DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Instant publication US 20200302432 A1 will be referred to as Specification hereinafter.
Claims 1, 6, 8, 13, 15, and 20 have been amended. Claims 1-20 are pending.

Response to the Argument
Double Patenting
The double patenting rejections are withdrawn in light of the terminal disclaimer received on 8/25/2022.
112(a) and 112(b)
The 112 rejections are withdrawn in light of the Amendment. The claims, however, remain rejected in light of the claim amendments illuminating the use of the specific public key/private key used in encryption/decryption.

Continuation
This application is a continuation application of U.S. application no. 16/359,980 filed on March 20, 2019, now U.S. Patent 10,535,062 ("Parent Application"). See MPEP §201.07. In accordance with MPEP §609.02 A. 2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the Parent Application. Also in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the Parent Application are now considered cited or ‘of record’ in this application. Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the Parent Application need not be resubmitted in this application unless Applicant(s) desire the information to be printed on a patent issuing from this application. See MPEP §609.02 A. 2.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-13 and 15-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Per claim 1, the claim recites, in part, “receiving, by a verification service executing on a server from a mobile device, a digital signature, an encrypted request to provide a user data element to a merchant wallet address, and a user wallet address, wherein an applet of a contactless card generates the digital signature based on a private key of the contactless card, wherein the applet generates the encrypted request based on a first request received from a merchant device as part of a transaction; verifying, by the verification service, the digital signature based on a public key associated with the private key of the contactless card; … receiving, by the verification service, the user data element; encrypting, by the verification service, the received user data element using the public key to produce an encrypted user data element; and generating, by a node of a blockchain responsive to a second request received from the verification service, a block in the blockchain corresponding to the first request, the block comprising an indication of the verification of the digital signature, the encrypted user data element, the public key, the merchant wallet address, and the user wallet address, wherein the merchant device decrypts the encrypted user data element to authorize the transaction based on the decrypted user data element”.
Based on the recitation(s) of the public/private key usage in the claim, one of ordinary skill would recognize that the public key that is used to verify the digital signature and encrypt the user data element is a corresponding private key of the contactless card. In other word, the public key used to verify the digital signature and used to encrypt the received user data element is the public key of the contactless card. 
The claim also further recites the intention of the generation of the block that includes the encrypted user data element, specifically that the encrypted user data element (i.e., data element that has been encrypted with the public key of the contactless card) is for the merchant device to decrypt the encrypted user data element to authorize the transaction based on the decrypted data element.
The examiner finds that the instant Specification recites “user data element” in paragraphs in paragraphs [0004] and [0024] which read:
[0004] Embodiments disclosed herein provide systems, methods, articles of manufacture, and computer-readable media for using a contactless card to securely share personal data stored in a blockchain. In one example, a communications interface of a contactless card may receive, from a card reader of a merchant device, a request to provide a user data element to a wallet address associated with the merchant. An applet executing in a memory of the contactless card may encrypt, based on a private key stored in a memory of the contactless card, an indication of the user data element and the wallet address. The applet may generate, based on the private key, a digital signature for the request, and transmit, to a card reader of a mobile device by the communications interface of the contactless card, the digital signature and the encrypted indication of the user data element and the wallet address. The mobile device may transmit, to a verification service, the digital signature and the encrypted indication of the user data element and the wallet address. The verification service may verify the digital signature based on a public key associated with the private key of the contactless card. A node in a blockchain may generate a block in the blockchain corresponding to the request responsive to the verifying by the verification service, the block comprising indications of the verification of the digital signature, the requested data element, and the wallet address associated with the merchant. An encrypted data element corresponding to the user data element may be decrypted using a public key. The device of the merchant may receive the decrypted data element from the wallet address associated with the merchant to fulfill the request.

[0024] In response to receiving an exposure and/or verification request from the merchant device 130, the selection applet 103 may determine that the type of the request is associated with a request to provide user data 141. Therefore, the selection applet 103 may select the user data applet 103 and provide the received data to the user data applet 103. The user data applet 103 may then select the private key 104 to generate encrypted data used to verify the release of the requested user data elements. For example, a cryptographic function of the user data applet 103 may encrypt the merchant wallet address 131-1, request token, and indications of the requested data elements using the private key 104. In some embodiments, additional data elements may be encrypted using the private key 104, such as an account identifier of the contactless card 101, an identifier of the user, etc. Furthermore, the user data applet 103 may generate a digital signature 107 using the private key 104 and a cryptographic function. The digital signature 107 is used to confirm that the user has authorized the release of the requested user data 141 from the blockchain 140.

Here, there is no support that the verification service receives (i.e., first receiving) a digital signature, an encrypted request, and wallet address and then receives (i.e., second receiving) the user data element. Furthermore, there is no support that the user data element is encrypted by the verification service using the public key (i.e., public key that corresponds to the private key of the contactless card).
Even if “user data” or “user data result(s)” in Specification is read as equivalent “user data element”, the corresponding specification that suggests that the user data to be encrypted is found in abstract and paragraphs [0004], [0027], [0043], [0044], [0048], [0051], [0055], and [0057] which read:
Abstract
Systems, methods, and articles of manufacture to securely share data stored in a blockchain. A contactless card may receive a request to provide a data element from a device. An applet of the contactless card may encrypt the data element and a wallet address. The applet may generate a signature for the request, and transmit, to a mobile device, the signature and the encrypted data. The mobile device may transmit, to a verification service, the signature and encrypted data. The verification service may verify the signature based on a public key. A node in a blockchain may generate a block in the blockchain, the block comprising indications of the verification of the signature, the requested data element, and the wallet address. An encrypted data element corresponding to the data element may be decrypted using a public key. The device may receive the decrypted data element from the wallet address.

[0004] Embodiments disclosed herein provide systems, methods, articles of manufacture, and computer-readable media for using a contactless card to securely share personal data stored in a blockchain. In one example, a communications interface of a contactless card may receive, from a card reader of a merchant device, a request to provide a user data element to a wallet address associated with the merchant. An applet executing in a memory of the contactless card may encrypt, based on a private key stored in a memory of the contactless card, an indication of the user data element and the wallet address. The applet may generate, based on the private key, a digital signature for the request, and transmit, to a card reader of a mobile device by the communications interface of the contactless card, the digital signature and the encrypted indication of the user data element and the wallet address. The mobile device may transmit, to a verification service, the digital signature and the encrypted indication of the user data element and the wallet address. The verification service may verify the digital signature based on a public key associated with the private key of the contactless card. A node in a blockchain may generate a block in the blockchain corresponding to the request responsive to the verifying by the verification service, the block comprising indications of the verification of the digital signature, the requested data element, and the wallet address associated with the merchant. An encrypted data element corresponding to the user data element may be decrypted using a public key. The device of the merchant may receive the decrypted data element from the wallet address associated with the merchant to fulfill the request.

[0027] Once the digital signature 107 is verified and/or the encrypted data generated by the contactless card 101 is decrypted, the verification service 121 may cause a compute node to generate a block in the blockchain 140 reflecting the requested exposure of user data 141. For example, the block in the blockchain 140 may include an encrypted indication of the wallet address 131-2 of the user (or other user and/or account identifier), the merchant wallet address 131-1, the request token, the public key 106, and the relevant user data 141 (e.g., the age of the user in the previous example). Once posted to the blockchain 140, the merchant device 130 may decrypt the data in the blockchain 140 (e.g., using a key 132 and//or the public key 106) to read the user data 141. Therefore, continuing the with the previous example, the merchant device 130 may decrypt the data in the blockchain 140 to read the request token and the age of the user. In some embodiments, the merchant device 130 may validate the digital signature 107 using the public key 106. The merchant device 130 may then determine the age of the user. If the determined age is above the age restriction for the product, the merchant device 130 may permit the user to purchase the product. Otherwise, the merchant device 130 may restrict the user from purchasing the product.

[0043] Message 307b may comprise user data 141, consistent with disclosed embodiments. In various embodiments, the user data 141 may be stored as part of the index information 403, and/or stored separate from the index information 403. In some embodiments, user data 141 may be obfuscated or encrypted according to methods known to one of skill in the art. For example, user data 141 may be encrypted with a cryptographic key (e.g., the private key 104 and/or transaction key 105 of the contactless card 101, the merchant keys 132 of the merchant devices 130, and/or the verification keys 122 of the verification system 120). Message 307b may further include the merchant wallet address 131-1, the user wallet address 131-2, and/or the public key 106. In various embodiments, the wallet address 131-1, the user wallet address 131-2, and/or the public key 106 may be stored as part of the index information 403, and/or stored separate from the index information 403.

[0044] Message 307b may comprise user data results 404, consistent with disclosed embodiments. Generally, the user data results 404 may include the results of comparisons of user data 141 to one or more criteria by the verification service 121 and/or the blockchain 140. For example, if a merchant device 130 requests verification that a user is at least 21 years old, the user data results 404 reflect whether the user is at least 21 years old. In some embodiments, a message 307b including user data 404 may not include the actual user data 141 (e.g., the user's age). In some embodiments, user data results 404 may be obfuscated or encrypted according to methods known to one of skill in the art. For example, user data results 404 may be encrypted with a cryptographic key (e.g., the private key 104 and/or transaction key 105 of the contactless card 101, the merchant keys 132 of the merchant devices 130, and/or the verification keys 122 of the verification system 120). In various embodiments, the user data results 404 may be stored as part of the index information 403, and/or stored separate from the index information 403.

[0048] As shown, the logic flow 500 begins at block 505, where the user data 141 is stored in the blockchain 140 and/or a cloud-based database. In some embodiments, the cloud-based database storing the user data 141 is a component of the blockchain 140. Generally, the user data 141 may be encrypted and stored in any suitable data storage entity (e.g., a database, files, one or more blocks of the blockchain 140, etc.). One or more elements of user data 141 may be signed by the verification service 121 (e.g., using a private key of the entity associated with the verification service 121 to generate a digital signature). At block 510, a user may access the account application 113 on a mobile device 110 and provide valid authentication credentials (e.g., username/pas sword, fingerprint, etc.). At block 515, the merchant device 130 outputs an indication specifying to tap the contactless card 101 to the merchant device 130 as part of a request to receive one or more elements of user data 141. For example, the merchant device 130 may be associated with a mass transit system and the user's full name, address, date of birth, and identification number may need to be verified to allow the user to travel on the mass transit system. As another example, the request may specify to validate user data 141 according to one or more criteria.

[0051] At block 550, a block in the blockchain 140 is generated to reflect the release of the requested user data 141 to the merchant's address 131-1 from the user's wallet address 131-2. As stated, while third parties can view the transaction details, the actual user data 141 remains encrypted in the block of the blockchain 140. As stated, in verification embodiments, the verification service 121 and/or the blockchain 140 may store a result of the comparison of the user data 141 to the criteria (e.g., is the user at least as old as the specified age) as the user data results 404. At block 555, the merchant device 130 reads the block in the blockchain 140 generated at block 550. The merchant device 130 may then decrypt the encrypted data using a merchant key 132 of the merchant. Once decrypted, the data may be analyzed by the merchant device 130 and/or a user. For example, the merchant device 130 may determine that the decrypted user data 141 (e.g., full name, address, date of birth, identification number) matches the corresponding data on the user's mass transit ticket. The user may then be permitted to board the mass transit vehicle. As another example, the block may specify the result of any required comparison. In such an example, the merchant device 130 determines the result of the comparison of the user data to the criteria from the user data results 404 of the blockchain 140.

[0055] At block 660, the verification service 121 provides the request data to the blockchain 140 for generation of a block. The blockchain 140 may generate the block which includes the requested (but encrypted) user data 141. As stated, in some embodiments, the verification service 121 provides the requested user data 141. In other embodiments, the blockchain 140 retrieves the user data 141 based on the information received from the verification service 121 (e.g., by accessing data at the specified URL, selecting a record of data associated with the user from a database, etc.). In some embodiments, the verification service 121 does not provide the user data 141 to the merchant device 130. Instead, the verification service 121 may verify the user data 141 and transmit a result of the verification to the merchant device 130.

[0057] As shown, the logic flow 700 begins at block 710, where user data describing the user is received. The user data may be received from any source, such as the account application 113, a web service, paper forms, and the like. At block 720, the received user data is validated. For example, the verification service 121 may perform image processing on an image of the user to determine whether a face depicted in the image matches other known images of the user. As another example, employees of the entity providing the verification service 121 may verify the user data. At block 730, the verification service 121 generates a digital signature for the validated user data, e.g., using a private key associated with the verification service 121. At block 740, the validated data and the digital signature are stored as user data 141. For example, a database of user data 141 may be updated to reflect the addition of the validated and signed user data. As another example, one or more blocks including the digital signature and encrypted versions of the user data may be added to the blockchain 140. Doing so allows the stored user data 141 to be securely and selectively exposed using the contactless cards 101 as described herein.

While these sections suggest that the user data or user data results may be encrypted in the block of the blockchain using encryption known in the art, there is no particular disclosure that supports that the user data element is encrypted by the verification service using the public key that corresponds to the private key of the contactless card. 
One of ordinary skill would appreciate that data that is encrypted using a user's public-key can only be decrypted using the user's private-key, and conversely, if a message is encrypted with a user's private-key, it can only be decrypted using that user's public-key.” See https://www.cloudflare.com/learning/ssl/how-does-public-key-encryption-work/ on What is public key encryption. 
The purpose of the verification of generation of the blocks on the blockchain with the recited data is for the merchant to retrieve the particular block that has been recorded on the blockchain and to decrypt the encrypted user data element to authorize the transaction based on the decrypted user data element. One of ordinary skill in the art would appreciate that the private key(s) are private for a reason, specifically that a data that has been signed using the private key can be verified/validated that the sender is who they claim to be as in the instant claimed invention. In the case of instant claim, the merchant device has to have possession of the private key of the contactless card in order to decrypt the user data element that has been encrypted with the public key corresponding to the private key of the contactless card. In other word, the verification of the digital signature does not guarantee that the signature, indeed, originated from the contactless card if the private key of the contactless card is shared among the participants.
As such, one of ordinary skill in the art would recognized that the claimed subject matter was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
The other independent claims, e.g. claims 8 and 15, are rejected as they also include the same deficiency.
The dependent claims are rejected as they depend on the claims above.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13 and 15-21 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Per claim 6, the claim(s) recite “wherein the received user wallet address is encrypted, further comprising: decrypting, by the verification service based on the public key, the user wallet address to validate an identity of the user.” Here, one of ordinary skill may interpret that the received user wallet address is encrypted after the receiving of the user wallet address. On the other hand, one of ordinary skill may interpret that the user wallet address is encrypted prior to the reception and that the encrypted user wallet address is received. As such, one of ordinary skill in the art would not be able to ascertain the metes and boundaries of the claimed invention.
Claims 13 and 20 include similar deficiencies, hence are rejected.
Note: In the case that the applicant is attempting to describe that an encrypted user wallet address is received, the applicant is advised that this would lead to indefiniteness in the independent claims. Specifically, that independent claims particularly recite data, i.e., a digital signature, an encrypted request, a user wallet address, user data element, etc. Given the claim construction of describing “encrypted”, one of ordinary skill would appreciate that only the request is encrypted. Claims 6, 8, and 15, however, clearly recite otherwise.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Publication No. 20170353311 discloses a system and methods for providing identity scores. The identity user system provides identity data to an identity score system. Upon receiving the identity data, the identity score system validates the received identity data, generates and transmits a transaction addressed to the identity contract to the blockchain system. The identity contract then executes the user profile function to store the representation of the validated identity data in the user profile on the blockchain;
US Patent Publication No. 20180083771 discloses a use of blockchain to record and store user digital certificates, public keys, attributes, or other identifiers or qualifiers. The publication further discloses generation of a digital token used to create a record for the user for inclusion in a blockchain to ensure proper registration. A user signs requested data and sends the signature for the requested data to the verifier. The verifier signs the data to create the digital token that is recorded in blockchain;
US Patent Publication No. 20180308098 discloses a method that captures user identifying data from an identification card. A hash value is generated on the data and signed to create a digital signature. This hash value along with the corresponding public key is transmitted to a distributed public database. The method receives a transaction number from the distributed public database and transmits the transaction number and the personal data to a remote device of a third party for certification and/or verification;
Sora Identity: Secure, Digital Identity on the Blockchain discloses use of blockchain technology as a way to augment contemporary solutions for identity management. The disclosure further discloses a self-sovereign digital identity in which unique identifiers that use cryptography to generate proofs of data that can be resolved using the identifiers. This provide standardized format for sharing of verifiable claims about user’s identity. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287. The examiner can normally be reached Monday -Friday: 7:00 - 3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/STEVEN S KIM/Primary Examiner, Art Unit 3685