DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
	This Office action is in response to correspondence received June 21, 2022.  
	Claims 28, 32, 41, 43, and 45 are amended.  Claims 28-45 are pending and have been examined.
Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 28-45 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception – a certain method of organizing human activity-without a practical application or significantly more.  
This rejection follows the most recent MPEP revision (June 2020).  
	As described in MPEP § 2106, subsection III, Step 1 of the eligibility analysis asks: Is the claim to a process, machine, manufacture or composition of matter? Like the other steps in the eligibility analysis, evaluation of this step should be made after determining what applicant has invented by reviewing the entire application disclosure and construing the claims in accordance with their broadest reasonable interpretation (BRI). 
	Per Applicant's claims, 
Claims 28-40 are a method, which is a process.
Claims 41-45 are a system, which is a machine.
Therefore, Applicant's claims are directed to statutory subject matter.  
However, determining that a claim falls within one of the four enumerated categories of patentable subject matter recited in 35 U.S.C. 101 (i.e., process, machine, manufacture, or composition of matter) in Step 1 does not end the eligibility analysis, because claims directed to nothing more than abstract ideas (such as a mathematical formula or equation), natural phenomena, and laws of nature are not eligible for patent protection.  MPEP 2106.04.
Step 2A, Prong One asks: Does the claim recite an abstract idea, law of nature, or natural phenomenon? In Prong One examiners evaluate whether the claim recites a judicial exception, i.e. whether a law of nature, natural phenomenon, or abstract idea is set forth or described in the claim.  See MPEP 2106.04(II)(A)(1).
The abstract idea of claim(s) 28 and 41, which are similar in scope, is defined as:
A method of accessing a verified [] identity of a user, the method comprising; receiving [] data for a user that requires verification; requesting [] verification of the received user data; storing [] a [] identity of the user based on the verification of the received user data, wherein the [] identity comprises the user data stored as data items, wherein each data item is certified as a verified data item; receiving [] a user-data consent from the user to enable one or more institutions, including a first institution, access to a selected group of the data items; receiving [] a user-data request from [] associated with the first institution requesting access to user data from the [] identity; determining [] whether the first institution's request matches the user-data consent for enabling access to the selected group of data items; and granting the first institution's request based on the determination that the first institution's user-data request matches the user-data consent for enabling access to the data items, and transmitting an indication of verification corresponding to the user-data request, 
Where there is access to the verified data items without performing a verification step on the selected group of data items and without storing the selected group of data items 
The abstract idea steps recited in claims 28 and 41 are those which represent a certain method of organizing human activity.  As explained in MPEP 2106.04(a)(2):
The term "certain" qualifies the "certain methods of organizing human activity" grouping as a reminder of several important points. First, not all methods of organizing human activity are abstract ideas (e.g., "a defined set of steps for combining particular ingredients to create a drug formulation" is not a certain "method of organizing human activity"), In re Marco Guldenaar Holding B.V., 911 F.3d 1157, 1160-61, 129 USPQ2d 1008, 1011 (Fed. Cir. 2018). Second, this grouping is limited to activity that falls within the enumerated sub-groupings of fundamental economic principles or practices, commercial or legal interactions, and managing personal behavior and relationships or interactions between people, and is not to be expanded beyond these enumerated sub-groupings except in rare circumstances as explained in MPEP § 2106.04(a)(3). Finally, the sub-groupings encompass both activity of a single person (for example, a person following a set of instructions or a person signing a contract online) and activity that involves multiple people (such as a commercial interaction), and thus, certain activity between a person and a computer (for example a method of anonymous loan shopping that a person conducts using a mobile phone) may fall within the "certain methods of organizing human activity" grouping. It is noted that the number of people involved in the activity is not dispositive as to whether a claim limitation falls within this grouping. Instead, the determination should be based on whether the activity itself falls within one of the sub-groupings.


	These steps are a certain method of organizing human activity, commercial or legal interaction, because they are steps of verifying someone's identity, which is done in order for people to make transactions or to fulfill legal or regulatory needs (like verifying ID to get on a plane).  First, one could access a verified identity of a user by looking it up on paper; by receiving data through hearing it or reading it on paper; by requesting verification through asking on paper or verbally; storing the identity on paper.  That the identity comprises user data stored could be performed on paper or mentally by storing it.  One could then receive a user data consent mentally by observing it; that it belongs to an institution does not prevent from doing this task mentally.  One can then determine that an institution request matches a user data consent mentally, by observing if they are the same, and then mentally judge that an institution can access to the data items.  That one does not need to perform a verification step further is a mental judgment that sufficient verification has been made.  
	One could verify to someone else that someone is verified by taking a verification step without giving them the information, and that way they would not have to store the information.  
Therefore, under a broadest reasonable interpretation, one could perform the steps, as identified in claims 28 and 41  above, as a certain method of organizing human activity.  
Prong Two asks: Does the claim recite additional elements that integrate the judicial exception into a practical application? In Prong Two, examiners evaluate whether the claim as a whole integrates the exception into a practical application of that exception. If the additional elements in the claim integrate the recited exception into a practical application of the exception, then the claim is not directed to the judicial exception (Step 2A: NO) and thus is eligible at Pathway B. This concludes the eligibility analysis. If, however, the additional elements do not integrate the exception into a practical application, then the claim is directed to the recited judicial exception (Step 2A: YES), and requires further analysis under Step 2B (where it may still be eligible if it amounts to an ‘‘inventive concept’’).  See MPEP 2106.04(II)(A)(1).
This judicial exception is not integrated into a practical application because the additional elements merely use the computer or other machinery as a tool.  In MPEP 2106.04(d), it is noted that "merely reciting the words 'apply it' (or an equivalent) with the judicial exception," is not a practical application.  Therefore, according to the MPEP, this is not solely limited to computers but includes other technology that, recited in an equivalent to "apply it," is a mere instruction to perform the abstract idea on that technology.  
Claim 28 recites the following additional elements:
Performing steps across a network
Digital information (identity)
Receiving data / data request at a first / second computing system
Requesting data at a first computing system
Storing data by a first computing system
Determining by the first computing system
Transmitting from the first computing system to the second computing system
A second computing system does not need to perform a step, thereby reducing computing overhead at the second computing system.
Claim 41 recites the following additional elements:
Digital information (identity)
a first computing system including one or more hardware processors configured to
a second computing system
Transmitting from the first computing system to the second computing system
A second computing system does not need to perform a step, thereby reducing computing overhead at the second computing system.
These elements are merely instructions to apply the abstract idea to a computer because the elements of digital information, a first/second computing system, a network, requesting/receiving/determining information by computing systems are merely instructions to apply the abstract idea to general purpose computers.  See MPEP 2106.05(f)(2).  Reciting these elements is similar to reciting that software is required to tailor information and provide it to the user on a generic computer or applying a business method (here, identity verification for institutions) to the internet (a network.  See Intellectual Ventures I LLC v. Capital One Bank (USA), 792 F.3d 1363, 1370-71, 115 USPQ2d 1636, 1642 (Fed. Cir. 2015), Ultramercial, Inc. v. Hulu, LLC, 772 F.3d 709, 715, 112 USPQ2d 1750, 1754 (Fed. Cir. 2014).
Moreover, that a step does not need to be performed "thereby reducing computing overhead" is a further applied step, and also not an improvement computing or other related technology.  First, this merely recites that the order of steps so claimed means that a further step does not need to be performed.  However, this presupposes that the step would be necessarily performed in the first place, and there is no evidence of this.  For this step to be an improvement, "a technical explanation as to how to implement the invention should be present in the specification" and "[t]he specification ... must describe the invention such that the improvement would be apparent to one of ordinary skill in the art."  MPEP 2106.05(a) (emphasis added).      However, the specification indicates that the steps are merely directed to improving institutional steps about "Anti-Money Laundering" (page 1), "Know Your Customer" (page 1), and business processes (processes that are not inherent to technology, but are business decisions made because of regulations) that require information to be manually deleted or that could be "stored on a number of different platforms…mak[ing] the information vulnerable to exploitation, misuse and not least unauthorized editing or tampering."  
While Applicant may have improved through the claims an abstract idea in making different decisions in how to handle sensitive data,  Applicant has not improved technology because no technology was improved.  One ordinarily skilled would not recognize technology being improved, but rather would see that, arguably, only an abstract idea was improved through the use of technology.  
Therefore, Applicant's thereby step is a statement that because Applicant's claims recite a certain number of steps, Applicant's steps are merely different from another set of steps.  The computers and computer technology are merely applied to Applicant's abstract idea steps and therefore are not a practical application of the abstract idea. 
Therefore, because the additional elements are merely instructions to apply the abstract idea to a computer, see MPEP 2106.05(f), they do not integrate the abstract idea into a practical application.  
Step 2B involves evaluating additional elements to determine whether they amount to an inventive concept requires considering them both individually and in combination to ensure that they amount to significantly more than the judicial exception itself. Because this approach considers all claim elements, the Supreme Court has noted that "it is consistent with the general rule that patent claims ‘must be considered as a whole.’" Alice Corp., 573 U.S. at 218 n.3, 110 USPQ2d at 1981 (quoting Diamond v. Diehr, 450 U.S. 175, 188, 209 USPQ 1, 8-9 (1981)). Consideration of the elements in combination is particularly important, because even if an additional element does not amount to significantly more on its own, it can still amount to significantly more when considered in combination with the other elements of the claim. See, e.g., Rapid Litig. Mgmt. v. CellzDirect, 827 F.3d 1042, 1051, 119 USPQ2d 1370, 1375 (Fed. Cir. 2016) (process reciting combination of individually well-known freezing and thawing steps was "far from routine and conventional" and thus eligible); BASCOM Global Internet Servs. v. AT&T Mobility LLC, 827 F.3d 1341, 1350, 119 USPQ2d 1236, 1242 (Fed. Cir. 2016) (inventive concept may be found in the non-conventional and non-generic arrangement of components that are individually well-known and conventional).  See MPEP 2106.05.  
Per the additional elements in these claims, imitations that the courts have found not to be enough to qualify as "significantly more" when recited in a claim with a judicial exception include: Adding the words "apply it" (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, e.g., a limitation indicating that a particular function such as creating and maintaining electronic records is performed by a computer, as discussed in Alice Corp., 573 U.S. at 225-26, 110 USPQ2d at 1984 (see MPEP § 2106.05(f)).  MPEP 2106.05.  
The examination process involves carrying over their identification of the additional element(s) in the claim from Step 2A Prong Two and carrying over their conclusions from Step 2A Prong Two on the considerations discussed in MPEP §§ 2106.05(a) - (c), (e) (f) and (h).  
The additional elements and their analysis are therefore carried over:  Applicant has merely recited elements that instruct the user to apply the abstract idea to a computer or other machinery.  Therefore, Applicant has not claimed significantly more than the abstract idea.  
Per the dependent claims:
	Per claims 29 and 42, which are similar in scope, the abstract idea is further defined where the user data comprises an identification document because one could exist on paper and one could mentally observe and judge the document. 
	Per claims 30 and 43, which are similar in scope, the receipt of a subset of data further defines the abstract idea because one could further receive data.  The receipt of a hash is an additional element recited in an applied manner because receiving a hash merely means that software is required to present information to a user, as explained in the rejection of the independent claims. 
	Per claims 31 and 44, which are similar in scope, storing a transaction record is a mental process step because one could store a transaction record with pen and paper, and that it happened between computing systems to a "provenance enabling system" (under broadest reasonable interpretation, another computer) is a mere apply it limitation that the commonplace business method of recording transactions took place on computers.
	Per claims 32 and 45, which are similar in scope, that the provenance enabling system is a blockchain is a mere instruction to apply the abstract idea to a specific storage medium, blockchain.  That the blockchain is "private" merely further details the kind of blockchain, still applied.
	Per claim 33, the abstract idea is further detailed by receiving a request from a user to revoke consent because one could mentally revoke consent (using pen and paper, or verbally), then one could also actually revoke the consent mentally by deciding consent was no longer authorized.
	Per claim 34, the abstract idea is further defined by defining the user-data consent as institution and data item specific, and that it is a selected group of data items selected for each of the one or more institutions or for each group of the one or more institutions.
	Per claim 35, the abstract idea is further defined with a "time limited consent" and "automatic" revocation of consent after the time limit expires because one could mentally decide that consent is time limited and then make the decision that consent would be revoked according to the first decision.  
	Per claim 36, that the verified (digital – already analyzed additional element) identity comprises data item legal confirmations and/or data item legal proofs, with further information limitations pertaining to the conformations and/or proofs, is a further definition of the abstract idea because one could mentally observe (on paper or otherwise) different types of information.
	Per claim 37, receiving "additional" data is a further mental process step, as one could perform the same mental process for receiving the first data as one did for receiving additional data, and therefore this claim further defines the abstract idea.
	Per claim 38, one could obtain verification from a "third party verification service company" mentally because one could observe data that comes from a company mentally. 
	Per claim 39, the additional element of providing access to a web interface which "enables" the user to manage the digital verified identity and upload of user data is a mere apply it element.  
	Per claim 40, the additional element of using the verified identity for cryptocurrency is a mere applied us of the verified identity for cryptocurrency, also an applied element.  
Therefore, claims 28-45 are rejected under 35 USC 101.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 28-31 and 33-44 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rodriguez et al., US PGPUB 2018/0273906 A1 ("Rodriguez") in view of Jensen, US PGPUB 2016/0267340 A1 ("Jensen") .
Per claims 28 and 41, which are similar in scope, Rodriguez teaches
(per claim 28) A method of accessing a verified digital identity of a user across a network, the method comprising in par 049: "Another aspect of the present invention is directed to a method of authenticating a bearer to a validator, the method comprising implementing by a digital identity system the following steps"  See par 0105: "At step S208b, the enrolment service responds to the enrolment request by transmitting an electronic response message to a network address associated with the device 12."
(per claim 41) A system for managing a verified digital identity of a user, the system comprising a first computing system including one or more hardware processors configured to in par 0279: "FIG. A10 shows a block diagram of a user device 12 (e.g. a smart device such as a smartphone or tablet). The user device comprises a processor 1104 executing digital identity software 1006, e.g. in the form of an application or “app” (uPass app/verification application), and to which is connected a camera 1108, a wireless (e.g. NFC, Bluetooth) interface 1010 and a display 1002 for outputting visual information to a user of the device 12."
Rodriguez then teaches receiving, at a first computing system, data for a user that requires verification in par 089: "The set of user data that is held in the secure store 24 for a given user constitutes a digital identity of the user as that term is used herein. In the following, each piece of user data is an attribute of that user, against which one or more documents or other verifiable information sources may be anchored (see below) such as surname, first name(s), date of birth, facial image (“selfie”), address etc."  Because the data may be anchored against documents, it is data that requires verification.  
Rodriguez then teaches requesting, by the first computing system, verification of the received user data in par 0110: "FIG. 3 shows a method by which a bearer, using a bearer device 12, can validate themselves to a validator using a validator device 12v. At the start of the method, each has the following: [0111] a currently-valid one-time use credential—cB and cV respectively—bound to himself and his device; [0112] a set of one or more attribute keys—{KaB} and {KaV} respectively—for a set of one or more attributes ({aB}, {aV}) held in the secure store 24 encrypted with their respective user keys (UkB, uKV); and [0113] a version of his user key (UkB, UkV) encrypted with his device's device key (DkB, DkV)—DkB(UkB) and (DkV(UkV) respectively."
Rodriguez then teaches storing, by the first computing system, a digital identity of the user based on the verification of the received user data, wherein the digital identity comprises the user data stored as data items, wherein each data item is certified as a verified data item in pars 0116-0119: "At step S302, the bearer causes an electronic sharing token request message “Req” to be transmitted from his device 12b to the validation service 14b. The sharing token request comprises the following: the encrypted user key DkB(UkB);  the bearer's credential cB;  an identifier bID of the bearer."
Rodriguez then teaches receiving, by the first computing system, a user-data consent from the user to enable one or more institutions, including a first institution, access to a selected group of the data items in par 0322: "In Step S80, the new employee supplies his credential 30 NE to the employer. In FIG. A8b, the new employee device is labelled 12NE, and the employer device is labelled 12E. In Step S82, the employer sends the new employee credential 30NE and his own credential 30E to the uPass registration service 14. In addition, the employer sends in that message a profile which he has created for the new employee." 
Rodriguez then teaches receiving, by the first computing system, a user-data request from a second computing system associated with the first institution requesting access to user data from the digital identity in par 0322: "The uPass service checks that the new employee and employer credentials are valid, and if so, creates a profile for the new employee based on the information provided by the employer, and finds a new credential 30″NE to that profile. That new credential is then sent (Step S84) to the new employee device." 
Rodriguez then teaches determining, by the first computing system, whether the first institution's request matches the user-data consent for enabling access to the selected group of data items in par 0322: "The uPass service 14 also sends a replacement credential 30″E to the employer device, because the employer has now used up his one-time only valid credential when he sought to assign a profile for the new employee."  The sending of the replacement credential is a determination that the request matches the user data consent (when the user applied in the first place, the user consented to sharing his identity, under a broadest reasonable interpretation).
Rodriguez then teaches and granting the first institution's request based on the determination that the first institution's user-data request matches the user-data consent for enabling access to the data items, in par 0323: "The profile is then stored in the uPass system (Step S88). It will be appreciated that although shown in sequence, Step S84, S86 and S88 can be carried out in any order or in parallel."
Rodriguez does not teach transmitting, from the first computing system to the second computing system, an indication of verification corresponding to the user-data request, wherein the second computing system has access to the verified data items without performing a verification step on the selected group of data items on the second computing system and without storing the selected group of data items on the second computing system, thereby reducing computing overhead at the second computing system.
Jensen teaches a system for determining identity using a mobile device.  See abstract.
Jensen teaches transmitting, from the first computing system to the second computing system, an indication of verification corresponding to the user-data request, wherein the second computing system has access to the verified data items without performing a verification step on the selected group of data items on the second computing system and without storing the selected group of data items on the second computing system in par 059 where the biometric identification device 126 takes the biometric information and sends it to the provider 112.  The provider compares this to earlier identity information and if there is a match, sends "identification verification" to the biometric device.  In Jensen, the first computing system is the provider 112.  The second computing system is the biometric device 126.  The biometric device (second computing system) does not store the selected group of data items, the "earlier taken image," this is stored by the first computing system.  Additionally, the second computing system (126) has access to the verified data items (the biometric data taken at the time) without performing the verification step which is performed by provider 112.  Additionally, the provider 112 teaches an institution.  See par 058, provider is a "command center managing information for a financial institution."  
The selected group of data items are the earlier taken image, which neither have a verification step performed by 126 nor have them stored on 126.  
See par 059: "In other embodiments, the biometric identification system 10 may be implemented through a standalone or integrated device that incorporates the biometric identification software application 12, camera 32, and internet connection to transmit a newly acquired biometric template 111 to the central database 110 of the provider 112 for validation. For example, the biometric identification device 126 may be integrated with a cash register 128 so the identity of a person may be verified when making for example a credit card purchase. For verification, the user 130 must simply insert their hand within the device 126 that has the full-scale object 50 installed within the frame where the newly acquired image 109 of the user's hand 40 will be taken. Identification codes are created using processing algorithms that specify parameters calculated from the geometric measurement of the person's hand. One or more identification codes are stored within a newly acquired biometric template 111. The device 126 transmits a newly acquired biometric template 111 to the provider 112 and a comparison of the one or more identification codes created from an earlier taken image 113 and that have been stored in a registered biometric template 115 are made. If there is a precision match of the newly acquired biometric template 111 to the registered biometric template 115 then an identification verification 117 is transmitted to the biometric identification device 126. If any identification code is outside of a statistical tolerance, then the newly acquired biometric template will not match the registered biometric template 115 and error or incorrect identification notice will be transmitted. The notification of a confirmed or false identity of the person is provided within a display or by using an indicator 132."
 The limitation, thereby reducing computing overhead at the second computing system under a broadest reasonable interpretation, is an intended result of the previous steps because, with the "thereby" conjunction, the overall sense is that this claim limitation is not given weight because it "simply expresses the intended result of a process step positively recited." Hoffer v. Microsoft Corp., 405 F.3d 1326, 1329, 74 USPQ2d 1481, 1483 (Fed. Cir. 2005), (quoting Minton v. Nat’l Ass’n of Securities Dealers, Inc., 336 F.3d 1373, 1381, 67 USPQ2d 1614, 1620 (Fed. Cir. 2003)).  Therefore, the prior art does not need to teach this limitation.  Further, it is taught by par 059 of Jensen because the provider performs the comparison, which is a computing step that is not performed by the biometric device 126, which reduces computing overhead at the second computing system.
It would have been obvious to one ordinarily skilled in the art before the effective filing date of the claimed invention to modify the verified identity teaching of Rodriguez with the first second computing device without storing on the second computing device teaching of Jensen because Jensen teaches that by determining an identity of a person using a hand or face, this prevents unauthorized access to not only premises but also web sites and computer systems.  Par 002. This would increase security with identities and make them more acceptable and useful.  For these reasons, one would be motivated to modify Rodriguez with Jensen.  
Per claims 29 and 42, which are similar in scope, Rodriguez and Jensen teach the limitations of claims 28 and 41, above.  Rodriguez further teaches the user data comprises a copy of an identification document in par 0158: "As shown, each of the attributes may be stored in association with any number of anchor identifiers 406 (including zero—not ever attribute needs to be anchored to a document; for example the selfie a1 is not anchored to any document in this example), and is thereby anchored to the identified document(s). The anchor identifier need not identify the document individually (though neither is that excluded)—it is sufficient for them to simply indicate its type e.g. “passport”, “driving license”, “utility bill” etc."
Per claims 30 and 43, which are similar in scope, Rodriguez and Jensen teach the limitations of claims 29 and 41, above.  Rodriguez further teaches the second computing system is configured to receive one or more of a hash and a subset of the verification of the user data corresponding to an identification document instead of a copy of an identification document in par 0313: " However, when the credential is generated using certain “ingredients” (such as a random sequence, random number and device metadata, such as a device identifier), it is generally more efficient to store the ingredients instead as these generally have a lower bit-size than the credential itself. The ingredients can be used to generate a copy of the credential for such comparison. For example, the credential can be generated by hashing a random seed and device metadata (e.g. which is or comprises a device identifier) a random number of times—the uPass system can store the metadata, seed and random number to create another copy later."
Per claims 31 and 44, which are similar in scope, Rodriguez and Jensen teach the limitations of claims 28 and 41, above.  Rodriguez further teaches further configured to store a transaction record between the first computing system and the second computing system to a provenance enabling system  in par 0150 where the transaction key and the bearers attributes are available on an addressable memory location in the published data store.  See par 0150: "Each of the receipts 32b, 32v comprises a respective copy of a transaction key Tk. The validator receipt 32v also comprises a link, such as a URI, to the addressable memory location in the published data store 34 to which the bearer's attribute(s) {aB} have been published, denoted URI{aB}, thereby enabling the validator device 12v to render them available to the validator. The bearer receipt 32b also comprises a link, such as a URI, to the addressable memory location in the published data store to which the validator's attribute(s) {aV} have been published, denoted URI{aV} so that the bearer device 12b can render them available to the bearer. Although not shown in FIG. 3, the bearer and validator receipts 32b, 32v also comprise the links URI{aB} and URI{aV} such that the bearer and the validator can also see what has just been rendered available to the other party."
Per claim 33, Rodriguez and Jensen teach the limitations of claim 28, above.  Rodriguez further teaches receiving from the user a request for revocation of at least a part of the user-data consent, and revoking access to a corresponding part of data items in par 0374: "When there is the suspicion of serious misuse, an uPass may be revoked. Revocation is similar to deletion but there may be a need to record additional information about the user to prevent them from re-joining uPass within a set period of time."
Per claim 34, Rodriguez and Jensen teach the limitations of claim 28, above.  Rodriguez further teaches the user-data consent is institution and data item specific, and wherein the selected group of data items is selected for each of the one or more institutions or for each group of the one or more institutions in par 0280 where the identity can be used to verify appropriate age: "One of the most common uses of photo ID is to confirm that a person meets the minimum legal age for a particular activity they wish to perform, such as entering a nightclub or purchasing alcohol. The uPass system is particularly well-suited to such a purpose as a client verification application 50 (see FIG. A1a) executing on a smartphone or tablet can be tailored both to answer the underlying query “is this person old enough” and to provide a photo confirmation that the person presenting credentials is in fact the person these credentials belong to. In the following description, the focus is on the precision of a photo."  And in par 0621: "A uPass transaction can be conducted between three entities (such as bearer 20, validator 52, and validation service (authenticator) 14b), as shown in FIG. A12. In FIG. A12 F represents a function to be executed. This may be a simple validation. It may also be an operation specific to the secure store 24 as expressed by a public API. A represents an authentication wrapper for F. The bearer 20 (e.g. customer) sends their credential Cc to the validator 52 (e.g. merchant) in a first electronic message. The validator sends its own credential Cm with the bearer credential Cc with an indicator of the function F to be executed to the authenticator 14b in a second electronic message (“CmF(Cc)”)."  One teaches an age validation, the other validation for a customer to a merchant.  See also 0616 for donations to charity as another use.  
Per claim 35, Rodriguez and Jensen teach the limitations of claim 28, above.  Rodriguez further teaches the user-data consent is a time limited consent, and wherein grant of access is automatically revoked upon expiry of the time limited consent in in pars 0375-0376: " At certain infrequent time periods (governed by expiration time 68) an uPass User may be asked to create a new uPass.  If all of the anchoring identity documents for an uPass user expire, this should automatically trigger a request to issue a new uPass."
Per claim 36, Rodriguez and Jensen teach the limitations of claim 28, above.   Rodriguez further teaches the verified digital identity comprises data item legal confirmations and/or data item legal proofs, the data item legal confirmations and/or the data item legal proofs including certification that required data item verification processes have been performed in par 0287 where trust is established based on a legal requirement.  See also par 0288 and 0289.  Par 0287: "To address this an embodiment of the invention introduces the concept of contingent trust, whereby a user's identity profile has an associated profile confidence value “CV1” n for 2, 3, 4 based upon the quality and source of identity documents associated with it, and its historic usage. The way this works in practice is that the multiple sources of identity data are allowed, and for each a level of trust is assigned. Responses can then be qualified where legally required."
Per claim 37, Rodriguez and Jensen teach the limitations of claim 28, above.   Rodriguez further teaches receiving from the user additional user data corresponding to a renewal of an identification document, wherein the additional user data is stored as updated verified data items replacing previous verified data items in par 0365 where new registered documents are added when old documents expire.  See par 0365: "Whilst uPass credentials are anchored by a passport 10 they can be caused to expire when the passport expires. This requires that uPass users be advised to update their registered documents as soon as their new passport is issued to ensure continuity of service."
Per claim 38, Rodriguez and Jensen teach the limitations of claim 28, above.   Rodriguez further teaches the verification of user data is obtained from a third party verification service company in par 0324: "In this case, it may be necessary to determine the authorizations attached to that credential, and to confirm that the employer has a credential which allows him to create uPasses for a third party. Note that this is one level higher in authorizations and assigning a profile to someone who already has an uPass. The assignation of a profile does not imply any particular validity to the uPass itself."
Per claim 39, Rodriguez and Jensen teach the limitations of claim 28, above.   Rodriguez further teaches providing, by the second computing system, access to a web interface for the user, and wherein the web interface enables the user to manage the verified digital identity of the user including providing consent to user-data and uploading of user data, including additional user data in pars 01347-01363 where a user logs into a website in order to sign up for the digital identity service, and in par 0266 where the user uploads and registers copies of their identity documents.  See par 0266: "As a basic premise, a user of the uPass system is able to upload and register copies of their identity documents and in return they receive an anchored digital ID which can be used to verify their identity to third parties without needing to present these identity documents. They are also able to specify the nature and quantity of personal information which will be made available when doing this."
Per claim 40, Rodriguez and Jensen teach the limitations of claim 28, above.  Rodriguez further teaches wherein the verified digital identity is used in a cryptocurrency transaction and wherein the verified digital identity or selected data items of the verified digital identity is used as proof of identity for the cryptocurrency transaction, and wherein only the hash value of the verified digital identity or of the selected data items of the verified digital identity is recorded with the transaction. In pars 0999-01002 where crypto currencies are used, tying in the identity with crypto and into a secure ledger for managing cryptocurrency, so that there is not a need for a distributed ledgers.  
Claims 32 and 45 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rodriguez et al., US PGPUB 2018/0273906 A1 ("Rodriguez") in view of Jensen, US PGPUB 2016/0267340 A1 ("Jensen"), further in view of Costa Faidella et al., US PGPUB 2017/0177855 A1 ("Costa").
Per claims 32 and 45, which are similar in scope, Rodriguez and Jensen teach the limitations of claims 31 and 44, above.  Rodriguez does not teach the provenance enabling system is a blockchain, including a private blockchain replicated and/or distributed among trusted partners.
Costa teaches a system which uses blockchain to confirm the validity of an identifier.  See abstract.
Costa teaches the provenance enabling system is a blockchain, including a private blockchain replicated and/or distributed among trusted partners in par 087: "One or more transactions may be generated to store an identifier representing the received identity data on a blockchain. In embodiments in which the identity element repository includes a distributed smart contract system, the transaction may invoke an identity data creation function 104 of the identity services contract. Functions of the identity services contract published into the blockchain and designed for execution may be executed by transactions invoking such functions. To invoke the identity data creation function, a transaction including a call to invoke the function may be generated. The call to the identity data creation function may include as an input to the function an identifier representing the identity data."
It would have been obvious to one ordinarily skilled in the art before the effective filing date of the claimed invention to modify the digital verified identity teaching of Rodriguez as modified by Jensen with the blockchain teaching of Costa because Costa teaches in par 0119 that the blockchain may serve to validate the verified entity upon calling to the blockchain.  One would be motivated to modify Rodriguez with Costa because the blockchain is cryptographically secure which provides more security for verifying the transaction.  For these reasons, one would be motivated to modify Rodriguez and Jensen with Costa.
Therefore, claims 28-45 are rejected under 35 USC 103.  
Response to Remarks
35 USC 112
Applicant has overcome rejection through amendment.
35 USC 103
Applicant's amendments required further search and consideration.  After search, new art was found and applied. Therefore the 103 rejection is maintained.
35 USC 101
Applicant's arguments on page 28, that the verification of the user is particular to the Internet, have been considered.  However, they are not persuasive because though they may accurately describe how entities choose to verify people in present times, they are business decisions about how to verify someone and are not "necessarily rooted in technology," another aspect of the holding of DDR.  Applicant describes how privacy laws require that information be deleted but this is only a legal feature and is not necessarily rooted in how data is stored.  In other words, nothing required the technology to change to follow the law, because, though "burdensome," the data could simply be deleted.  Therefore, Applicant's claims solve a legal issue and not an issue that is necessarily i.e., without an alternative, rooted in technology. 
The claims have been reconsidered but the 101 rejection remains because there is an abstract idea recited, in verifying an identity, and the additional elements do not integrate the abstract idea into a practical application, nor are they significantly more than the abstract idea.  For these reasons, the 101 is maintained. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD W. CRANDALL whose telephone number is (313)446-6562. The examiner can normally be reached M - F, 8:00 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah Monfeldt can be reached on (571) 270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/RICHARD W. CRANDALL/Examiner, Art Unit 3689