DETAILED ACTION
Claims 1-20 are pending in this action.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 01/24/2019 are accepted.  
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 01/24/2019, 03/18/2019, 07/18/2019, 08/27/2019, 11/07/2019, and 07/31/2020 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed on 01/24/2019, 03/18/2019, 07/18/2019, 08/27/2019, 11/07/2019, and 07/31/2020 are attached to the instant office action. 
Claim Objections
Claims 2,  6-14, and 17-20 are objected to because of the following informalities:
Claims 6 recites the limitation “first registrar computer system” (claim 6, ln. 2) which is interpreted to refer to a first registrar computer system (claim 1, ln. 3-4).  Examiner suggests replacing “first registrar system” with “the first registrar system” to conform to formatting throughout.   
Claim 16-20 recites the limitation “a particular member” (claim 16, ln. 1) which is interpreted to refer to “a member” (claim 15, ln. 9).  Examiner suggests replacing “a particular member” with “the member” to conform to formatting throughout.   
Claim 18-20 recites the limitation “a plurality of tokens, each token” (claim 18, ln. 2) which may be confused with “a token” (claim 15, ln. 8).  Examiner suggests replacing “a plurality of tokens, each ” with “a plurality of tokens, each token of the plurality of tokens” to conform to formatting throughout.   
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 3-6, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton et al. (US Pub. 2006/0021019) (hereinafter “Hinton”), in view of Hayhow et al. (US Pub. 2013/0254119) (hereinafter “Hayhow”), further in view of Corella et al. (US Pub. 2016/0269393) (hereinafter “Corella”), and further in view of O’Toole, Jr. (US Patent No. 7,761,501) (hereinafter “O’Toole”).  
As per claim 1, Hinton teaches receiving, by a server computer ([Hinton, para. 0105; Fig. 2C] the trust broker allows entities within a federated environment to establish a trust relationship) and from a first registrar computer system ([para. 0098; Fig. 2C] Each party/entity/enterprise is a federated enterprise which contains a POC server that can invoke a trust proxy/service [a first registrar computer]) in a first federated network of computing devices ([para. 0089; para. 0080] the receiving party is a first federated network of computing devices.  The second entity is the first registrar computer and is synonymous with the receiving party’s POC throughout the disclosure in Hinton), a request to authenticate ([para. 0114] the relying party [from the first registrar computer in a first federated network of computer devices] requests [receiving by a server computer/the trust broker] a translation of a token [a request to authenticate a first computing device, the request including a token] from the trust broker [the server computer] into a format recognizable by the relying party; the request to translate the token from the trust proxy/service [the first registrar computer] allows it to authenticate the first computing device as it is turned into a valid authentication assertion by the trust broker after it is translated [see para. 0125, Fig. 3B, step 328 and para. 0133].  The translation request is an authentication request from the first registrar computer system as it is information that may be utilized in determining whether to identify [authenticate] a transaction [see para. 0056 of the instant application])  a first computing device being utilized to conduct a transaction in the first federated network of computing devices ([para. 0080] the user [a first computing device - see Fig. 1A, 1B, 2A, 2B, para. 0039, para. 040: the user consists of a first computing device] accesses resources at the second entity [the first registrar computer system at the first federated network] without having to explicitly re-authenticate) the request including a token ([para. 0110; 0080; para. 0114] the token is used as the authentication assertion provided as part of the translation request; the user accesses the second federated network’s protected resources by presenting the authentication assertion [the token] that was issued by the first federated network]; the translation occurs after transmission of the authentication assertion [the token]) signed ([para. 0130] the issuing domain’s POC server [the entity residing in a second federated network of computing devices] adds trust information such as the signature of the assertion and the token a part of the request for generating the assertion.  A Kerberos token contains the signature of the issuing principle, in this case, the registrar computer [see Hinton, para. 0062; "The Kerberos Network Authentication Service (V5)", Network working group, Request for Comments (RFC) 1510, July/2005, pg. 58]) by an entity ([para. 0080] the first entity [the first registrar computer in the first federated network] issues an authentication assertion [the token] about the user for use at a second entity) residing in a second federated network of computing devices ([Para. 0088] the issuing party that is a second federated network of computing devices), [the token including biometric information of a user for the transaction] (the token including biometric information of a user for the transaction will be taught later).  
([Hinton, para. 0101] the trust broker [server computer] maps [identifies] attributes of a user [first computing device] known to an issuing party [a second registrar computer system associated with the entity].  One such attribute is the IP address of the entity that issued the token [see Hinton, para. 0062; para. 0057; "The Kerberos Network Authentication Service (V5)", Network working group, Request for Comments (RFC) 1510, July/2005, pg. 100-101].  An IP address, or transport internet protocol address, can be used to communicate between computers – 0029 of the instant application)
receiving, by the server computer and from the second registrar computer system, a confirmation of the authentication request, the confirmation determined by the second registrar computer system ([Hinton, para. 0114] the issuing party's [from the second registrar computer system] trust proxy generates an authentication assertion [a confirmation of the authentication request] that is understood [receiving] by the trust broker [the server computer] to send to the relying party) based in part on the biometric information of the user ([para. 0067] the authentication assertion may be accomplished [based in part on] by verifying something that a user is, i.e. some physical characteristic about the user such as biometric input from the user [the biometric information of the user]) and the signature of the token by the entity; and ([para. 0184] validation is also done based on signatures on the token such as the signature of the issuing principle in a Kerberos token implemented in the invention as taught above [see para. 0062])
transmitting, by the server computer and to the first registrar computer system, the confirmation of the authentication request ([Hinton, para. 0114] the issuing party's trust proxy generates an authentication assertion [a confirmation of the authentication request] that is understood by the trust broker [the server computer] to send [transmitting] to the relying party [the first registrar computer system]) including the token, ([para. 0107] the issuing party produces the authentication token as a means of asserting the authenticated identity of the user.  [Para. 0110] the token is used as the authentication assertion, and so the confirmation of the authentication request includes the token [see also para. 0111 – the relying domain’s trust proxy uses the token from the issuing party included with the authentication assertion]) [the token signed by the first registrar computer system] (the token signed by the first registrar computer system will be taught later) and provided to the first computing device for use in subsequent transactions in the first federated network of computing devices ([Para. 0161] after obtaining the authentication assertion, trust proxy 424 [the registrar computer], the Kerberos token may be required to facilitate single-sign-on from the point-of-contact server to the application server [in subsequent transactions in the first federated network of computing devices] that are required by the back-end applications, and build a local session [in subsequent transactions] for the user [to the first computing device].  
Hinton does not teach transmitting, by the server computer, the authentication request from the first registrar computer system to the second registrar computer system using the canonical address.  
However, Hayhow teaches transmitting, by the server computer, the authentication request from the first registrar computer system to the second registrar computer system using the canonical address.  ([Hayhow, para. 0077, Fig. 6] a communications terminal [first registrar computer system] sends an authentication request to a network gateway [the server], and the server transmits the authentication request to a communications network [second registrar computer system]. The communications terminal is the equivalent of a first register computer as it is computer hardware [para. 0035 – a computer] for establishing a communication protocol [para. 0042 – the communications terminal contains network interfaces for establishing a communication protocol] between federated networks of computing devices [para. 0040; Fig. 1 – the communications terminal facilitates communication between a secure payment network and another communication network] [a registrar computer system is defined in para. 0041 of the instant application].  [Hayhow, para. 0038] the network gateway may be implemented as a computer server.  The communications network is the equivalent of a second registrar computer as it is computer hardware [para. 0036 – a computer server] for establishing a communication protocol [para. 0036 – the communications network comprises circuit/packet-switched networks that establishes various communications protocols] between federated networks of computing devices [para. 0039; Fig. 1 – the communications network facilitates communications between users of the communications terminals in a first network and network devices of a second communications network].  [Para. 0036] communications using the canonical or IP address between the communications terminal, the gateway, and the communications network is disclosed.  Transmission using the canonical address is well known in the art [see "The Kerberos Network Authentication Service (V5)", Network working group, Request for Comments (RFC) 1510, July/2005, pg. 102)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton with the teachings of Hayhow to include transmitting, by the server computer, the authentication request from the first registrar computer system to the second registrar computer system using the canonical address since the operation of the server computer.  Using the known technique of transmitting an authentication request from a first registrar computer system to a server and then to a second computer system as taught by Hayhow to improve a similar network to provide the desired steps to process the authentication request in the federated network of the Hinton reference, would have been obvious to one of ordinary skill in the art, to improve the federated network of the Hinton reference in the same manner as the authentication network set forth in the Hayhow reference.  
Although Hinton teaches that the confirmation of the authentication assertion/token may be done with biometric information, which implies that the limitation of the token including biometric information of a user for the transaction is implicitly disclosed, Hinton does not explicitly teach the token including biometric information of a user for the transaction.   
([Corella, para. 0020; Fig. 20] an authentication-phase biometric sample supplied by the user for the transaction deriving a authentication token)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton with the teachings of Corella to include the token including biometric information of a user for the transaction.  One of ordinary skill in the art would have been motivated to make this modification because computing devices such as mobile phones and tablets have come to be equipped with sensors to measure features of the user, which when used as an authentication token, protects against dictionary attacks that would succeed against a traditional password (Corella, para. 0007; para. 0069).  
Hinton does not teach the token signed by the first registrar computer system.   
However, O’Toole teaches the token signed by the first registrar computer system.   ([O’Toole, col. 3, ln. 48-49] the data communications device [the first registrar computer system] inserts a signature [signs] into the token information.  [Col. 17, ln. 10-12] there exists within the token multiple signatures representing multiple data communication devices [a plurality of registrar computer systems] though which the token have traveled through.   The data communications device is a registrar computer system as it is a computer for establishing a communication protocol [see col. 3, ln. 24-25; col. 19, ln. 44-47 – the data communications device is one of a number of devices for this function] between federated networks of computing devices [see Fig. 1; col. 3, ln. 25-26; col. 3, ln. 44-46 – a data provider network and a data receiver network].  The data communications device provides the token for the first computing device to use [see col. 9, para. 2-6] in subsequent transactions, and so is a first registrar computer system)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton with the teachings of O’Toole to include the token signed by the first because such a procedure would solve the problem of tracking registrar computers (communications devices) that have received the token (O’Toole, col. 3, ln. 60-67).  Such an improvement would enable auditing capability of transmission of data through the registrar computers (O’Toole, col. 4, ln. 7-17) which is desirable to ensure that distribution of resources to the user (trust between the entities – see 0042 and 0043 of the instant application) is not being abused (O’Toole, col 3, ln. 10-19).  

As per claim 3, Hinton in view of Hayhow, Corella and O'Toole teaches claim 1.  
Corella also teaches wherein the second registrar computer system maintains template biometric information for verifying the biometric information of the user.  ([Corella, para. 0085] the back-end subsystem containing the application back-end [the second registrar computer] computes biometric helper data [template biometric information] which it stores [maintains] for later use during authentication [verifying the biometric information of the user].  [Para. 0058; Fig. 1] the application back-end is the equivalent of the second registrar computer as it is proliferates communication between itself and the front-end system.  The biometric helper data is the equivalent of template biometric information as it is a digital reference of characteristics that have been extracted from biometric samples [see Corella, para. 0008; para. 0037 of the instant application for the definition of biometric template – which includes a data derived from biometric samples].   [Para. 0051] authentication is verifying a bearer token which includes biometric code: the biometric information of the user)
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Hinton and Corella for the same reasons as disclosed above.

As per claim 4, Hinton in view of Hayhow, Corella and O'Toole teaches claim 1.  
([Hinton, para. 0070] business agreements include technological agreements on rules [a plurality of policies] on how to transfer information used to vouch [authenticate] users between participating enterprises.  These policies are maintained in the security token service within each trust service [see para 0126, and Fig. 2C] and so are maintained by the every registrar computer system in the federated network [defined as the POC running a trust service above] including the first computer system in the federated network.   [Para. 0159] the tokens that are accepted [confirmation of the authentication request described above] and other requirements are determined based in part on the business agreements)

As per claim 5, Hinton in view of Hayhow, Corella and O'Toole teaches claim 4.  
	Hinton also teaches wherein the plurality of policies identify a number of signatures from one or more members of an open trust network for authenticating the request.  ([Hinton, para. 0159] the business agreements that include technological agreements on rules [a plurality of polities] pre-establish [identify] the signatures [a number of signatures] that are required on tokens.  Tokens are authentication assertions from one or more members of an open trust network for authentication of the request [see Hinton, para. 0068 and para. 0107 for a token as an authentication assertion; and see para. 0110 and Fig. 2C describing that tokens are created by members of the open trust network])

As per claim 6, Hinton in view of Hayhow, Corella and O'Toole teaches claim 5.  
Hinton also teaches wherein the server computer, first registrar computer system, and the second registrar computer system are members of the open trust network.
	Hinton also teaches wherein the server computer, first registrar computer system, and the second registrar computer system are members of the open trust network.  ([Hinton, para. 0098; Fig 2C] enterprise A including the POC and trust service of enterprise A [the first registrar computer system; the trust broker [the server computer] and enterprise B including the POC and trust service of enterprise B [the second registrar computer system] are all members of a federated environment.  The federated environment operates at least part in trust [see para. 0117] and open membership [see para. 0121 – there are no additional requirements beyond the infrastructures of an enterprise and potential partners])
	
As per claim 15, this claim recites a server computer comprising 
a processor; and (Hinton, para. 0041, Fig. 1B, element 122)
a memory including instructions that, when executed with the processor (Hinton, para. 0041, Fig. 1B, element 124 and 126) cause the server computer to perform the steps disclosed in the method of claim 1, has claim language that is identical or substantially similar to that of claim 1, and thus is rejected with the same rationale applied against claim 1. 
Also disclosed by Hinton is a “merchant registrar computer system” that is also a “first registrar computer system” ([Hinton, para. 0053; Fig. 1E; para. 0098] the user engages in transactions with a number of enterprises by means of a POC server.   See para. 52 of the instant application: a “merchant may be entity that engages in transactions and can sell goods or services, or provide access to goods or services”), 
“a member of an open trusted network” that is also “an entity” ([Hinton, para. 0053; Fig. 1E; para. 0098] the user engages in transactions with a number of enterprises by means of a POC server.   See para. 52 of the instant application: a “merchant may be entity that engages in transactions and can sell goods or services, or provide access to goods or services”.  The issuing party is a second federated network of computing devices [see para. 0088] and the receiving party is a first federated network of computing devices [see para. 0089]),
.  


Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Hinton in view of Hayhow, Corella , O’Toole, and further in view of Bollay et al. (US Patent No. 7,046,666) (hereinafter “Bollay”).  
As per claim 2, Hinton in view of Hayhow, Corella and O'Toole teaches claim 1.  
Hinton also teaches wherein the canonical address represents [an overlay] address [for a hierarchy of addresses] associated with the first federated network of computing devices.  [see Hinton, para. 0062; "The Kerberos Network Authentication Service (V5)", Network working group, Request for Comments (RFC) 1510, July/2005, pg. 100-101; pg. 31; pg. 115 – the ticket address, the address of the client that requests the authentication assertion token]. The canonical address represents an overlay address for a hierarchy of addresses will be taught later.)
Hinton does not teach wherein the canonical address represents an overlay address for a hierarchy of addresses. 
However, Bollay teaches wherein the canonical address represents an overlay address for a hierarchy of addresses associated with the first federated network of computing devices.  ([Bollay, col. 1, ln. 27-49; Fig. 1] the subnet mask effectively introduces another level of hierarchy into the IP address by allowing the subnet mask to be applied to an overlay address [the IP address – the network address that is layered on top of a sub-network, or an overlay address])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton, Hayhow, Corella, and O’Toole with the teachings of Bollay to include wherein the canonical address represents an overlay address for a hierarchy of addresses associated with the first federated network of computing devices.  One of ordinary skill in the art would have been because the practice of subnetting provides a simple way to reduce the total number of network numbers assigned (Bollay, col. 1, ln. 16-18).  
	
Claims 7-11, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton et al. (US Pub. 2006/0021019) (hereinafter “Hinton”) in view of Sorotokin et al. (US Pub. 2013/0125223) (hereinafter “Sorotokin”), and further in view of Chai (US Pub. 2008/0072301) (hereinafter “Chia”).  
As per claim 7, Hinton teaches receiving, by a registrar computer system ([Hinton, para. 0156; para. 0098] the user invokes a sign-on operation to a resource on a POC server in an enterprise domain.  The POC server that can invoke a trust proxy/service is a registrar computer; the POC server that runs the trust service is a registrar computer system as it is computer hardware/software for establishing a communication protocol between federated networks of computing devices [see para. 0041 of the instant application]) associated with a federated network of computing devices ([Fig. 2C, and para. 0081] a federated network of computer devices that includes the POC server), a first request to utilize a shared resource ([para. 0156] the user invokes a single-sign-on operation/transaction [a request to be authenticated, see para. 0010] to a resource domain [a first request to utilize a shared resource]) implemented by the federated network of computing devices , the first request provided by a first computing device ([Fig. 1A, 1B, 2A, 2B, para. 0039, para. 0040; para. 0156; para. 0053] the user consists of a first computing device; the user initiates a transaction; a typical online transaction might require multiple authentication requests from the user)  and including a token associated with the first computing device; and ([para. 0156] The user's token [a token associated with the first computing device] would be transferred with the user's request to the enterprise domain/relying party [see Fig. 4 – Enterprise B].  This token may be sent using user's browser [the first computing device sends the token])
([Hinton, para. 0105] it may be the case that a trust service [the registrar computer – see para. 0098 and above] does not know how to interpret [identifying, by the registrar computer that the user/first computing device is an unknown entity – see para. 0107 – the authentication token is the means of asserting the identity of the user, and as the trust service does not know how to interpret the authentication token, the identity of the user is an unknown entity] the authentication token [at least in part on the token and one or more signatures used to sign a token) and one or more signatures used to sign the token (para. 0098] an SAML token is disclosed: a token with an SAML assertion/signature that is received.   See para. 0063; 0064: an assertion provides indirect evidence of some action such as authentication by an entity that is not the authentication service but that listened to the authentication service.   A signature as a SAML assertion from a trusted authority is well known in the art – see Hinton, para. 0064; "Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML)", OASIS Standard, 2005, pg. 68-70] by an associated point-of-contact server) and a policy associated with the one or more signatures specified by the registrar computer system; ([para. 0098; para. 0105] the POC server [registrar computer] runs the trust service.  Rules on how to translate a given user identity and attributes [how to translate is a policy associated with the one or more signatures specified by the registrar computer – see para. 0070: business agreements {or policies} include rules on how to translate] also goes into determining when a computing device is an unknown entity)
transmitting, by the registrar computer system to a trust management system, a second request to authenticate the first computing device, the second request including the token; ([Hinton, para. 0114] The relying party [Enterprise B above, see Fig. 4; para. 0156] requests a translation of this token [the second request including the token] from the trust broker [to a trust management system] into a format recognizable by the relying party.  The request to translate the token from the trust proxy/service [the registrar computer system] allows it to authenticate the first computing device as it is turned into a valid authentication assertion after it is translated [see para. 0125, Fig. 3B, step 328 and para. 0133].  An authentication assertion is a statement about the successful presentation and validation of a user's authentication credentials [see para. 0068].   The translation request is an authentication request from the first registrar computer system as it is information that may be utilized in determining whether to identify [or authenticate] a transaction [see para. 0056 of the instant application])
and enabling, by the registrar computer to the first computing device, access to the shared resource by at least providing the token and location information for the shared resource to the first computing device, ([Hinton, para. 0161] After obtaining the translation for the user, the POC by the trust proxy [the registrar computer], through its security token service, can generate any local tokens, e.g., a Kerberos token may be required to facilitate single-sign-on from the point-of-contact server to the application server [access to the shared resource by providing the token and location information for the shared resource, the token signed by the registrar computer and location information including a canonical address for communication with the shared resource] that are required by the back-end applications, and build a local session [access to the shared resource] for the user [to the first computing device]) the token signed by the registrar computer and the location information including a canonical address for communicating with the shared resource ([Hinton, para. 0062, and 0012; The Kerberos Network Authentication Service (V5)", Network working group, Request for Comments (RFC) 1510, July/2005, pg. 59 and pg. 100-101] a Kerberos token contains the signature of the issuing principle, in this case, the registrar computer, and a host address – the IP address of the issuing principle.  The IP address of the issuing principle is also the IP address of the shared resource within the domain/the canonical address for communication with the shared resource)
Hinton does not explicitly teach receiving, by the registrar computer system from the trust management system, an authentication message that verifies the first computing device within an open 
However, Sorotokin teaches receiving, by the registrar computer system from the trust management system, an authentication message ([Sorotokin, para. 0032] in various embodiments, the DRM server [the trust management system] may issue a credential [an authentication message] to a respective content server [the registrar computer system] in response to an authentication/registration process performed between the content provider and DRM provider].  The DRM server is the equivalent of the trust management system as it operates based on trust and is responsible for establishing trust between registrar computers [see para. 0031. Also see para. 0042 of the instant application]. The content server is the equivalent of the registrar computer system as it provides the resource to the user [see Sorotokin, para. 0028] and maintains a communication protocol between the DRM, the user and other content servers [see Sorotokin, para. 0020, 0029.  Also see para. 0041 of the instant application]) that verifies the first computing device within an open trust network, ([Sorotokin, para. 0033; 0039] Credentials are utilized to create an authentication token.  The authentication token consists of information indicating another content server [another registrar computer within a plurality of registrar computers] has authenticated [has verified] the users of the client device [the first computing device].  The credentials information is information that may be utilized in determining whether to identify [or authenticate] a transaction [see para. 0056 of the instant application, giving examples of identifying information, which the credential conforms with], and so is an authentication message.  The embodiments are directed to the establishment of a trust relationship between a DRM provider and one or more content providers [an open trust network - see para. 0032 and Fig. 1]) the authentication ([para. 0032] the  DRM server [the trust management system] issues [generates] a credential [an authentication message] in response to an authentication process) to the trust management system communicating with a plurality of registrar computers ([para. 0032; Fig. 1] a DRM server corresponds and communicates with a plurality of one or more content providers [a plurality of registrar computers] in response to the authentication process) in the open trust network to determine signatures provided by the plurality of registrar computers ([para. 0047] In cases where the DRM server [the trust management system] determines that the digital signature is valid [determine signatures provided by the plurality of registrar computers – the digital signature uniquely identifies a particular content server/registrar computer – see para. 0033], the DRM server may also determine that the information indicated by the authentication token is also valid, since the token was signed by an entity with which the DRM server previously established a trust relationship [represent previous transactions with the first computing device and the token].  The entities which the DRM server previously established a trust relationship are the pluralities of content servers [see Fig. 1; para. 0032].  As the DRM server is responsible for determining the validity of the signature of the respective entity, it determines signatures provided by the plurality of registrar computers) for the token that represent previous transactions with the first computing device and the token in respective federated networks of computing devices that correspond to the plurality of registrar computers ([para. 0039] a content server [registrar computer] issues an authentication token [the token] which includes information about the content server [registrar computer] that had authenticated the user [that represent previous transactions with the first computing device and the token].  This authentication token information [the previous transactions between the computing device and the token] includes information that indicates [corresponds to] a respective content provider [the plurality of registrar computers] that the user has been authenticated.  Such information is specific to a domain of users the content server [a domain of users is a respective federated network of computing devices within a federated environment – see Hinton, para. 0154 and Fig. 4])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton with the teachings of Sorotokin to include receiving, by the registrar computer system from the trust management system, an authentication message that verifies the first computing device within an open trust network, the authentication message generated by the trust management system in response to the trust management system communicating with a plurality of registrar computers in the open trust network to determine signatures provided by the plurality of registrar computers for the token that represent previous transactions with the first computing device and the token in respective federated networks of computing devices that correspond to the plurality of registrar computers.  One of ordinary skill in the art would have been motivated to make this modification because by using this framework of verification, the registrar computer system (the content provider) providing access to the first computing device (the user) can rely on the trust management system (DRM provider) to handle management of the resources provided to the first computing device (Sorotokin, para. 0029).  Such a system would allow the establishment of a trust relationship between the plurality of registrar computer systems represented by the credential (Sorotokin, para. 0031).  
Alternatively, although the broadest reasonable interpretation of a second request to authenticate the user device includes the translation request, and the broadest reasonable interpretation of the authentication message to verify the user device includes the credential,
Chai also teaches transmitting, by the registrar computer system to a trust management system, a second request to authenticate the first computing device, the second request including the token and ([Chai, para. 0100; Fig. 7] an authentication controller sends an authentication assertion query to an AAA Server.  The AAA server is a trust management system as the server includes a system that operates at least in trust and enables communication between registrars [see Chai, para. 0055 – a federated domain refers to network service providers with trust relationships; para. 0053 – the AAA Server is an instance of the access control authority; para. 0022-0023 – service providers form federated domains which are managed by the access control authority that determined whether a user is allowed to access the service by federation policies].  The AA controller is a registrar computer system as it allocates services to users [para. 0054] and maintains a communication protocol between the AAA server, the user terminal, and other AA controllers [see Fig. 5].  The assertion query contains a token as it uses the SAML authentication protocol [see the SAML protocol disclosed by Hinton above])
receiving, by the registrar computer system from the trust management system, an authentication message that verifies the first computing device within an open trust network, the authentication message generated by the trust management system.  ([Chai, para. 0100; para. 0072; Fig. 7] the AAA Server [trust management system] will reply to the authentication controller [the registrar computer system] with an assertion success or assertion failure [an authentication message].  If the user credentials match the profile in the database, the AAA Server authenticates the server [verifying the first computing device])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton and Sorotokin with the teachings of Chai to include transmitting, by the registrar computer system to a trust management system, a second request to authenticate the first computing device, the second request including the token and receiving, by the registrar computer system from the trust management system, an authentication message that verifies the first computing device within an open trust network, the authentication message generated by the trust management system.  One of ordinary skill in the art would have been motivated to make this modification because such a procedure would solve the problem of access management network-wide domains [see Chai, para. 0011] and allows network domains forming a federation to agree on a pre-defined interface and protocol to collaboratively process authentication requests from a user terminal [the computing device].  

As per claim 8, Hinton in view of Sorotokin and further in view of Chai teaches claim 7.  
Hinton also teaches wherein the shared resource comprises one or more of a mobile computing device, a wearable device, a laptop computer, a desktop computer, a server computer, an automobile, a printer, a scanner, a wireless router, a wireless network, a software application, a storage device, or a computer resource made available by a host. ([Hinton, para. 0012] the system allows users to access entitlements and data for computational resources [a computer resource made available by a host])

As per claim 9, Hinton in view of Sorotokin and further in view of Chai teaches claim 7.  
Hinton also teaches further comprising updating, by the trust management system, a mapping of known entities for the registrar computer system in response to enabling access to the shared resource by the registrar computer.  ([Hinton, para. 0048] the DRM sever may perform operations in response to successfully authenticating the user via the authentication token [enabling access to the shared resource – see receiving step followed by enabling step above].  One of such operations may include the creation of a DRM identifier for that user [a mapping of known identities].  The DRMID is passed to the content server, and mapped to the user’s account.  [Para. 0070, Fig. 6] the DRMID may be crossed referenced by the content server [para. 0054] so that the content server [content server 110a] can use the DRMID to give a device that had been authenticated by another content server [content server 120c]).  
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Hinton and Sorotokin for the same reasons as disclosed above.


Hinton also teaches further comprising receiving, by the registrar computer system from another registrar computer system, an indication that a prior authentication has been performed within another federated network of computing devices associated with the other registrar computer system, the prior authentication performed by the first computing device using the biometric information.  ([Hinton, para. 0071] single-sign-on solutions allow one enterprise [receiving by the registrar computer system by the proxy service – see definitions for enterprise and registrar computer above] to trust an authentication assertion [an indication that a prior authentication has been performed] produced by a different enterprise [another federated network of computing devices associated with the other registrar computer system – see definition for enterprise and registrar computer above]). [Para. 0067] the authentication assertion may be accomplished by verifying something that a user is, i.e. some physical characteristic about the user such as biometric input from the user [authentication performed by the first computing device using biometric information])

As per claim 11, Hinton in view of Sorotokin and further in view of Chai teaches claim 7.  
Sorotokin also teaches wherein the signatures provided by the plurality of registrar computers for the token are signed using respective private keys that are generated and maintained by the plurality of registrar computers. ([Sorotokin, para. 0033] the content server [the registrar computer among a plurality of registrar computers – see para. 0032, Fig. 1] creates [generates and maintains] a digital signature using a private key.  [Para. 0040] the authentication token includes the digital signature [signed with the digital signature signature].  
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton and Chai with the teachings of Sorotokin to include wherein the signatures provided by the plurality of registrar computers for the token are signed using respective because the trust management system [the DRM server] may be configured to utilize this digital signature to identify a particular registrar computer (Sorotokin, para. 0031).  Using a private key allows the registrar computer to create a message authentication code that allows for encrypted authentication (Sorotokin, para. 0033 and para. 0026-0027).

	As per claim 14, Hinton in view of Sorotokin teaches claim 7.  
	Sorotokin also teaches wherein the signatures provided by the plurality of registrar computers for the token represent successfully authenticated transactions within the respective federated networks of computing devices utilizing the first computing device and the token.  ([Sorotokin, para. 0046] the DRM server [the trust management system] may be configured to use the credential to verify the digital signatures.  If the digital signature were signed by the content provide [a registrar computer out of the plurality of computers for the token] with a private key issued during the establishment of the trust relationship, the DRM server verifies the digital signature with the corresponding public key.  If the comparison result in a match, the DRM server may determine that the digital signature is valid [a successfully authenticated transaction].  [Para. 0047] In cases where the DRM server determines that the digital signature is valid, the DRM server may also determine that the information indicated by the authentication token [information that indicates the content server has authenticated the user/first computing device] is also valid [a successfully authenticated transaction within the federated networks of computing devices utilizing the first computing device and the token])

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Hinton in view of Sorotokin, Chai, and further in view of Zessin et al. (US Publication 2017/0272342) (hereinafter “Zessin”).  

Hinton does not explicitly teach wherein the federated network of computing devices represents a federated block chain.
However, Zessin teaches wherein the federated network of computing devices represents a federated block chain.  ([Zessin, Para. 0005; 0008] IoT edge devices belong to the same networked mobile environment and so is a federated network of computing devices [see instant application para. 0040].  The device IDs of the computing devices are organized together in a hash chain/block chain/recursive ledger chain [see Zessin, para. 0068; Fig. 5]) 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton, Sorotokin and Chai with the teachings of Zessin to include wherein the federated network of computing devices represents a federated block chain.  One of ordinary skill in the art would have been motivated to make this modification because a block chain may be used in conjunction with other mechanisms to organize and manage the network, such as organizing access to different types of resources (Zessin, para. 0025).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Hinton in view of Sorotokin, Chai, and further in view of Corella.  
As per claim 13, Hinton in view of Sorotokin and further in view of Chai teaches claim 7.  
Hinton does not explicitly teach wherein the token associated with the first computing device is generated using a hashing algorithm that utilizes the biometric information and a private key maintained by a corresponding network of computing devices associated with the first computing device.  
However, Corella teaches wherein the token associated with the first computing device is generated using a hashing algorithm that utilizes the biometric information and a private key maintained by a corresponding network of computing devices associated with the first computing device.  ([Corella, Fig. 21; para. 0157; para. 0162] a reg-phase bearer token is generated using [utilizing] the biometric information of a user.   [Fig. 23; para. 0171]The public key is concatenated with the reg-phase bearer token to produce a string and the server applies the a cryptographic hash function SHA-256 to the string to create an registration-phase tag [a token as it is data that provides information about whether the user is successfully authenticated when compared to an authentication-phase tag – see Fig. 5; para. 0077; also see para. 0044 of the instant application].  [Para. 0063; 0064] the public key corresponds to a private key of a key pair in asymmetric cryptosystem, are mathematically linked, allows the public key to perform its intended function, allows the hash algorithm to prove knowledge of the that the user has access to the storage medium that contains the key pair, and so the private key is utilized in the hashing algorithm. [Para. 0058; Fig. 1; para. 0065] the token is associated with the first computing device as the token includes biometric information that is input by the user.  The public private key pair is maintained and stored in a front-end subsystem that includes the computing device [a corresponding network of computing devices associated with the first computing device].  Alternatively, a computing device being associated with a network of computing devices was disclosed in Hinton above) 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hinton, Sorotokin, and Chai with the teachings of Corella to include wherein the token associated with the first computing device is generated using a hashing algorithm that utilizes the biometric information and a private key maintained by a corresponding network of computing devices associated with the first computing device.  One of ordinary skill in the art would have been motivated to make this modification because by hashing the biometric information with a salt, will slow a dictionary attack by an adversary, and by using a key instead of a salt, makes it unnecessary to generate the salt, provides strong security against fraudulent authentication, while still preventing against dictionary attacks and addressing privacy concerns (Corella, para. 0006; para. 0007; para. 0054).

Claims 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton in view of Hayhow, Corella, O’Toole, and further in view of Moritz et al. (US Patent No. 9,516,035) (hereinafter “Moritz”).  
As per claim 16, Hinton in view of Hayhow, Corella, and O’Toole teaches claim 15.  
Hinton does not teach wherein a particular member of the open trust network is a banking entity associated with a banking entity computer system, the banking entity computer system configured to capture behavior information and environment for transactions conducted by the user.
However, Moritz teaches wherein a particular member of the open trust network is a banking entity associated with a banking entity computer system, the banking entity computer system configured to capture behavior information and environment information for transactions conducted by the user.  ([Moritz, col. 13, ln. 12-24] a behavior profile for transactions conducted by the user is captured by the bank entity associated with a banking entity computer system [see col. 7, ln. 65 to col. 8 ln. 10].  The behavior profile includes behavior information [such as behavior biometrics, how many logon attempts have been made, and activities associated with transactions] and environment information [such as time of day transactions were made, the channels used, where the attempts originated from, and registered devices].  [Col. 7, ln. 5-12; Fig. 1] the behavior profiler is a particular member the organization.  [Col. 8, ln. 11-30] the organization is the equivalent of the enterprise described in Hinton, and a member of the open trust network as it is a membership organization which may be communicably coupled to a third party [part of a federated network].  Furthermore the organization authentication using the behavior profiler includes information that is ownership information [see col. 9, ln. 10-12], which includes the token [see col. 1, ln. 34-36] described above that adheres to the hierarchical and canonical address formatting scheme and enforces a token signature and biometric sample verification operations]
 with the teachings of Moritz to include wherein a particular member of the open trust network is a banking entity associated with a banking entity computer system, the banking entity computer system configured to capture behavior information and environment for transactions conducted by the user.  One of ordinary skill in the art would have been motivated to make this modification because such characteristics allow for a federated network in an open trust network to develop a proactive approach for detecting suspicious activity in real-time or near real-time (Moritz, col. 4, ln. 47-62).

As per claim 17, Hinton in view of Hayhow, Corella, O’Toole, and Moritz teaches claim 16.  
Moritz also teaches wherein the banking entity computer system is further configured to generate one or more identity profiles based in part on the behavior information and the environment information, the one or more identity profiles associated with the user.  ([Moritz, col. 13, ln. 12-24] a behavior profile [the identity profile] for transactions conducted by the user is captured by the bank entity associated with a banking entity computer system [see col. 7, ln. 65 to col. 8 ln. 10].  The behavior profile includes behavior information [such as behavior biometrics, how many logon attempts have been made, and activities associated with transactions] and environment information [such as time of day transactions were made, the channels used, where the attempts originated from, and registered devices] and so is based on part on the behavior and environment information)
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Hinton and Moritz for the same reasons as disclosed above.

 As per claim 18, Hinton in view of Hayhow, Corella, O’Toole, and Moritz teaches claim 17.  
([Hinton, para. 0055] the enterprise domains described above are supported for banking domains, and so is the equivalent of the banking entity computer system. The user profile [identity profile] of the user is generated by the FMPS within the enterprise domain [see Fig. 6, para. 0179].  The enterprise domain also contains the POC server utilizing the trust service to generate a plurality of tokens [see Para. 0098; Fig. 2C].  Each token correspond to a token type [see para 0110 – trust services use this information to invoke token services], and are based in part on a particular user’s identity profile [see para. 0159 – trust services use the user identifier to generate a security token for the user])

As per claim 19, Hinton in view of Hayhow, Corella, O’Toole, and Moritz teaches claim 18.  
Hinton also teaches wherein the registrar computer system confirming the authentication request is based at least in part on the token type associated with the token and the signature of the token. ([Hinton, para. 0159] the types of tokens that are accepted, the signatures that are required on tokens are all pre-established.  Tokens are authentication assertions [confirming the authentication request] from one or more members of an open trust network for authentication of the request [see Hinton, para. 0068 and para. 0107 for a token as an authentication assertion; and see para. 0110 and Fig. 2C describing that tokens are created by members of the open trust network])

As per claim 20, Hinton in view of Hayhow, Corella, O’Toole, and Moritz teaches claim 18.  
Hinton also teaches wherein the registrar computer system maintains one or more policies identifying the token type to authenticate based on a type of transaction. ([Hinton, para. 0159] the business agreements that include technological agreements on rules [a plurality of polities] pre-establish [identify] the types of tokens that are accepted [identifying the token type to authenticate].  [Para. 0101] the trust service identifies the token type.   [Para. 0071] this determination is based on pre-negotiated or pre-configured agreements including how to authenticate a user for a type of transaction [see para. 0101 – if the transaction is a type that the trust service can handle, then it is one type of token, i.e. a SAML token; if not, it is another type of token, i.e. a Kerberos token, which will need to be translated by a trust broker])
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Nix et al., (US Pub. 2006/0149671) discloses a payment processing method/system that utilizes block chain for recording transactions by storing signatures of respective registrar computer systems.  Patron et al., (US Pub. 2005/0063333) discloses an authentication method for allocating resources utilizing tokens in a federated environment.  Johnson et al., (US Pub. 2006/0235795) discloses an authorization method utilizing an identity provider that coordinates a service provider to validate a token provided by the client.  Veeraraghavan et al., (US Pub. 2009/0320103) discloses a security broker that receives authentication requests which can then be authenticated by a registrar computer.  Kol et al., (US Pub. 2011/0145565) discloses a federated authentication system that utilized a federated token from a second domain and establishing a trust relationship with a third party trust broker.  Nishizawa et al., (US Pub. 2013/0247142) discloses a federated authentication system that uses single-sign-on and a trust based relationship.  Counterman (US Pub. 2015/0365403) discloses a content sharing method that uses an authentication server to coordinate authentication between a user device and a content provider, with the request utilization and authentication token.  Kumar (US Pub. 2017/0272419) discloses an authentication intermediary that utilizes a security token in a method similar to the instant application.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z. L./Examiner, Art Unit 2493

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493