DETAILED ACTION
Acknowledgements
1.	 The Applicant’s application filed on July 8, 2019 is hereby acknowledged. Claims 1-20 are pending and have been examined. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 U.S.C. § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
2.	Claims 1–20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to an abstract idea without significantly more.

Regarding claims 1–20. As discussed in MPEP § 2106 as revised by the 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”)1, when considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (i.e., Step 1). If the claim does fall within one of the statutory categories, it must then be determined whether the claim recites a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (i.e., Step 2A.1) and whether the exception is integrated into a practical application (i.e., Step 2A.2). With respect to Step 2A.1, the 2019 PEG extracts and 2 With respect to Step 2A.2, elements that are indicative of integration into a practical application are discussed in MPEP § 2106.05(a), (b), (c), and (e).3 Elements that are not indicative of integration into a practical application are discussed in MPEP § 2106.05(f), (g), and (h).4 If the exception is not integrated into a practical application, the claim is found to be directed to the exception. It must then be determined whether the claim otherwise contains any additional elements or combination of additional elements sufficient to ensure that the claim recites an inventive concept, i.e., amounts to significantly more than the exception itself (i.e., Step 2B). Revised Step 2A overlaps with Step 2B, and thus, many of the considerations need not be reevaluated in Step 2B because the answer will be the same. However, a conclusion under revised Step 2A that an additional element was insignificant extra-solution activity should be reevaluated in Step 2B to determine if the element(s) are well-understood, routine, and conventional in the relevant field as discussed in MPEP § 2106.05(d).5
In the present application, claims 1–8 are directed to an article (e.g., non-transitory machine readable medium), claims 9-16 are directed towards a  machine (i.e., computing system); and claims 17-20  are directed to a process (i.e., method). Thus, the eligibility analysis proceeds to Step 2A.1. 
The limitations of claim 1 that define an abstract idea are identified in bold below:

cause a processor to:
receiving a request from a Relying Party to verify an attribute that is one or more of an identity and a credential of a user;
notifying the user of the request and receiving self-asserted attributes by the user;
obtaining Attribute Provider attributes from an Attribute Provider based on the self-asserted attributes; 
determining an answer to the request based on the self-asserted attributes and the Attribute Provider attributes; and 
providing the answer to the Relying Party.

Claim 1 recites an approach to verifyind a users credential based on a known attribute. The highlighted portions comprise a substantial part of claim 1 and recite activities that normally occur in the course of a relying party with a need (e.g., validation of a credential ) seeks a entity  who can provide a attestation of a users credential. The highlighted portions of claim 1 above recite a risk mitigation activity associated with a transaction  therefore the claim is found to recite an abstract idea under the grouping “certain methods of organizing human activity.” 
The judicial exception is not integrated into a practical application. In claim 1, the additional elements or combination of elements other than the abstract idea include a processor. The processor element is recited at a high level of generality an only generally linked to performance of the activities in the abstract idea in bold above. This is effectively adding the words “apply it” with the abstract idea.
Lastly, the additional elements, both individually and as an ordered combination, do not amount to significantly more than the judicial exception. As discussed under Step 2A.2, the 
Dependent claims 2–8, 9-16, and 18–20 further elaborate on the abstract idea identified in the independent claims by reciting details of the verification process, which is part of the risk mitigation activity such as :

receiving a response from the user including how much data to release to the Relying Party, wherein the answer is constrained based on the response to one of a yes/no answer, a range, and a detailed response.  
wherein the self-asserted attributes include any of name, date of birth, address, social security number, email address, phone number, driver's license number, and wherein the Attribute Provider attributes includes any of background checks, credit scores, verified version of the one or more self-asserted attributes, academic credentials, and professional licenses, accreditations, and memberships.  
utilizing one or more of the self-asserted attributes and the Attribute Provider attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider.  
storing the one or more cryptographically signed attributes in a personal data store associated with the user.  
wherein the storing comprises encrypting the one or more cryptographically signed attributes with an attribute specific symmetric key and then encrypting the symmetric key with a public key of the user.  
wherein each device associated with the user is associated with a unique public key, and wherein subsequent devices are registered and associated with a different public key and provided access to the one or more cryptographically signed attributes.  
wherein the personal data store is located in a data store communicatively coupled to a trust system and a private key associated with the public key is located in a user device.
These claims further recite “a user device , this element is recited at a high level of generality an only generally linked to performance of the activities in the abstract idea in bold above. This is effectively adding the words “apply it” with the abstract idea.
 Other than a “user device” there are no new additional elements beyond those analyzed in the independent claims, so the same analysis under Step 2A.2 and Step 2B applies, and these dependent claims are therefore ineligible.
In summary, the dependent claims considered both individually and as an ordered combination do not provide meaningful limitations to transform the abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more than the abstract idea itself. The claims do not recite an improvement to another technology or technical field, an improvement to the functioning of the computer itself, or provide meaningful limitations beyond generally linking an abstract idea to a particular technological environment. When the claimed invention is considered as a whole, it is reasonably interpreted as being directed to a risk mitigation activity, with little if any recited details about how that interaction is integrated into a practical application or amounts to an inventive concept. 



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


3.	Claims 1-5, 9-13 and 17-20 are rejected under 35 U.S.C. 102(a) (1) as being anticipated  by Richards et al. (US Patent Application Publication 2015/0128240).

4.	As per claims 1, 9 and 17, 
Richards et al. discloses a non-transitory computer-readable medium comprising instructions that, when executed, cause a processor to:
receiving a request from a Relying Party to verify an attribute that is one or more of an identity and a credential of a user; notifying the user of the request and receiving self-asserted attributes by the user; (Figure 5, element 512, paragraph 84 [requestors authentication request may be received … ])

determining an answer to the request based on the self-asserted attributes and the Attribute Provider attributes; (paragraph 85 [generation of a confidence score is considered an “answer”]  ) and
providing the answer to the Relying Party. (Figure 5, element 536, 538 paragraph 87 [access is granted or denied based on above stated “answer”]  ) 

5.	In regard to claim 9, Richards et al. discloses  a network interface communicatively coupled to a user device associated with a user; a processor communicatively coupled to the network interface; and memory storing instructions (Figure 1B, paragraph 35-36)

6.	As per claims 2, 10 and 18, 
Richards et al. discloses the non-transitory computer-readable medium of claim 1, further comprising 
receiving a response from the user including how much data to release to the Relying Party, wherein the answer is constrained based on the response to one of a yes/no answer, a range, and a detailed response.  (paragraph 62-63 [user responds by providing selected data to relying party, construed as a “detail response” ] )

7.	As per claim 3, 11 and  19,
Richards et al. discloses the non-transitory computer-readable medium of claim 1, further comprising 


8.	As per claims 4, 12 and 20,
Richards et al. discloses the non-transitory computer-readable medium of claim 1, further comprising 
utilizing one or more of the self-asserted attributes and the Attribute Provider attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider.  

9.	As per claims 5 and 13,
Richards et al. discloses the non-transitory computer-readable medium of claim 1, further comprising 
storing the one or more cryptographically signed attributes in a personal data store associated with the user.  (paragraph 73 [authentication records may be encrypted])

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the 


10.	Claim 6-8 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Richards et al. (US Patent Application Publication 2015/0128240) in view of Buttiker (US Patent Application Publication 2002/0176583).

11.	As per claims 6 and 14, 
Richards et al.discloses the non-transitory computer-readable medium of claim 5
Richards et al. does not explicitly disclose however  Buttiker  discloses wherein the storing comprises  encrypting the one or more cryptographically signed attributes (paragraph 23-33) with an attribute specific symmetric key  and then encrypting the symmetric key with a public key of the user.  (paragraph 56 ) 
It would be obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine the Richards et al. method of verification with Buttiker’s  teaching  in order to improve registration and authentication methods in public-key infrastructures thereby increasing the reliability of the system while keeping time and costs required for registration, authentication and processing at a low level. (Buttiker, paragraph 25)
12.	As per claims 7 and 15, 
Richards et al. discloses the non-transitory computer-readable medium of claim 5
Richards et al. does not explicitly disclose however  Buttiker  discloses wherein each device associated with the user is associated with a unique public key, and wherein subsequent devices are registered and associated with a different public key and provided access to the one or more cryptographically signed attributes. (Buttiker; paragraph 32, 49 [Examiner notes 
It would be obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine the Richards et al. method of verification with Buttiker’s  teaching  in order to improve registration and authentication methods in public-key infrastructures thereby increasing the reliability of the system while keeping time and costs required for registration, authentication and processing at a low level. (Buttiker, paragraph 25)
13.	As per claims 8 and 16, 
Richards et al. discloses the non-transitory computer-readable medium of claim 5
Richards et al. does not explicitly disclose however  Buttiker  discloses wherein the personal data store is located in a data store (Figure 1, element 58) communicatively coupled to a trust system and a private key associated with the public key is located in a user device.  (Figure 1, element 52, 55)
It would be obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine the Richards et al. method of verification with Buttiker’s  teaching  in order to improve registration and authentication methods in public-key infrastructures thereby increasing the reliability of the system while keeping time and costs required for registration, authentication and processing at a low level. (Buttiker, paragraph 25)


Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/J.M.W/Examiner, Art Unit 3685                                                                                                                                                                                                        
/STEVEN S KIM/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 84 Fed. Reg. 50, 51 (Jan. 7, 2019). 
        2 Id. at 52.
        3 Id. at 55.
        4 Id.
        5 Id. at 56.