Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 25, 2020 has been entered.

Status of the Claims
Claims 1-11, 13-26, and 28-32 are all the claims pending in the application. 
Claims 1, 2, 4, 6, 7, 10, 14-17, 19, 29, and 30 are amended.
Claims 12 and 27 are cancelled.
Claims 31 and 32 are new.
Claims 1-11, 13-26, and 28-32 are rejected.
The following is a Non-Final Office Action in response to amendments and remarks filed September 25, 2020.

Response to Arguments
Regarding the 112(b) rejections, the rejections are withdrawn in light of the amendments to the claims.

Regarding the 101 rejections, Applicant first asserts the rejections should be withdrawn because the claims as amended explicitly require computer infrastructure to perform the steps, and because the claimed steps cannot be carried out without any involvement of physical or tangible devices, citing CyberSouce and Versata Dev.  Examiner respectfully does not find this assertion persuasive because claims that require a computer perform the steps can still recite and abstract idea, see MPEP 2106.04(a)(2).C (discussing Voter Verified, Symantc Corp., and Mortgage Grader).  That is, Applicant asserts the rejections should be withdrawn because the claims are distinguishable from CyberSouce and Versata Dev., but Applicant does not explain how the claims are distinct from other cases found ineligible that required the steps be performed by a computer (e.g. Voter Verified).  Further, Examiner notes Applicant does not explain why the claims are eligible based on the eligibility analysis, see MPEP 2106.04-.05.  Accordingly, the rejections are maintained, please see below for a complete rejection of the claims as amended.

Regarding the 102 and 103 rejections, Applicant makes several assertions.  First, Applicant asserts the rejections should be withdrawn because Saylor only teaches determining whether the holder is entitled to the credential and does not teach a "condition" for determining which data of the credential data is to be sent to a relying party.  Examiner respectfully does not find this assertion persuasive because Saylor teaches the system will reject invalid credentials (and users will be blocked from adding the invalid credentials to their account), Col. 11, ll. 13-16 and Col. 11, ll. 37-44, and valid credentials will be added to users' accounts, Col. 11, ll. 10-13 and Col. 11, ll. 32-37.  Saylor further teaches that users then send out their credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11; see also Col. 10, ll. 40-57 discussing users' credentials being in their accounts.  Thus 1.
Second, Applicant asserts nothing in Saylor Col. 11, ll. 20-44 relaters to a condition from the issuing authority.  Examiner respectfully does not find this assertion persuasive because Col. 11, ll. 20-44 of Saylor discusses the system (i.e. the issuing authority) allowing and rejecting credentials and, as discussed above, allowing and blocking credentials relates to a condition.
Third, Applicant asserts Saylor does not teach a condition for an issued virtualized credential because an unavailable credential would never have been "issued".  Examiner respectfully does not find this assertion persuasive for three reasons:
1) Saylor contemplates situations where the verification is accepted, and allows the user to access and use the verified credential, Col. 11, ll. 10-13 and Col. 11, ll. 32-37.  Thus Saylor teaches a condition from an authority that issued virtualized credentials as claimed because the system issued the credential after the condition was met (i.e. after the credential was verified).  
2) Saylor also contemplates credentials which have neither been accepted or rejected (credentials which are unverified), Col. 11, ll. 45-67.  Thus Saylor does contemplate issuing credentials which have not been validated (unverified credentials).
3) Saylor teaches users maintain multiple credentials in their accounts, Col. 10, ll. 50-55.  The claims recite the virtualized credential comprises credential data.  Thus the system of Saylor accepting some credentials and rejecting others would teach issuing the virtualized credential, as claimed, because it would have issued credential data.
Fourth, Applicant asserts Saylor teaches providing credentials despite the credentials being identified as invalid and thus does not teach the credential granting authority controlling the data being 
Fifth, Applicant asserts Saylor does not teach using the verification as a factor in determining which credential data is to be sent to other users.  Again, Examiner respectfully does not find this assertion persuasive because Saylor teaches the system will reject invalid credentials (and users will be blocked from adding the invalid credentials to their account), Col. 11, ll. 13-16 and Col. 11, ll. 37-44, and valid credentials will be added to users' accounts, Col. 11, ll. 10-13 and Col. 11, ll. 32-37.  Saylor further teaches that users then send out their credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11.  Thus Saylor teaches a "condition" for determining which data of the credential data is to be sent to a relying party because valid credentials are sent to other users but invalid credentials are not.
Sixth, Applicant asserts Saylor does not teach receiving a condition because Saylor only teaches making the credential available.  Examiner respectfully does not find this assertion persuasive because making the credential available is a condition.
Seventh, Applicant asserts that the verification state of Saylor is not used for determining which data of the credential data is to be made available to other users.  Again, Examiner respectfully does not find this assertion persuasive because Saylor teaches invalid credentials will be rejected and the user will be blocked from adding the credentials to their account, Col. 11, ll. 13-16 and Col. 11, ll. 37-44.  Saylor further teaches users then send out their credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11.  Thus, by allowing or blocking credentials through the verification process, the issuing authority is determining which credentials may be sent to relying parties.
Eighth, Applicant asserts Saylor only teaches providing the verification state with the credential and does not teach using the verification state to determine which data of the credential data is to be made available to other users.  Again, Examiner respectfully does not find this assertion persuasive because Saylor contemplates both blocking invalid credentials, Col. 11, ll. 13-16 and Col. 11, ll. 37-44, and, as an alternative, allowing invalid credentials to be shared with a warning, Col.  11, ll. 49-53.  Thus, Saylor teaches at least one embodiment that blocks invalid credentials, Col. 11, ll. 13-16 and Col. 11, ll. 37-44. 
Ninth, Applicant asserts Col. 11, ll. 45-67 of Saylor does not teach rejecting invalid credentials.  Examiner respectfully does not find this assertion persuasive because the previous Office Action did not rely on Col. 11, ll. 45-67 to teach rejecting invalid credentials.  The previous Office Action relied on Col. 11, ll. 20-44 to teach rejecting invalid credentials and Col. 13, ll. 1-25, Col. 16, ll. 15-24 and Figs. 6, 7 and 11 to teach the users sending out their credentials.
Accordingly, the rejections are maintained, please see below for the complete rejections of the claims as amended.
In response to arguments in reference to any depending claims that have not been individually addressed, all rejections made towards these dependent claims are maintained due to a lack of reply by Applicant in regards to distinctly and specifically pointing out the supposed errors in Examiner's prior office action (37 CFR 1.111).  Examiner asserts that Applicant only argues that the dependent claims should be allowable because the independent claims are unobvious and patentable over the prior art.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-11, 13-26, and 28-32 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.  
Under the 2019 Patent Eligibility Guidance (PEG) Step 1 analysis, it must first be determined whether the claims are directed to one of the four statutory categories of invention (i.e., process, machine, manufacture, or composition of matter).  Applying Step 1 of the analysis for patentable subject matter to the claims it is determined that: claims 1-11, 13-15, 31, and 32 are directed to a process and claims 16-26 and 28-30 are directed to a machine.  Therefore, we proceed to Step 2. 
Independent Claims
Under the 2019 PEG Step 2A, Prong 1 analysis, it must be determined whether the claims recite an abstract idea that falls within one or more designated categories or “buckets” of patent ineligible subject matter (i.e., organizing human activity, mathematical concepts, and mental processes) that amount to a judicial exception to patentability.  
Claims 1, 16 and 31 recite an abstract idea because the claims recite the limitations:
 "receiving, at the computer infrastructure and storing in the computer-readable storage medium, a condition from an issuing authority that issued the virtualized credential for determining which data of the credential data is to be sent to the device of the relying party, wherein the condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party" in claim 1.
"facilitate setting, and storing in the computer-readable medium, of a condition from an issuing authority that issued the virtualized credential for determining which data of the credential data is to be sent to the device of the relying party, wherein the condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party" in claim 16.

These limitation encompass managing personal behavior or relationships or interactions between people because the claims encompass following rules or instructions, see MPEP 2104(a)(2).II.C.  For example, but for the "computer infrastructure" and "virtualized credential" limitations language in claim 1, "receiving a condition…for determining", in the context of this claim encompasses a receiving instructions about when credentials must be supplied (e.g. requiring a driver's license be shown as proof of age when purchasing tobacco products).  If a claim limitation, under its broadest reasonable interpretation, covers following rules or instructions, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas.  Accordingly, claims 1, 16, and 31 recite an abstract idea.

Under the 2019 PEG Step 2A, Prong 2 analysis, it must be determined whether the identified, recited abstract idea includes additional limitations that integrate the abstract idea into a practical application.
Claim 1 recites the additional elements "using a computer infrastructure comprising a computer processor and a computer-readable storage medium, the computer infrastructure facilitating communication between a device of the holder and a device of a relying party"; "receiving a request, at the computer infrastructure, from the device of the relying party for the virtualized credential corresponding to the holder"; "providing, by the computer infrastructure, the device of the relying party with at least some of the credential data according to the condition"; and "displaying at least a subset of the credential data received by the device of the relying party from the computer infrastructure on a 
The additional elements of "providing, by the computer infrastructure, the device of the relying party with at least some of the credential data according to the condition"; and "displaying at least a subset of the credential data received by the device of the relying party from the computer infrastructure on a screen of the device of the relying party", when considered individually, do not integrate the abstract idea into a practical application because the additional elements are only requiring the use of software to tailor information and provide it to the user on a generic computer, see MPEP 2106.05(f) (discussing Intellectual Ventures I LLC v. Capital One Bank (USA)).  Further, the additional elements, when considered in combination, do not integrate the abstract idea into a practical application because the combination amounts to no more than mere instructions to apply the exception using generic computer components.  Claim 1 is directed to an abstract idea.
Claims 16 and 31 recites similar limitations as claim 1 and as such are directed to an abstract idea for similar reasons as claim 1.

Under the 2019 PEG Step 2B analysis, the additional elements are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea (i.e., an innovative concept).
Claims 1, 16, and 31 do not include additional elements that are sufficient to amount to significantly more than the judicial exception.  As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using generic computer components.  Mere instructions to apply an exception using generic computer components cannot provide an inventive concept.  The independent claims are not patent eligible.
Dependent Claims
Claims 2, 3, 17, and 18 are directed to the same abstract idea as the independent claims because claims 2, 3, 17, and 18 further specify what types of information will be used as the basis of rules or instructions to be followed.
Claims 4 and 19 do not integrate the abstract idea into a practical application because the additional elements of a digital signature and a mutual authentication algorithm are only a general link to a technological environment or a field-of use (i.e., broadly invoking a computing environment), see MPEP 2106.05(h).
Claims 5 and 20 do not integrate the abstract idea into a practical application because the additional elements of receiving pseudo data are recited at a high-level of generality (i.e. as a generic computer function of receiving data) such that it amounts to no more than mere instructions to apply the exception using generic computer components.
Claims 6 and 21 are directed to the same abstract idea as the independent claims because a presenting data to a verification service would also be following rules or instructions.
Claims 7 and 22 are directed to the same abstract idea as the independent claims because generating and sending a cryptogram would also be following rules or instructions.
Claims 8 and 23 do not integrate the abstract idea into a practical application because the additional element of a cryptographic key stored on a device is recited at a high-level of generality (i.e., as generic encryption data stored on a generic memory) such that it amounts to no more than mere instructions to apply the exception using generic computer components.
Claims 9 and 24 are directed to the same abstract idea as the independent claims because generating and sending a cryptogram based on time would also be following rules or instructions.
Claims 10 and 25 do not integrate the abstract idea into a practical application because the additional element or a URL is only a generic link to a field of use or technological environment (i.e. broadly invoking the internet), see MPEP 2106.05(h).
Claims 11 and 26 do not integrate the abstract idea into a practical application because the additional element of the URL being digital signed is only a general link to a technological environment or field-of-use (i.e., broadly invoking the internet), see MPEP 2106.05(h).
Claims 13 and 28 do not integrate the abstract idea into a practical application because the additional element of the device communicating with an intermediate service is only a general link to a technological environment or field-of-use (i.e., broadly invoking the internet), see MPEP 2106.05(h).
Claims 14, 15, 29, 30, and 32 are directed to the same abstract idea as the independent claims because setting a second condition and preventing the condition from being overwritten are following rules or instructions.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-6, 14-21, and 29-32 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Saylor et al, US Pat. No. 9,160,727, herein referred to as “Saylor”.
Regarding claim 1, Saylor teaches:
A method of providing a virtualized credential of a holder using a computer infrastructure comprising a computer processor and a computer-readable storage medium (processor and memory, Col. 4, ll. 54-58.  Additionally, please note, Examiner finds the claim element "providing a virtualized credential of a holder" does not further limit the scope of the claim because it is only reciting the intended use of the claim, see MPEP 2111.02.II.), 
the computer infrastructure facilitating communication between a device of the holder and a device of a relying party (communication system, Fig. 2 and Col. 8, ll. 38-57), 
the relying party being different from the holder (first user's credentials are provided to a second user, e.g. Fig. 3 and Col. 1, ll. 36-44), 
and the virtualized credential comprising credential data, the method comprising (data is indicative of credentials, e.g. Abstract): 
receiving, at the computer infrastructure and storing in the computer-readable storage medium, a condition from an issuing authority that issued the virtualized credential (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user 
for determining which data of the credential data is to be sent to the device of the relying party (users then send out their available credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11; see also Col. 10, ll. 40-57 discussing users' credentials being in their accounts)
wherein the condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party (availability of the credential is based on the user being able to adequately verify themselves, Col. 11, ll. 5-44); 
receiving a request, at the computer infrastructure, from the device of the relying party for the virtualized credential corresponding to the holder (user selects desired credentials they wish to view, Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 11-18); 
providing, by the computer infrastructure, the device of the relying party with at least some of the credential data according to the condition (identifies users with selected credentials, Col. 7, ll. 9-32; Col. 23, ll. 11-28); 
and displaying at least a subset of the credential data received by the device of the relying party from the computer infrastructure on a screen of the device of the relying party (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15).  
Regarding claim 2, Saylor teaches all the limitations of claim 1 and further teaches:
wherein the contextual data is at least one of: a privacy level setting, distance between the device of the relying party and the device of the holder, and geolocation of the device of the holder or the device of the relying party (credentials transmission can be based on contextual data like location of the parties, e.g. Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 50-56; see also Col. 12, ll. 11-30 and Fig. 12 discussing conditions involving the location of the providing user).
Regarding claim 3, Saylor teaches all the limitations of claim 1 and further teaches:
wherein the role of the relying party is provided by the device of the relying party, and the role of the relying party is provided in a verifiable format (provides information about role like alumni status, which has been verified by the university, Col. 8, ll. 18-27).
Regarding claim 4, Saylor teaches all the limitations of claim 3 and further teaches:
wherein the role of the relying party in a verifiable format is one of: securely derived via a process of mutual authentication between the device of the relying party and the device of the holder or digitally signed (utilizes various mutual authentication methods like verifying both parties are at a location, Col. 14, ll. 28-54 and Col. 22, ll. 50-56).  
Regarding claim 5, Saylor teaches all the limitations of claim 1 and further teaches:
wherein the device of the relying party receives pseudo data in places of at least some of the credential data (sends credential data about the user (i.e., that the user is a certified lifeguard) instead of sending personal information about the user, e.g. Col. 18, ll. 29-48).
Regarding claim 14, Saylor teaches all the limitations of claim 1 and further teaches:
further comprising receiving a second condition from the holder for determining which data of the credential data is to be sent to the device of the relying party, wherein the second condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party (users define what credentials they wish to make available, e.g. Col. 7, l. 62 – Col. 8, l. 17, Col. 16, ll. 15-29 and Fig. 11).  
Regarding claim 15, Saylor teaches all the limitations of claim 1 and further teaches:
wherein the condition from the issuing authority cannot be overridden by the holder for at least some of the credentials (if the user’s credentials are invalid, system does not allow user to add the credentials to their account, Col. 11, ll. 13-16 and Col. 11, ll. 37-44).

Regarding claim 16, Saylor teaches:
A non-transitory computer-readable medium containing software (machine readable storage device and software, Col. 24, l. 55 – Col. 25, l. 10):
that provides a virtualized credential of a holder, the virtualized credential comprising credential data (provides information about a credential held by a user, e.g. Abstract), 
the software comprising executable code, that when executed by one or more processors, causes the software to facilitate communication between a device of the holder and a device of a relying party (communication system, Fig. 2 and Col. 8, ll. 38-57), 
the relying party being different from the holder, and to (first user's credentials are provided to a second user, e.g. Fig. 3 and Col. 1, ll. 36-44): 
facilitate setting, and storing in the computer-readable medium, of a condition from an issuing authority that issued the virtualized credential (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid) and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials),
for determining which data of the credential data is to be sent to the device of the relying party (users then send out their available credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11; see also Col. 10, ll. 40-57 discussing users' credentials being in their accounts)
wherein the condition depends on at least one of a role of the relying party, selection by the holder, and contextual data of the holder or relying party (availability of the credential is based on the user being able to adequately verify themselves, Col. 11, ll. 5-44);
provide, in response to receiving a request from the device of the relying party for the virtualized credential corresponding to the holder, at least some of the credential data to the device of the 
and display at least a subset of the credential data received by the device of the relying party on a screen of the device of the relying party (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15).  
Regarding claim 17, Saylor teaches all the limitations of claim 16 and further teaches:
wherein the contextual data is at least one of: a privacy level setting, distance between the device of the relying party and the device of the holder, and geolocation of the device of the holder or the device of the relying party (credentials transmission can be based on contextual data like location of the parties, e.g. Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 50-56; see also Col. 12, ll. 11-30 and Fig. 12 discussing conditions involving the location of the providing user).
Regarding claim 18, Saylor teaches all the limitations of claim 16 and further teaches:
wherein the role of the relying party is provided by the device of the relying party, and the role of the relying party is provided in a verifiable format (provides information about role like alumni status, which has been verified by the university, Col. 8, ll. 18-27).
Regarding claim 19, Saylor teaches all the limitations of claim 18 and further teaches:
wherein the role of the relying party in a verifiable format is one of: securely derived via a process of mutual authentication between the device of the relying party and the device of the holder or digitally signed (utilizes various mutual authentication methods like verifying both parties are at a location, Col. 14, ll. 28-54 and Col. 22, ll. 50-56).  
Regarding claim 20, Saylor teaches all the limitations of claim 16 and further teaches:

Regarding claim 21, Saylor teaches all the limitations of claim 16 and further teaches:
executable code that causes the at least some of the credential data to be presented to a verification service (credential granting authority verifies credentials, Col. 10, l. 58 - Col. 11, ll. 44).  
Regarding claim 29, Saylor teaches all the limitations of claim 16 and further teaches:
the software further comprising executable code that facilitates setting a second condition from the holder for determining which data of the credential data is to be sent to the device of the relying party, wherein the second condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party(users define what credentials they wish to make available, e.g. Col. 7, l. 62 – Col. 8, l. 17, and the system only allows virtualized credentials to be added to the user’s account if the credentials are verified, Col. 10, l. 58 – Col. 11, l. 19 and selection of credentials can be based on contextual data like location, e.g. Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 50-56).  
Regarding claim 30, Saylor teaches all the limitations of claim 16 and further teaches:
wherein the condition set by the issuing authority cannot be overridden by the holder for at least some of the credentials (if the user’s credentials are invalid, system does not allow user to add the credentials to their account, Col. 10, l. 58 – Col. 11, l. 19).

Regarding claim 31, Saylor teaches:
providing a virtualized credential of a holder (provides information about a credential held by a user, e.g. Abstract)

the relying party being different from the holder (first user's credentials are provided to a second user, e.g. Fig. 3 and Col. 1, ll. 36-44), 
and the virtualized credential comprising credential data, the method comprising (data is indicative of credentials, e.g. Abstract): 
storing, at the device of the holder (mobile device based credential management application holds user's credentials, Col. 6, ll. 20-30; see also Col. 9, ll. 8-25 discussing storing data and applications on users' devices and Col. 10, ll. 1-10 discussing storing credential data on user devices), 
a condition from an issuing authority that issued the virtualized credential (credential granting authority determines if user is entitled to the credential and makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid) and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials) 
for determining which data of the credential data is to be sent to the device of the relying party (users then send out their available credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11; see also Col. 10, ll. 40-57 discussing users' credentials being in their accounts),
wherein the condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party (availability of the credential is based on the user being able to adequately verify themselves, Col. 11, ll. 5-44); 
receiving, at the device of the holder, a request from the device of the relying party for the virtualized credential corresponding to the holder; 

and displaying at least a subset of the credential data received by the relying party from the device of the holder on a screen of the device of the relying party (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15)..  
Regarding claim 6, Saylor teaches all the limitations of claim 31 and further teaches:
presenting the at least some of the credential data to a verification service (credential granting authority verifies credentials, Col. 10, l. 58 - Col. 11, ll. 44).
Regarding claim 32, Saylor teaches all the limitations of claim 31 and further teaches:
wherein the condition from the issuing authority cannot be overridden by the holder (if the user’s credentials are invalid, system does not allow user to add the credentials to their account, Col. 11, ll. 13-16 and Col. 11, ll. 37-44).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13 and 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saylor.
Regarding claim 13, Saylor teaches all the limitations of claim 6 and further teaches:
wherein the device communicates with an intermediary service that directs the device to a particular one of a number of possible verification services (connects users with credential management server 
However Saylor does not explicitly teach:
wherein the device of the relying party communicates with an intermediary service
Nevertheless, it would have been obvious to modify the teachings of Saylor to have the relying party to present the credentials to a verification service because the rearrangement of parts is obvious, see MPEP 2144.04.VI.C.  Saylor teaches the system contacting the credential granting authority to request the credentials be verified, Col 10, l. 58 – Co. 11, l. 19, and the user who provides their credentials contacting the credential granting authority to request the credentials be verified, Col. 11, ll. 20-44.  One of ordinary skill would have recognized that other users would also be interested in verifying the providing user’s credentials and would have modified Saylor to enable other users to verify the user’s credentials by presenting the credentials to the credential granting authority for verification as well.

Regarding claim 28, Saylor teaches all the limitations of claim 21 and further teaches:
executable code that enables the device to communicate with an intermediary service that directs the device to a particular one of a number of possible verification services (connects users with credential management server and multiple systems operated by credential granting authorities, Col. 8, ll. 38-57, Col. 10, ll. 11-30; see also Fig. 2, to verify the credentials, Col. 10, l. 58 - Col. 11, l. 19).
However Saylor does not explicitly teach:
enables the device of the relying party to communicate with an intermediary service
Nevertheless, it would have been obvious to modify the teachings of Saylor to have the relying party to present the credentials to a verification service because the rearrangement of parts is obvious, see MPEP 2144.04.VI.C.  Saylor teaches the system contacting the credential granting authority to .

Claim 7-9 and 22-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saylor in view of Gaddam et al, US Pub. No. 2015/0269566, herein referred to as “Gaddam”.
Regarding claim 7, Saylor teaches all the limitations of claim 6 and does not teach but Gaddam teaches:
wherein the credential data sent to the verification service includes a cryptogram (encrypts identifier, ¶¶[0033], [0035]; see also ¶[0030] discussing credentials and ¶¶[0057]-[0058] discussing sending tokens)
generated as a function of cryptographic information associated with the device of the holder (token is generated based on key stored on device, ¶¶[0035]-[0036]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 8, the combination of Saylor and Gaddam teaches all the limitations of claim 7 and Gaddam further teaches:
wherein the cryptographic information includes a cryptographic key stored on the device of the holder (uses key stored on device, ¶¶0035]-[0036]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 9, the combination of Saylor and Gaddam teaches all the limitations of claim 7 and Gaddam further teaches:
wherein the cryptogram includes a variable component corresponding to at least one of: time, a counter or a randomly generated nonce (uses time as a variable input when encrypting, ¶[0055]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.

Regarding claim 22, Saylor teaches all the limitations of claim 21 and does not teach but Gaddam teaches:
wherein the credential data sent to the verification service includes a cryptogram (encrypts identifier, ¶¶[0033], [0035]; see also ¶[0030] discussing credentials and ¶¶[0057]-[0058] discussing sending tokens) 
generated as a function of cryptographic information associated with the device of the holder  (token is generated based on key stored on device, ¶¶[0035]-[0036]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 23, the combination of Saylor and Gaddam teaches all the limitations of claim 22 and Gaddam further teaches:
wherein the cryptographic information includes a cryptographic key stored on the device of the holder (uses key stored on device, ¶¶0035]-[0036]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 24, the combination of Saylor and Gaddam teaches all the limitations of claim 22 and Gaddam further teaches:
wherein the cryptogram includes a variable component corresponding to at least one of: time, a counter or a randomly generated nonce (uses time as a variable input when encrypting, ¶[0055]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.

Claims 10, 11, 25, and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saylor in view of Vercher, Brady “Protect Your Products and Improve Your Systems with Signed URLs” BlazerSix Engage Blog, May 16, 2013, herein referred to as “Vercher”.
Regarding claim 10, Saylor teaches all the limitations of claim 6 and does not teach but Vercher teaches:
wherein the device of the holder provides a Uniform Resource Locator (URL) of the verification service to the device of the relying party (hands out a URL, pg. 1).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the signed URLs of Vercher because Vercher suggests using signed URL to protect downloadable information, pg. 1; see also MPEP 2143.I.G.
Regarding claim 11, Saylor teaches all the limitations of claim 10 and does not teach but Vercher teaches:
wherein the URL is digitally signed (signed URLs, pg. 2).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the signed URLs of Vercher because Vercher suggests using signed URL to protect downloadable information, pg. 1; see also MPEP 2143.I.G.

Regarding claim 25, Saylor teaches all the limitations of claim 21 and does not teach but Vercher teaches:
the software further comprising executable code that provides a Uniform Resource Locator (URL) of the verification service to the device of the relying party (hands out a URL, pg. 1).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the signed URLs of Vercher because Vercher suggests using signed URL to protect downloadable information, pg. 1; see also MPEP 2143.I.G.
Regarding claim 26, Saylor teaches all the limitations of claim 25 and does not teach but Vercher teaches:
wherein the URL is digitally signed (signed URLs, pg. 2).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the signed URLs of Vercher because Vercher suggests using signed URL to protect downloadable information, pg. 1; see also MPEP 2143.I.G.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRENDAN S O'SHEA whose telephone number is (571)270-1064.  The examiner can normally be reached on Monday to Friday 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on (571) 272-6782.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BOS/Examiner, Art Unit 3629                                                                                                                                                                                                        
/ANDREW B WHITAKER/Primary Examiner, Art Unit 3629                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1Examiner notes that if Applicant is asserting the claimed condition cannot relate to whether or not the holder is entitled to a credential then Examiner respectfully does not find this assertion persuasive because the claim does not require the condition not relate to whether or not the holder is entitled to a credential.