DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the communications, the application filed on 04/02/2019 and the preliminary amendments filed on 12/09/2020 and 02/02/2021.
Claims 1-21 are currently pending in this application. Claims 1-4, 7, 9, 12 and 15-20 have been amended.

Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 08/13/2019, 04/10/2020 and 09/29/2020 were filed.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Allowable Subject Matter
Claims 1-21 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Regarding independent claims 1, 15, 20 and 21,

Toth (US 2017/0230361 A1) teaches an electronic credentialing system that allows personal identity devices to interact, acquire, hold, issues and uses electronic credentials (e-credentials). Binding public-private keys to e-credentials of an owner to enable remote users to verify that an e-credential provided by the originating owner is in the owner's possession, and that subsequent digital signing, encryption, and digital sealing operations are bound to that owner. Secrets of a device owner such as authentication data (e.g. PIN/password hashes, biometric templates, and behavioral criteria), and private encryption keys, are retained in a protected memory store such that the secrets can only be accessed and used by the identity engine and are not disclosed by the identity engine - see figs. 1, 2; abstract, paras. [0123] - [0126] and [0132] of Toth.

Smith et al. (US 2016/0127351 A1) teaches technologies for continuously authenticating a user via multiple authentication factors. A trusted execution environment module asserts continuous user authentication monitoring to the key distribution center server. The assertion provided to the key distribution center server may also include information indicative of the factors (e.g., the forms of verification data) used by the trusted execution environment module to authenticate the user. The assertion of continuous user authentication and presence monitoring may be signed using a user private key of a user public/private key pair prior to being sent to the key distribution center server. The trusted execution environment module may request a ticket granting ticket from the key distribution center server. The ticket granting ticket may include the signed assertion of continuous user authentication/presence monitoring - see figs. 2, 4, 5; abstract, paras. [0043] - [0048] of Smith.

Bakshi et al. (US 2014/0259115 A1) teaches system and method to implement authentication for network access in electronic devices. During the login procedure the identification packet may be transmitted from the electronic device to the remote authentication provider through a secure communication channel. The remote authentication provider may implement one or more authentication routines using data in the identification packet. When the host device is embodied as an electronic device a trusted execution environment may be implemented by the trusted execution engine, while the untrusted execution environment may be implemented by the main processors and operating system of the system. Remote entities that issue credentials, identified as issuers, supply credentials, which are stored in the trusted execution environment of the host device. A host proxy facilitates communication between one or more client applications which execute in the untrusted execution layer and the token access manager. The identification packet is signed and wrapped for transport to the remote authentication provider – see figs. 1, 5; paras. [0010], [0011], [0027], [0030] and [0038] of Bakshi.

However, the prior art of record does not teach or render obvious the limitations, specific and combination with other limitations:
in the claims 1 and 21 of a method and medium for, 
receiving a request to establish a user identity, the request comprising (1) representations of credentials, (2) first cryptographically-signed data, and (3) a public key of a cryptographic key pair;
in response to determining to establish the user identity record based on verifying the request, publishing, to a tamper-evident data store, the user identity record, the user identity record comprising the public key and the representations of credentials or pointers thereto, wherein the tamper-evident data store comprises a plurality of user identity records established for respective users and a plurality of other records;
receiving a request to authenticate a user to the user identity record, the request comprising second cryptographically-signed data and an identifier of a first record;
determining to authenticate the user to the user identity record in response to:
verifying the first and second records have not been tampered with subsequent to publishing by verifying that the first and second records are consistent with two set of cryptographic hash values based on the first and second records; and
verifying the second cryptographically-signed data as being signed by a private key of the cryptographic key pair comprising the public key of the user identity record; and
in response to the determination and the request to authenticate the user to the user identity record.

in the claim 15 of a method for, 
obtaining first data comprising a respective representation of each credential in a set of credentials, first cryptographically-signed data, and a verification key by which data cryptographically-signed based on a key maintained on the computing device can be verified;
receiving identity information corresponding to an identity record, identifying the verification key, established within a decentralized data store;
obtaining second cryptographically-signed data signed by key maintained on the computing device; and
transmitting the second cryptographically-signed data and identity information to a second server for authentication of user ownership of the identity record responsive to:
verification of the second cryptographically-signed data, as being signed by the key maintained on the computing device, based on the verification key of the identity record, and verification of authenticity of the identity record within the decentralized data store.

in the claim 20 of a method for, 
generating first data comprising a representation of each credential in a set of credentials maintained on a computing device, the representation of each credential indicative of corresponding credential values;
receive identity information corresponding to an identity record established within the decentralized data store, the identity record comprising a public 
providing, to a relying application, via an interface of the wallet application, access to the stored identity information; and
obtaining, responsive to a request to authenticate to the identity record, second data signed by a private key maintained on the computing device and corresponding to the public key of the identity record.

Dependent claims 2-14 and 16-19 are allowed as they depend from allowable independent claim 1 or 15.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495