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of this application to have modified Bouse  to incorporate the teachings of Stohr because Bouse  would be more versatile if it were to adopt FIDO type authentication as done in Stohr. ("A method is provided for carrying out a cryptographically secured authentication which complies with the Universal Authentication Framework (UAF) of the FIDO Alliance. It is thus possible to employ an existing infrastructure of the FIDO Alliance and the method can be embedded into the infrastructure using standard interfaces.", [ABSTRACT] of Stohr).


Conclusion


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please see attached form 892.
Lindemann (US20180191695A1) - A system, apparatus, method, and machine readable medium are described for bootstrapping an authenticator. For example, one embodiment of a method comprising: confirming an identity of a user by a first relying party using a first identity verification technique responsive to the user acquiring a device having an authenticator; generating or collecting initial user verification reference data upon verifying the identity of the user through the first identity verification technique; securely providing the initial user verification reference data or data derived from the initial user verification reference data to the authenticator; the authenticator implementing a second identity verification technique by comparing the initial user verification reference data or data derived from the initial user verification reference data to data collected from the user or data collected from a device provided to the user; and providing proof of a successful verification of the identity of the user to a second relying party during a registration request of the authenticator with the second relying party.
Moran (US20170006008A1) - A system and method of validating an upgrade of authentication credentials. The method includes authenticating a first user being associated with a first entity, receiving input identifying a customer name for the online account, receiving input indicating a type of identification to be presented at the validation event, receiving input indicating a transaction code associated with the validation event, and receiving input indicating a location of the validation event. The method further includes authenticating a second user being associated with a second entity, providing to the second user a list of validation events for a location, receiving input selecting a validation event in the list of validation events, presenting one or more of the customer name, the transaction code, and the type of identification associated with the selected validation event, and receiving input indicating a result of the validation event, wherein a credential or token is created and assigned based on the validation event.
Loughlin-McHugh  (US9858408B2) - The disclosure relates to a digital identity system including an enrolment module executing on a processor configured to receive a data item from an enrolling device and to create in persistent electronic storage a digital profile comprising the data item. The system also includes a credential creation module executing on a processor configured to generate a credential from a random sequence, to associate the credential with the digital profile in a database, and to transmit the credential to the enrolling device. The system further includes a publication module executing on a processor configured, in response to later presentation of the credential to the digital identity system, to publish the digital profile by storing a version of the digital profile in a memory location accessible to a device presenting the credential.
Kohli (US10891617) -   method for authenticating a user identity for a data transaction is provided. The method is implemented using an identity authentication computing device in connection with a memory and a data transaction processor. The method includes receiving a request from a first user of a first client device for a data transaction with a second user, causing a second client device to prompt the second user for biometric identification information, receiving captured biometric identification information corresponding to the second user, retrieving sample biometric identification information associated with the second user, comparing the captured biometric information and the sample biometric information, determining that the captured and the sample biometric information match, completing a data transaction between the first user and the second user, and transmitting an instruction to one or more of the first client device and the second client device displaying a notification that the data transaction is completed.
Komperia  (US10951609B2) -  A biometrically encrypted access policy is provided. A commercial transaction request to access a client-supported institution received from a client device is identified. A database structure associates each of a plurality of client-supported institutions with one or more respective biometric tokens for authentication. A one-time password is associated with the client-supported institution based on biometric tokens. An encrypted code is associated with the client-supported institution based on biometric tokens. A encrypted OTP is transmitted to client device, and instructions to capture a biometric scan data via the client device are generated based on parameters of biometric tokens. A decryption key is generated via the client device, and the decryption key is determined to authenticate the user of the client device, and, in response, the commercial transaction request to access the client-support institution is approved.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW COBB whose telephone number is (571) 272-3850. The examiner can normally be reached 9 - 5, M - F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W. Anderson can be reached at (571) 270-0508. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.



/BRUCE I EBERSMAN/Primary Examiner, Art Unit 3698                                                                                                                                                                                                        

/MATTHEW COBB/Examiner, Art Unit 3698