DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over Rush, U.S. Patent No. 9,866,393, in view of Kempf, U.S. Publication No. 2019/0058709. Referring to claims 1, 10-13, Rush discloses a trusted signature scheme wherein a user is requesting to login to the user’s bank account and is prompted to enter login credentials (Col. 23, lines 31-36: login request would read on the claimed access request, the ATM of Rush would read on the claimed computing device, the received credential request would read on the claimed authentication challenge), which meets the limitation of receiving an authentication challenge at a computing device from the secure resource in response to the access request, providing a prompt on a display of the computing device requesting consent. The user inputs login credentials (Col. 23, lines 34-36: entering of the login credentials would read on the claimed receiving consent) such that credentials are utilized to create a signature (Col. 22, line 61 – Col. 23, line 30), which can be a digital signature generated using a private key (Col. 6, line 45 – Col. 7, line 22: signing encryption key reads on the claimed private key) that is stored in the memory subsystem of the cryptographic module (Col. 27, line 67 – Col. 28, line 2 & Figure 11, 1130), which meets the limitation of digitally signing an authentication response message with a private key stored at the computing device/in the memory after receiving consent. The generated signature is transmitted to an identity registrar (Col. 22, lines 61-64) such that the identity registrar decrypts the received signature using the public key that corresponds to the private signing encryption key (Col. 9, lines 57-67), which meets the limitation of transmitting the signed authentication response message to an attestation [contract stored and executed on the distributed transaction-based state machine], the attestation [contract] having a public key associated with the private key. The identity registrar decrypts the received signatures using the public key (Col. 9, lines 65-67) and verifies the received signatures (Col. 10, lines 1-15 & Col. 22, lines 65-67), which meets the limitation of and the attestation [contract] verifying that the signed authentication message was signed with the private key to provide an attestation authentication response message. If the signature has been verified, the user’s requested access to resources, such as bank account information, can be granted/denied (Col. 23, lines 1-46: consenting credentials providing access to real bank account while duress credentials provide access to fake account), which meets the limitation of wherein the attested authentication response message is observed by the secure resource to determine whether to grant the access request. Rush discloses that the system includes a processor (Figure 11, 1102), display (Figure 11, 1114 & Col. 21, lines 18-25), and memory (Figure 11, 1130), which meets the limitation of a processor, a display, and a memory storing instructions, the instructions being executable by the processor.  
Rush does not disclose that the identity registrar utilizes an attestation contract stored and executing on a distributed transaction-based state machine. Kempf discloses a smart contract system wherein servers utilize Ethereum Virtual Machine technology to implement the smart contract scheme ([0039] & [0043]: suitable consensus protocol reads on the claimed execution results of the attestation contract are reached by consensus amongst the nodes), which meets the limitation of an attestation contract stored and executed on the distributed transaction-based state machine, wherein the distributed transaction-based state machine is a state machine operating on blockchain network, wherein the distributed transaction-based state machine has multiple nodes and execution results of the attestation contract are reached by consensus amongst the nodes, wherein the state machine is the Ethereum Virtual Machine operation on the Ethereum blockchain network. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the identity registrars of Rush to have implemented smart contract systems using Ethereum Virtual Machines in the manner described in Kempf in order to allow for the trust determination system of Rush to run on any platform in a manner that reduces transactional costs as suggested by Kempf ([0042]).
Referring to claim 2, Rush discloses that merchants can have their own signature verification devices (Col. 7, lines 9-11: merchants with their own signature verification devices will receive credentials and verify credentials at the same location), which meets the limitation of obtaining consent by obtaining authentication locally on the computing device.
Referring to claim 3, Rush discloses that the credentials can include biometrics (Col. 22, lines 32-37) or a four-digit personal identification number (Col. 20, lines 16-19), which meets the limitation of obtaining authentication locally on the computing device uses any one or biometric information or a personal identification number (PIN) entry.
Referring to claim 4, Rush discloses that the credential entry procedures are performed using an identity verification token (Figure 9) and that the identity verification token can communicate with a merchant checkout station through NFC to verify a purchase (Col. 3, lines 40-45: identity verification token would read on the claimed first computing device and the merchant checkout station would read on the claimed second computing device since the merchants can have their own signature verification devices Col. 7, lines 9-11), which meets the limitation of wherein the access request is generated by a first computing device and the method steps of claim 2 are carried out by a second computing device.
Referring to claim 5, Rush discloses that if the signature has been verified the user’s requested access to resources, such as bank account information, can be granted/denied (Col. 23, lines 1-46: consenting credentials providing access to real bank account while duress credentials provide access to fake account), which meets the limitation of wherein the access request is for account data stored at the secure resource. Examiner notes that the claim limitation specifying “the account data associates computing devices and an address for the attestation contract on the distributed transaction-based state machine” do not receive patentable weight because the claimed “account data” is never functionally utilized in the claims. Therefore, the account data would represent non-functional descriptive material that does not receive patentable weight (See MPEP 2111.05).
Referring to claims 6, 16, Rush discloses the use of asymmetric cryptographic signatures that require the generation of public-private key pairs that include a private key and a public key (Col. 9, lines 57-61), which meets the limitation of comprising first generating the private key and the public key associated with the private key. The identity registrar decrypts the received signature using the public key that corresponds to the private signing encryption key (Col. 9, lines 57-67), which meets the limitation of generating the attestation [contract] to include the public key. Signatures are decrypted using the public key (Col. 9, lines 65-67) and verified (Col. 10, lines 1-15 & Col. 22, lines 65-67: decryption using the public key verifies that the signature was created using the corresponding private key), which meets the limitation of a method of verifying the authentication response message is digitally signed with the private key. 
Rush does not disclose that the identity registrar utilizes an attestation contract stored and executing on a distributed transaction-based state machine. Kempf discloses a smart contract system wherein servers utilize Ethereum Virtual Machine technology to implement the smart contract scheme ([0039] & [0043]), which meets the limitation of deploying the attestation contract to the distributed transaction-based state machine. Kempf discloses that the smart contract system servers are configured with public keys from a public/private key pair ([0053]), which meets the limitation of generating the attestation contract to include the public key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the identity registrars of Rush to have implemented smart contract systems using Ethereum Virtual Machines in the manner described in Kempf in order to allow for the trust determination system of Rush to run on any platform in a manner that reduces transactional costs as suggested by Kempf ([0042]).
Referring to claim 7, Kempf discloses that the smart contract system servers are configured with public keys from a public/private key pair ([0053]). The public keys can be included in public key certificate provided by a certificate authority ([0053]: server public keys being configured by receiving public key certificates from a certificate authority shows a method of adding public keys), which meets the limitation of wherein generating the attestation contract further comprises providing a method of adding public keys associated with one or more computing devices authorized to access the secure resource. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the identity registrars of Rush to have implemented smart contract systems using Ethereum Virtual Machines in the manner described in Kempf in order to allow for the trust determination system of Rush to run on any platform in a manner that reduces transactional costs as suggested by Kempf ([0042]).
Referring to claim 8, Rush discloses that the identity registrar decrypts the received signatures using the public key (Col. 9, lines 65-67) and verifies the received signatures (Col. 10, lines 1-15 & Col. 22, lines 65-67), which meets the limitation of wherein the attested authentication response message [is stored on a distributed ledger of a blockchain].
Rush does not disclose that the identity registrar utilizes an attestation contract stored and executing on a distributed transaction-based state machine such that verified data is stored in a ledger. Kempf discloses a smart contract system wherein servers utilize Ethereum Virtual Machine technology to implement the smart contract scheme ([0039] & [0043]) such that validated data is stored as new blocks in a ledger ([0048]), which meets the limitation of wherein the attested authentication response message is stored on a distributed ledger of a blockchain. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the identity registrars of Rush to have implemented smart contract systems using Ethereum Virtual Machines in the manner described in Kempf in order to allow for the trust determination system of Rush to run on any platform in a manner that reduces transactional costs as suggested by Kempf ([0042]).
Referring to claim 9, Rush discloses that the identity registrar decrypts the received signatures using the public key (Col. 9, lines 65-67) and verifies the received signatures (Col. 10, lines 1-15 & Col. 22, lines 65-67).
Rush does not disclose that the identity registrar utilizes an attestation contract stored and executing on a distributed transaction-based state machine such that verified data is stored in a ledger. Kempf discloses a smart contract system wherein servers utilize Ethereum Virtual Machine technology to implement the smart contract scheme ([0039] & [0043]) such that validated data is stored as new blocks in a ledger ([0048]). The ledger data can be read from the ledger and utilized for transaction processing ([0039] & [0045]-[0046]: available credit information stored on the ledger and queried to authorize resource/service utilization), which meets the limitation of wherein the attested authentication response message is observed by the secure resource by any one of querying the attestation contract and observing the attested authentication message stored on the distributed ledger. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the identity registrars of Rush to have implemented smart contract systems using Ethereum Virtual Machines in the manner described in Kempf in order to allow for the trust determination system of Rush to run on any platform in a manner that reduces transactional costs as suggested by Kempf ([0042]).
Referring to claim 14, Rush discloses that the system includes input devices that can include a keyboard, keypad, and fingerprint/retinal scanner (Col. 26, line 66 – Col. 27, line 6 & Figure 11, 1112), which meets the limitation of wherein the system further comprises an input device. Rush discloses that merchants can have their own signature verification devices (Col. 7, lines 9-11: merchants with their own signature verification devices will receive credentials and verify credentials at the same location), which meets the limitation of the memory further comprises instructions to obtain consent by obtaining authentication by the input device.
Referring to claim 15, Rush discloses that the credentials can include biometrics (Col. 22, lines 32-37) or a four-digit personal identification number (Col. 20, lines 16-19), which meets the limitation of wherein the input device obtains any one or biometric information or a personal identification number (PIN) entry.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Zwink, U.S. Patent No. 10,169,937, which is relevant for disclosure of a multi-factor authentication system that utilizes the Ethereum platform.
Griffin, U.S. Patent No. 10,855,473, which is relevant for disclosure of a biometric authentication system that utilizes distributed ledger systems.
De Luca, U.S. Publication No. 2020/0294039, which is relevant for disclosure of a payment processing system that utilizes Ethereum virtual machines.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437