Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	
Allowable Subject Matter
	Claim 10-11 and 13-16 are allowable.
Claims 7, 9 and 19 would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter:  

The prior art of record (in particular, Boysen U.S. Publication U.S. Patent 20120233705 (hereinafter "Boysen") in view of Kim U.S. Publication U.S. Patent 20110126010 (hereinafter "Kim"), in view of Gupta U.S. Publication U.S. Patent 20110148576 (hereinafter "Gupta")) does not expressly disclose all the limitations recited in independent claims and the combination of their features thereon. 
CLAIM 7 
With respect to dependent claim 7 the closest prior art does not disclose at least the following limitations in the recited context:
wherein generating the identity code includes generating the identity code to include an identification specific to the requesting party; and wherein the method further comprises verifying that the identification of the requesting party is specific to the requesting party prior to transmitting the response to the requesting party.

CLAIMS 10-11 AND 13-16
With respect to independent claim 10 the closest prior art does not disclose at least the following limitations in the recited context:
in response to at least one subsequent identity request: reject a query of one of the at least one subsequent identity request when the query of the one of the at least one subsequent 

Rather, Boysen discloses a hardware token provides a credential to a relying party terminal, and the relying party terminal summits the credential to a credential issuer server. The credential issuer server provides user attributes that are approved for disclosure to the relying party terminal [Boysen para. 40-41, 45-46, 95, 104, 117]. 
However, Boysen does not disclose at least the features of claim 7 or claim 10 quoted above.  
To this, Kim adds a server may provide an identity to the user. The user may submit the identity to a service terminal [Kim, para. 35-36, 39-40, 42-44, 53, 61]. Gupta adds generating a one-time identity code and sending it to a surrogate device. The surrogate device may then present the one-time identity code to other devices to represent identity of the user [Gupta, para. 9].
However, the combination of Boysen, Kim, and Gupta does not teach at least the features of claim 7 or claim 10 quoted above.  
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
For the reasons described above, the prior art of record does not disclose, with respect to dependent claim 7, features corresponding to those of dependent claim 7 in their respective contexts. Therefore, the dependent claim 7 is/are allowable.
For the reasons described above, the prior art of record does not disclose, with respect to independent claim 10, features corresponding to those of independent claim 10 in their respective contexts. Therefore, the independent claims 10 is/are allowable.
Dependent claims 11 and 13-16 is/are allowable in view of their respective dependence from independent claim 10.
CLAIMS 9 AND 19 
Dependent claims 9 and 19 recited features analogous to the features of claim 10 quoted above and also allowable for analogous reasons. 

Response to Amendment
	This communication is in response to the amendment filed on 01/13/2021. The Examiner acknowledges amended claims 1-11 and 13-20. Claim 12 has been cancelled, and no claim has been added. Claims 1-11 and 13-20 are pending and claims 1-6, 8, 17-18, and 20 are rejected.  Claims 7, 9, 10-11, 13-16, and 19 are allowable.  Claims 1, 10, and 17 is/are independent.
Applicant's arguments/amendments have been fully considered, and are persuasive with respect to claims 7 and 10 and claims depending from claim 10, but are unpersuasive with respect to claim 1 and the remaining claims. 
	
	
Response to Arguments
Applicant's arguments filed 01/13/2021 have been fully considered but they are unpersuasive.
Applicant argues (e.g., page 10-11 of Applicant’s arguments) that:
In contrast, Boysen, as cited by the Office, discloses identity attribute validation. See, Abstract. During authentication, the relying party terminal 120 receives a credential, which the Office asserts is an identity code, from the hardware token 110. See, ¶0040. The hardware token 110 in Boysen "includes a secure data processor that is implemented using smart card technology . . . [and] stores sensitive information required for implementation of the cryptographic and proprietary algorithms, including the unique identifier (CFFID) of the Hardware Token 110, a Trusted Hardware private encryption key THPrivK and a Trusted Hardware Public Certificate THPubC. [] Both THPrivK and THPubC are installed on the Hardware Token 110 by the Credential Is suer before the Hardware Token 110 is shipped to the intended recipient." See, ¶0038, emphasis added. Upon receipt of the "credential" from the hardware token 110, the relying party terminal 120 transmits the credential and a request to the
Credential Issuer Server 140. See, ¶0040. The credential may include a pseudo-random code. See, ¶0063. 
Upon receipt of the credential and the request, the Credential Issuer Server 140 validates the credential using the UPubC thereby "verifying that the credential was generated from UPubC and is uniquely associated with the Token Manager 100." See, ¶0104. 
NO user included in the process. See, FIG. 7. The process of FIG. 7 is more generally described in ¶95, where the credential issuer server 140 determines the validity of a credential generated by the hardware token 110. In connection therewith, at step 5704, the relying party terminal 120 logs in "by providing the Relying Party's UPubC." See, ¶0096, emphasis added. The token manager generates the credential from the UPubC and provides the credential to the relying party terminal 120, which then provides the credential to the credential issuer terminal 140 at S708. At this point there is NO user, as the credential is indicative of the relying party. While ¶0104 does refer to the UserID and the serial number 321, each is again associated with the relying party, and NOT any user. This is made clear, in ¶0091, which indicates that the credential issuer server 140 relies on the UserID to identify the UPubC (of the relying party) to perform the validation, which is based on "the Credential Issuer Server 140 [saving] UPubC [] and [linking] the Token Manager Serial Number 321 [of the hardware token 110] and the Relying Party's attribute disclosure profile to UPubC via the UserID." See, ¶0091, emphasis added. 
The cited part of FIG. 7 includes, ultimately, establishing an encrypted session between the token manager and the credential issuer server 104. See, S710 of FIG. 7. Then, once established, the token manager 100 is permitted to participate in the authentication process, in connection with the presentment of the hardware token 110. Regardless, there is no user identified in Boysen based on the credential in step S708. For this reason, the obviousness rejection is deficient. 

Examiner respectfully disagrees. Boysen et al. U.S. Publication 20120233705 (hereinafter “Boysen”) paragraph 50 indicates that:
the Hardware Token 110 and the Token Manager 100 need not be implemented as separate devices; rather, the functionality of the Hardware Token 110 may be embedded within the Token Manager 100 such that the Hardware Token 110 and the Token Manager 100 comprise a single device.

This means that the terminal user may be represented by the combination of hardware token 110 and token manager 100. The credential generated by either the hardware token 110 or token manager 100 may then be the terminal user’s credential. Such a credential may be a pseudo-random code (para. 63). Thus, the credential referred to in para. 104 while describing Figure 7 may represent the user and validating the credential identifies the user. Also, even without considering Figure 7, paras. 40 and 95 describe credential issuer server 140 validating the credential generated by the hardware token 110, which represents the user, thereby identifying the user before providing the user attribute data to the relying party as a response. 

.Applicant argues (e.g., page 11 of Applicant’s arguments) that:
In rejecting Claim 1, the Office admits that Boysen fails to disclose generating the credential, in response to a request. To remedy the shortcoming, the Office cites to Kim to disclose a request for a user identity and generating a identity for the user and sending it to the mobile terminal. See, Office action dated August 13, 2020, at p. 8. Specifically, for the generating of the "identity code," the Office cites to ¶0039 and ¶0042-43 of Kim. At ¶0039, Kim discloses the web server generates "the identity" of the user and sends it to the mobile terminal, or the web server may request the identity from the user. There is however no identity code in this part of Kim. And, Kim discloses that the identity includes the phone number or an address of the user (see, ¶0035), and as to ¶0042-43, that the web server "generates" a response which includes the identity of the user and provides the identity to a services terminal. Specifically, the "response generation unit 250" generates a response to an identity signal and provides the response (included the identity requested) to the service terminal. See, ¶0043. There is still no identity code. 

Examiner respectfully disagrees. Regarding the Kim reference, the identity code of claim 1 is disclosed by the identity of Kim because the identity of Kim is used to perform the same  functions as the identity code recited in claim 1. The identity of Kim may be a phone number (para. 35) and the identity of Kim is used to represent a user in various procedures in Kim come analogous to the use of the identity code in Claim 1. For example, the identity in Kim is generated by a Web server (para. 39), sent to the user’s mobile terminal (para. 39), and the identity in Kim is provided by the user to a service terminal (para. 40).   
Applicant argues (e.g., page 12 of Applicant’s arguments) that:
That said, there is no teaching in the suggested combination that an identity host 
computing device both generates an identity code (distinct from an identity) and then identifies the user based on the code and compiles a response for a query included in a request including the identity code. Specifically, in Boysen, the "credential" is from the hardware token, and validated by the credential issuer server (see, FIG. 7), which is separate from the hardware token. In adding the disclosure of Kim, the "identity" is generated by a web server 20. There is however no suggestion that the web server 20 of Kim be included either in the token manager 100 or 100' or the user terminal 120' - or the credential issuer server 140 in Boysen. There is therefore no teaching in the art of the recited operation in Claim 1 being by the SAME computing device. 

Examiner respectfully disagrees. The web server of Kim generates the identity and provides the identity information to the user (para. 39). User then provides this identity information in the Kim reference to a service terminal which is a relying party. Modifying Boysen to incorporate the teaching of Kim reference simply modifies a server to generate and send identity data (credential in Boysen) to the user, rather than the credential data being generated by the Boysen hardware token. Whether the token is generated by a Web server as taught in Kim added to the disclosure of Boysen or generated by the credential issuer server 140 in Boysen is simply a matter of choosing from a limited number of design choices. Since the credential issuer issues the credential in Boysen, the credential server is the suitable candidate to issue credentials (similar to the Web server of Kim) if modified according to the teaching of the Kim reference. 
MPEP section 2144 states that “[t]he rationale to modify or combine the prior art does not have to be expressly stated in the prior art; the rationale may be expressly or impliedly contained in the prior art or it may be reasoned from knowledge generally available to one of ordinary skill in the art…. The strongest rationale for combining references is a recognition, …. that some advantage or expected beneficial result would have been produced by their combination.”. In this case, the Credential Issuer Server 140 validates the credential (para. 40, 95 and 104), and there is an advantage to the Credential Issuer generating the credential since the Credential Issuer has control of the credential and control of the credential generating process, and can reduce the likelihood of malicious third parties gaining access to the credential generating process without the knowledge of the Credential Issuer. Furthermore, the credential issuer would need access to a database of credentials and the credential server generating the credentials would facilitate acquisition, maintenance and continued access to the database of credentials. 
Applicant argues (e.g., page 12 of Applicant’s arguments) that:

And also, the Office's logic in combining Boysen and Kim is flawed. The Office argues that generating the credential by the hardware token in Boysen may be replaced by the web server generating and providing the user identity in Kim. See, Office action dated Aug. 13, 2020, at p. 12. This would not be obvious for at least two reason. Initially in Boysen, the hardware token is necessary to establish an encrypted session between the token manager and the credential issuer server 104. See, FIG. 7, after step S710. If there is no hardware token 110, as suggested by the Office, there is NO way to establish the communication cited in FIG. 7, and there can be NO "identity" passed from a web server (instead of the hardware token 110) to a relying party. 
 
Examiner respectfully disagrees. Modifying the system of the Boysen reference does not require removing the hardware token 110. The hardware token 110 as modified simply receives and stores the credential and then sends out the credential, similar to how the mobile terminal 10 in the Kim reference receives and stores the identity (para 39).
Applicant argues (e.g., page 13 of Applicant’s arguments) that:
Further, there is NO response to continue after the "credential" in Boysen when combined with Kim, as cited. Kim discloses that the identity is provided to the service terminal. See, ¶0043 of Kim. If that is added to Boysen, the process is over. The point is to provide the identity, and Kim teaches that the identity itself - and NOT an identity code - is provided. Once the identity is provided, there is no reason to identify the user, or compile a response to a query - because the relying party has the identity. 

Examiner respectfully disagrees. The identity in the Kim reference is an attribute associated with the user and selected by the user, such as a phone number or address, to represent the user with respect to a service terminal or Web server 20 (Kim para. 35, 44). The identity in the Kim reference is not the true identity of the user, but is merely an attribute which represents the user for the purpose of interacting with a particular service. That is, the Kim service terminal only receives a representation of the user for the particular service terminal and does not teach away from performing other operations with respect to the identity.   Furthermore, because the service terminal in Kim only receives an attribute which is representative of the user (e.g. identity) as selected by the user, the service terminal would also need to query for other information and would need to determine the identity of the user as well as query for other attributes of the user to complete any service transactions.

Moreover, the combination would change the principle of the operation of Boysen. See, MPEP 2143.01(VI) (If the proposed modification or combination of the prior art would change the principle of operation of the prior art invention being modified, then the teachings of the references are not sufficient to render the claims prima facie obvious.). In particular, Boysen relies on the hardware token throughout its description of the alleged invention as a manner of establishing and communicating related to a user identity. In the absence of the hardware token 110, there is NO available manner of storing "sensitive information required for implementation of the cryptographic and proprietary algorithms" needed for the invention. See, ¶0038 of Boysen. The presence of this information at the hardware token, with the user (or relaying party) enables the communication described in Boysen, and is therefore critical to the alleged invention of Boysen. See, ¶¶0013, 0038, 0067-68, etc. Replacing the hardware token 110 in Boysen with a web server would change the principle of operation of the origin and presentment of the credential, whereby the combination is improper. It would also make Boysen unsuitable for its intended purposes, by eliminating, among other things, the encrypted communication capability relied on in Boysen, whereby, again, the combination is improper. See, MPEP 2143.01(V) (If a proposed modification would render the prior art invention being modified unsatisfactory for its intended purpose, then there is no suggestion or motivation to make the proposed modification). 


Examiner respectfully disagrees. The hardware token of Boysen currently has the ability to store the credential before sending the credential (para. 16, 18, 38). The modification to Boysen would merely require the hardware token to store a credential received from a server, which does not change the principle of operation of Boysen and does not render Boysen unsuitable for its intended purpose.

Applicant argues (e.g., page 13-14 of Applicant’s arguments) that:

And finally, in rejecting Claim 1, the Office relies on Gupta to disclose the one-time 
code. See, Office action dated Aug. 13, 2020, at p. 13. Initially, the additional citation of Gupta fails to remedy the shortcomings outlined above. Furthermore, the combination of Gupta is improper. As explained above, an obviousness combination cannot stand where a reference is made unsuitable for its intended purpose, or where the combination changes the principle of operation of the reference. See, MPEP 2143.01. Here, the suggested combination does both. In rejecting Claim 1, the Office suggested that the "identity" of Kim be replaced with a one-time code. The point of Kim, however, is to disclose the identity of the user, and not a code. In Kim, the identity is either a user's home address or a phone number - or more broadly identifying information of the user. See, ¶0035. The object of Kim is to enable the user identity to be provided to a service terminal or web server. See, ¶0012. By eliminating the identity, and adding a one-time code devoid of the identity of the user, the whole purpose of Kim is destroyed. The intended purposes is to relay a user's identity, which is eliminated, and the principle of operation is to actually provide the identity (and not a code), which is also eliminated. 

Examiner respectfully disagrees. Since Kim describes that the user may provide a different “identity” to a different service terminal or web server, the “identity” merely serves as a recipient-specific code representative of the user for that particular recipient of the code, and is not an actual identity of the user (para. 35, 44, 82). Apparently, using the phone number or home address as the recipient-specific code (“identity”) is sufficient in Kim to represent the user (para. 82, 35). Similarly, using a one-time code as taught in the Gupta reference would also serve to represent the user for interactions between the user and the recipient of the “identity” information. Thus, the intended purpose of Kim, which is to provide a representation of the user for purpose of interaction between the user and the service terminal, is preserved with the one-time code to represent the user as taught in the Gupta reference. Further, the combination including Gupta does not change the principle of operation of the Kim reference since the one-time code is functional to represent the user similar to the telephone number. Perhaps applicant may consider clarifying the scope of use of the one-time code.
Accordingly, Applicant's argument regarding claim 1 is unpersuasive.

Applicant argues (e.g., page 14 of Applicant’s arguments) that:
Independent Claim 10 is amended herein to recite subject matter included in allowed 
Claim 12. Accordingly, Applicant submits that Claim 10 and the claims dependent therefrom are patentable over Boysen, Kim, and Gupta. In particular, the suggested combination fails to teach a computing device configured to (in response to at least one subsequent identity request) reject a query of one of the at least one subsequent identity request when the query of the one of the at least one subsequent identity request is different than the first query of the identity request, but specific to a same one of the multiple attributes included in the first query of the identity request. Reconsideration and withdrawal of this rejection of Claim 10, and of Claims 11 and 13-15 depending therefrom, are respectfully requested. 

Based on the amendment to claim 10, Examiner agrees claim 10 is allowable. Examiner has indicated that claim 10 and its dependent claims recite allowable subject matter.

In rejecting Claim 17, the Office again relies on the logic set forth in its rejection of Claim 1. However, Boysen in view of Kim and Gupta fails to teach each and every feature of Claim 17, for reasons similar to those explained above for Claim 1. For example, Boysen in view of Kim and Gupta fails to teach the recited identity host computing device (as the same computing device) performing the recited operations), and, in response to the request for the identity code, generate the identity code for the user and transmit the identity code to the user at a communication device associated with the user. What's more, the combination of Boysen, Kim, and Gupta is improper for the numerous reasons explained above. 
For the above reasons, Claim 17 is non-obvious and patentable over Boysen and Kim. Reconsideration and withdrawal of this rejection of Claim 17 are respectfully requested. 

Examiner respectfully disagrees. Claim 17 is properly rejected for the same reasons as discussed above with respect to Claim 1.

Applicant argues (e.g., pages 16 of Applicant’s arguments) that:
Claims 5 and 6 depend from independent Claim 1, Claim 16 depends from independent 
Claim 10, and Claim 18 depends from independent Claim 17. Claims 1, 10, and 17 are patentable over the suggested combination of Boysen, Kim, and Gupta for the reasons stated above. In addressing the additional features of Claims 5-6, 16, and 18, the Office additionally cites to Morozov and Mo as supplementing Boysen, Kim, and Gupta. However, Morozov and Mo fail to remedy the above-noted shortcomings of Boysen, Kim, and Gupta, with reference to Claims 1, 10 and 17. As such, even assuming, arguendo, that the suggested combination of Boysen, Kim, Gupta, Morozov, and Mo is proper and that Morozov and Mo actually disclose the subject matter asserted by the Office, Claims 5-6, 16, and 18 are still patentable over the suggested combination of Boysen, Kim, Gupta, Morozov, and Mo, at least, based on their dependency from respective ones of independent Claims 1, 10 and 17. Reconsideration and withdrawal of this rejection of Claims 5- 6, 16, and 18 is therefore respectfully requested.

Examiner respectfully disagrees. The combination of references is proper and the limitations of claims 5-6, 16, and 18 are rejected for the reasons indicated below. 

Applicant argues (e.g., pages 16-18 of Applicant’s arguments) that the rejection of claim 7 is improper. Based on the amendment of claim 7, examiner has indicated that claim 7 recites allowable subject matter.
Applicant argues (e.g., page 18 of Applicant’s arguments) that 



	Examiner respectfully disagrees. The rejection for claim 20 is proper as indicated below.

Accordingly, Applicant's argument regarding claim 20 is unpersuasive.

	Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective 

Claims 1-6, 8, 17-18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boysen et al. U.S. Publication 20120233705 (hereinafter “Boysen”) in view of Kim et al. U.S. Publication 20110126010 (hereinafter “Kim”), further in view of Gupta et al. U.S. Publication 20110148576 (hereinafter “Gupta”).

As per claim 1, Boysen discloses 
a computer-implemented method for use in responding to attribute queries related to identifying information for a user, based on a digital identity of the user, the method comprising: 
(See Boysen Para. [0040]
“during the Authentication process ….. the Relying Party Terminal 120 receives a credential”[digital identity = credential]
Boysen [0093]
“Authentication process…. FIG. 7” [computer-implemented method ]
Boysen [0095]
“Credential Issuer Server 140 …provides the Relying Party Terminal 120 with a response to the identity attribute validation request”
[responding to attribute queries]
Boysen [0044]
“Attribute Database 525 includes attributes data [multiple attributes …. identifying information…..from at least one attribute provider;] associated with each Hardware Token 110”
[attributes data associated with each Hardware Token 110 = identifying information] 
)

the user associated with identifying information and the identifying information including multiple attributes of the user; 
Boysen [0044]
“Attribute Database 525 includes attributes data [identifying information including multiple attributes] associated with each Hardware Token 110”
[0129] ‘bearer of the Hardware Token 110 (terminal user)’ [user associated with identifying information]

 receiving, at the identity host computing device, an identity request from the requesting party including at least one query specific to at least one of the multiple attributes of the user and including the identity code for the user; 
(See Boysen [0040]
“during the Authentication process ….. the Relying Party Terminal 120 receives a credential [credential = identity code] from a Hardware Token 110....... [requesting party = Relying Party Terminal 120] transmits the credential and an identity attribute validation request [query = identity attribute validation request;  at least one of the multiple attributes = identity attribute] to Credential Issuer Server 140 [receiving, at a processor, an identity request; query = identity attribute validation request; identity code = credential;].”
Boysen [0041]
“attribute data [multiple attributes] associated with the credential authorized for disclosure …. but excluding attribute data [multiple attributes] associated with the credential not authorized for disclosure.” 
Boysen [0046] “during the Authentication process …. Credential Issuer Server 140 receives an identity attribute validation request [one query = identity attribute validation request]  from the Relying Party Terminal 120 [receiving, at a processor, an identity request]. Identity Attribute Validation Request Processor 510 [processor] is configured to determine the validity of a credential…..”
Boysen [0063]
“The credential may be …. a pseudo-random code [identity code].”
Boysen Para. [0104]
“Credential Issuer Server 140 also validates the credential by verifying that the Serial Number 321 [identity code]… included in the credential was associated with the Token Manager 100 (via the UserID [identifying, by the processor, the user]) during the Registration process.”
)

in response to the identity request: 
identifying, by the identity host computing device, the user based on the identity code; 
(See Boysen 
Boysen Para. [0040]
“…. during the Authentication process,…..The Identity Attribute Validation procedure 402 transmits the credential and an identity attribute validation request [the identity request] to Credential Issuer Server 140, ……,
Para. [0104]
“Credential Issuer Server 140 validates the credential [identifying, by the processor, the user] using UPubC, …[This shows how the validation of the credential is performed which involves identifying the user] may also validate the credential by comparing the pseudo-random code against an expected value for the pseudo-random code [identity code]. … Credential Issuer Server 140 also validates the credential by verifying that the Serial Number 321 [identity code] that was included in the credential was associated with the Token Manager 100 (via the UserID [identifying, by the processor, the user]).”

the Hardware Token 110 and the Token Manager 100 need not be implemented as separate devices; rather, the functionality of the Hardware Token 110 may be embedded within the Token Manager 100 such that the Hardware Token 110 and the Token Manager 100 comprise a single device.

This means that the terminal user may be represented by the combination of hardware token 110 and token manager 100. The credential generated by either the hardware token 110 or token manager 100 may then be the terminal user’s credential. Such a credential may be a pseudo-random code (para. 63). Thus, the credential referred to in para. 104 while describing Figure 7 may represent the user and validating the credential identifies the user. Also, even without considering Figure 7, paras. 40 and 95 describe credential issuer server 140 validating the credential generated by the hardware token 110, which represents the user, thereby identifying the user before providing the user attribute data to the relying party as a response. 
Also, para. 114-115, which also describes Figure 7, describes validating the credential received from the hardware token 110, the hardware token 110 being unique to the terminal user, and para. 117 describes providing the user attribute data to the relying party upon successful validation of the credential. ]
)

compiling, by the identity host computing device, a response to the at least one query of the identity request, the response including an answer to the at least one query based on the at least one of the multiple attributes of the user included in the identifying information of the user from at least one attribute provider, 
(See Boysen 
[0007] ‘….. The attribute validation response includes attribute data [response including an answer to the at least one query ] associated with the credential authorized for 
Figure 3a attribute database 525 [at least one attribute provider]
Boysen Para. [0040]
“…. during the Authentication process,…..The Identity Attribute Validation procedure 402 transmits the credential and an identity attribute validation request to Credential Issuer Server 140, ……, receives a response [compiling, by the processor, a response] to the identity attribute validation request [at least one query of the identity request] from the Credential Issuer Server 140. The attribute validation response is based on an outcome of a determination of validity of the credential by the Credential Issuer Server 140.”
Boysen [0044]
“Attribute Database 525 includes attributes data [multiple attributes …. identifying information…..from at least one attribute provider;] associated with each Hardware Token 110”
[attributes data associated with each Hardware Token 110 = identifying information], 
Boysen [0045]
“The attributes data may include absolute attribute data …..age, physical characteristics, and/or personal characteristics [multiple attributes of the user; identifying information]”. 
“attributes data …. may include relative attributes data [multiple attributes of the user included in the identifying information] (i.e. attributes data expressed relative to a requirement of the Relying Party), such as …whether….satisfies a minimum age requirement.”[These attributes are some of the answer to query]
Boysen [0046] “Identity Attribute Validation Request Processor 510 [processor; inside credential issuer server 140] is … to provide the Relying Party Terminal 120 with a response [compiling, by the processor, a response] to the identity attribute validation request based on an outcome of the credential validity determination.”
[0117]
queries the attributes data [from at least one attribute provider], with the CFFID [the unique identifier (CFFID) of the Hardware Token 110, See [0038]] and correlates the result with the list of authorized attributes for the attributes data [these attributes are some of the data that may be included in the answer to the query] associated with the CFFID that are authorized for disclosure to the Relying Party [the disclosure is the answer to the query]”
See also para. 47, “validates the credential” and “attribute validation response may indicate whether the credential was validated.”
)

wherein the response excludes the at least one of the multiple attributes of the user; and 
(See Boysen [0041]
“attribute validation response may include attribute data associated with the credential authorized for disclosure to the Relying Party Terminal 120 but excluding attribute data associated with the credential not authorized for disclosure to the Relying Party Terminal 120”
)

 transmitting the response to the requesting party, thereby permitting the requesting party to be informed about the identity of the user based on the answer to the at least one query, without revealing the identifying information of the user to the requesting party.
(See 
Boysen [0009]
“identity attribute validation request processor … provide the communication device [requesting party] with a response to the identity attribute validation request based on an outcome of the credential validity determination.”

“during the Authentication process ….. The Identity Attribute Validation Request Processor 510 …. Provide the Relying Party Terminal 120 with a response to the identity attribute validation request based on an outcome of the credential validity determination.”
[permitting the requesting party to be informed about the identity of the user based on the answer to the at least one query is disclosed since the attribute validation request has been responded to, and the response indicates the identity of the user, such as whether the user  meetS the minimum age requirement, para. 45]
[The identifying information of the Boysen reference, as indicated above, is the attributes data associated with the token in the database 525. Since in some scenarios the attributes data associated with the token is not revealed to the requesting party, such as when the attribute data is excluded by the attribute profile, this discloses without revealing the identifying information of the user to the requesting party.]
)

	However, Boysen does not expressly disclose 
receiving, by an identity host computing device, a request for an identity code for a user from a user computing device associated with the user, 
in response to the request for the identity code, generating, by the identity host computing device, the identity code for the user and transmitting the identity code to the user computing device, thereby permitting the user to present the identity code to a requesting party; and
wherein the identity code is a one-time code and does not include identifying information of the user

Kim discloses 
receiving, by an identity host computing device, a request for an identity code for a user from a user computing device associated with the user, 
(See Kim Para. [0039]
“the mobile terminal 10 may request the user identity [receiving a request for an identity code], generated by the web server 20, from the web server 20.”
)

in response to the request for the identity code, generating, by the identity host computing device, the identity code for the user and transmitting the identity code to the user computing device, 
thereby permitting the user to present the identity code to a requesting party; 

(See Kim Para. 
[0035]
“service terminal 30 [requesting party] ….. requests required identity from the management server 110 …. [management server 110 is part of user’s mobile terminal 10, e.g., user computing device, as shown in figure 1],…receives the requested identity from the management server 110.[ user to present the identity code to a requesting party]….., the required identity may be a user's home address or telephone number. [identity code = telephone number]”
Kim [0036]
“user loses his mobile terminal 10” [user computing device associated with the user]
Kim [0039]
“mobile terminal 10 may request the user identity [receiving a request for an identity code], generated by the web server 20, from the web server 20. In response to the request from the mobile terminal 10, the web server 20 may generate the identity for the user and send it to the mobile terminal 10.” [generating and transmitting the identity code for the user to the user at a user computing device]
Kim [0040]
“the service terminal 30 [requesting party = service terminal 30] may request a required identity from the mobile terminal 10 [user computing device= mobile terminal 10], and the mobile terminal 10 may send the requested identity to the service terminal 30 [thereby permitting the user to present the identity code to a requesting party]”
Kim [0042]
“An identity may not only be provided by the web server 20” [generating and transmitting the identity code for the user to the user]

Kim [0043]
“The envelope generation unit 254 [inside management server 110 part of user’s mobile terminal 10] generates an envelope, which is a format for transmitting an identity. The envelope includes the identity requested by the service terminal 30.” [the user to present the identity code to a requesting party]
Kim [0044]
“…deleting a user identity generated by the web server 20 [generating].”
Kim [0053]
“management server 110 [which is part of user’s mobile terminal 10, e.g., user computing device, as shown in figure 1] sends an envelope, including a requested identity, to the service terminal 30 [thereby permitting the user to present the identity code to a requesting party;  requesting party = service terminal 30]”
Kim [0081]
“web server 20 may require the user's specific identity. For example, when a user requests the delivery of a product, the web server 20 may require the user's home address and identity code]. In this case, the web server 20 sends an identity request signal, including the identification code of the identity required for the provision of the service, to the management server 110 at step S901. The identity identification code [identity code]”
[the identity code of claim 1 is disclosed by the identity of Kim because the identity of Kim is used to perform the same  functions as the identity code recited in claim 1. The identity of Kim may be a phone number (para. 35) and the identity of Kim is used to represent a user in various procedures in Kim come analogous to the use of the identity code in Claim 1. For example, the identity in Kim is generated by a Web server (para. 39), sent to the user’s mobile terminal (para. 39), and the identity in Kim is provided by the user to a service terminal (para. 40).   
The web server of Kim generates the identity and provides the identity information to the user (para. 39). User then provides this identity information in the Kim reference to a service terminal which is a relying party. Modifying Boysen to incorporate the teaching of Kim reference simply modifies a server to generate and send identity data (credential in Boysen) to the user, rather than the credential data being generated by the Boysen hardware token. Whether the token is generated by a Web server as taught in Kim added to the disclosure of Boysen or generated by the credential issuer server 140 in Boysen is simply a matter of choosing from a limited number of design choices. Since the credential issuer issues the credential in Boysen, the credential server is the suitable candidate to issue credentials (similar to the Web server of Kim) if modified according to the teaching of the Kim reference. 
MPEP section 2144 states that “[t]he rationale to modify or combine the prior art does not have to be expressly stated in the prior art; the rationale may be expressly or impliedly contained in the prior art or it may be reasoned from knowledge generally available to one of ordinary skill in the art…. The strongest rationale for combining references is a recognition, …. that some advantage or expected beneficial result would have been produced by their combination.”. In this case, the Credential Issuer Server 140 validates the credential (para. 40, 
Modifying the system of the Boysen reference does not require removing the hardware token 110. The hardware token 110 as modified simply receives and stores the credential and then sends out the credential, similar to how the mobile terminal 10 in the Kim reference receives and stores the identity (para 39).
The identity in the Kim reference is an attribute associated with the user and selected by the user, such as a phone number or address, to represent the user with respect to a service terminal or Web server 20 (Kim para. 35, 44). The identity in the Kim reference is not the true identity of the user, but is merely an attribute which represents the user for the purpose of interacting with a particular service. That is, the Kim service terminal only receives a representation of the user for the particular service terminal and does not teach away from performing other operations with respect to the identity.   Furthermore, because the service terminal in Kim only receives an attribute which is representative of the user (e.g. identity) as selected by the user, the service terminal would also need to query for other information and would need to determine the identity of the user as well as query for other attributes of the user to complete any service transactions.
]
)


receiving, by an identity host computing device, a request for an identity code for a user from a user computing device associated with the user, 
in response to the request for the identity code, generating, by the identity host computing device, the identity code for the user and transmitting the identity code to the user computing device, 
thereby permitting the user to present the identity code to a requesting party.

One of ordinary skill in the art would have made this modification to improve the ability of the system to provide user identities, so the user may be identified across different organizations. The generating of the credential by the hardware token 110 in the reference can be replaced by the Web server 20 generating and providing the user identity as in Kim. That is, the technique of having a server generate and send the identity to a user terminal as in Kim can be applied to modify Boysen so that the credential server generates and sends the credential to the hardware token.  The hardware token can store the credential in its storage and send the credential to the relying party when needed. This can provide a centralized server for providing the credential/user identity which allows a centralized location for management of the credentials/user identities, therefore reducing the possibility of tampering of the credential/user identity.  
The hardware token of Boysen currently has the ability to store the credential before sending the credential (para. 16, 18, 38). The modification to Boysen would merely require the hardware token to store a credential received from a server, which does not change the principle of operation of Boysen and does not render Boysen unsuitable for its intended purpose.


However, the combination of Boysen and Kim does not expressly disclose wherein the identity code is a one-time code and does not include identifying information of the user
Gupta discloses in response to the request for the identity code, generating, by the identity host computing device, the identity code for the user and transmitting the identity code  to the user computing device, and wherein the identity code is a one-time code and does not include identifying information of the user
(See Gupta Para. [0009] ‘…… the particular person, seeking entry to a secure area, enters a fingerprint image or an eye image via one of the biometric input mechanisms, which is transmitted via the wireless transceiver to a server that associates the image received with a stored personal profile, generates the one-time identity code, and sends it to the surrogate device.’
[Since Kim describes that the user may provide a different “identity” to a different service terminal or web server, the “identity” merely serves as a recipient-specific code representative of the user for that particular recipient of the code, and is not an actual identity of the user (para. 35, 44, 82). Apparently, using the phone number or home address as the recipient-specific code (“identity”) is sufficient in Kim to represent the user (para. 82, 35). Similarly, using a one-time code as taught in the Gupta reference would also serve to represent the user for interactions between the user and the recipient of the “identity” information. Thus, the intended purpose of Kim, which is to provide a representation of the user for purpose of interaction between the user and the service terminal, is preserved with the one-time code to represent the user as taught in the Gupta reference. Further, the combination including Gupta does not change the principle of operation of the Kim reference since the one-time code is functional to represent the user similar to the telephone number. Perhaps applicant may consider clarifying the scope of use of the one-time code.]

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Boysen and Kim with the technique for generating one-time identity code of Gupta to include wherein the identity code is a one-time code and does not include identifying information of the user.
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate codes that may be used only once and therefore are more secure than codes that are permanent. The technique taught in the Kim reference can be modified to generate the one-time code.


The previously cited combination of Boysen in view of Kim in view of Gupta does not disclose:  	
authenticating the user prior to receiving the request for the identity code for the user.
However, in a previously uncited passage, Kim discloses authenticating the user prior to receiving the request for the identity code for the user.
(See Kim 
 [0064]
“When the user inputs user authentication information (e.g., a Personal Identification Number (PIN) or biometric information) through the browser 12, the management server 110 becomes available to the user at step S702.. Although the user authentication information may be input by the user”)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Boysen with the authentication technique of Kim to include authenticating the user prior to receiving the request for the identity code for the user.
One of ordinary skill in the art would have made this modification to improve the ability of the system to ensure that only authorized individuals are permitted to submit requests for credentials. The credential issuer server 140 of the Boysen reference can be modified to perform the authentication of the user before receiving the request for the credential.

As per claim 3, the rejection of claim 1 is incorporated herein. 
The previously cited combination of Boysen in view of Kim in view of Gupta does not disclose:  
seeking, by the identity host computing device, confirmation from the user associated with the identity request, prior to compiling the response to the identity request.
seeking confirmation from the user associated with the identity request, prior to compiling the response to the identity request.
(See Kim Para. [0083] ‘The user checks the HTTP response message and sends a signal indicative of the approval of sending the identity to the management server 110 through the browser 12 at step S903;’ see also para. 78, 91, 99)
). 
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Boysen with the technique for seeking confirmation from the user to respond to an identity confirmation request of Kim to include seeking, by the identity host computing device, confirmation from the user associated with the identity request, prior to compiling the response to the identity request.
	One of ordinary skill in the art would have made this modification to improve the ability of the system to be flexible in determining whether or not to grant the identity request confirmation based on shifting user requirements. This grants the system the ability to adapt to user requirements as they change. The system of the primary reference can be modified with the technique for seeking confirmation from the user to respond to an identity confirmation request of Kim.

As per claim 4, the rejection of claim 1 is incorporated herein. 
Boysen in view of Kim in view of Gupta discloses 
identifying, by the identity host computing device, the at least one attribute provider based on at least one attribute identified in the at least one query; 
submitting, by the identity host computing device, the at least one query to the identified at least one attribute provider; and 
(See Boysen [0040]
identity code] from a Hardware Token 110....... [requesting party = Relying Party Terminal 120] transmits the credential and an identity attribute validation request
Boysen [0045]
“The attributes data may include absolute attribute data …..age, physical characteristics, and/or personal characteristics”. 
“attributes data …. may include relative attributes data (i.e. attributes data expressed relative to a requirement of the Relying Party [based on at least one attribute identified in the at least one query]), such as …whether….satisfies a minimum age requirement.”
Boysen [0117]
“The Credential Issuer Server 140 then queries the attributes data [identifying, by the processor, the at least one attribute provider; submitting, by the processor, the at least one query], with the CFFID [the unique identifier (CFFID) of the Hardware Token 110, See [0038]] and correlates the result with the list of authorized attributes for the attributes data associated with the CFFID that are authorized for disclosure to the Relying Party”
See also Boysen para. 47, “validates the credential” and “attribute validation response may indicate whether the credential was validated.”
)

receiving an attribute response from the at least one attribute provider to the at least one query; 
wherein compiling the response to the at least one query of the request includes compiling the response based on the attribute response from the at least one attribute provider.
(See Boysen Para. 
compiling the response] to a communication device. “
Boysen [0044]
“Attribute Database 525 includes attributes data associated with each Hardware Token 110, and an attribute disclosure profile for each Relying Party identifying the scope (attributes) of the attribute data authorized for disclosure to the associated Relying Party.”
Boysen [0109]
“Credential Issuer Server 140 locates the attribute disclosure profile [receiving an attribute response] that is associated with the UPubC to determine whether the associated Relying Party is entitled to disclosure of the identity attributes (if any) specified in the Identity Attribute Disclosure message.”
).

As per claim 8, the rejection of claim 1 is incorporated herein. 
The combined teaching of Boysen and Kim and Gupta discloses: 
processor and memory.
(See Boysen Para. [0038] “a micro-processor (sometimes called a micro-controller or crypto-processor) and protected memory. …The protected memory stores sensitive information required for implementation of the cryptographic and proprietary algorithms”
[0053] “As shown, the Secure Element 200 is divided into a microprocessor area 300 and a protected memory area 320.”
)

However, the previously cited combination of Boysen in view of Kim in view of Gupta does not expressly disclose 
storing a digital identity for the user in memory coupled to the processor; and 
wherein identifying the user based on the identity code includes identifying the user to the digital identity in the memory based on the identity code.

Kim, in a previously uncited section, discloses 
storing a digital identity for the user in memory coupled to the processor; and 
wherein identifying the user based on the identity code includes identifying the user to the digital identity in the memory based on the identity code.
(See Kim Para. [0110] “The meaning of each identity and a code used to identify the identity within the service domain may be implemented using a document, memory or a file having a specific format, called a service domain dictionary.”
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Boysen with the technique for identifying a user identity in memory of Kim to include 
storing a digital identity for the user in memory coupled to the processor; and 
wherein identifying the user based on the identity code includes identifying the user to the digital identity in the memory based on the identity code.
One of ordinary skill in the art would have made this modification to improve the ability of the system to maintain data of user identities in memory. The credential issuer server 140 of the Boysen reference can be modified to store such user credentials in memory and identify users to the credentials according to the values of the credentials.



In addition, claim 17 recites compile, and transmit to the requesting party, a response to the identity request, the response including the answer to the first query based on an attribute response from the attribute provider, wherein the answer to the first query excludes the portion of the identifying information indicative of the answer to the first query, thereby permitting the requesting party to be informed about the identity of the user without revealing the identifying information of the user to the requesting party.
(See Boysen para. 40-47) 
	

Claim 5-6, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boysen in view of Kim, further in view of Gupta, further in view of Morozov et al. U.S. Publication 20140279992 (hereinafter “Morozov”), further in view of Mo et al. U.S. Publication 20130054569 (hereinafter “Mo”).
As per claim 5, the rejection of claim 1 is incorporated herein. 
Boysen in view of Kim discloses 
submitting the first query to the first attribute provider; 
receiving a first data response from the first data provider, the first data response including a response to the first query; 
(See Boysen [0044]
“Attribute Database 525 includes attributes data associated with each Hardware Token 110, and an attribute disclosure profile for each Relying Party identifying the scope (attributes) of the attribute data authorized for disclosure to the associated Relying Party.”
Boysen [0109]
locates the attribute disclosure profile [receiving a first data response] ..to determine whether the associated Relying Party is entitled to disclosure of the identity attributes (if any).”
[0117]
“The Credential Issuer Server 140 then queries the attributes data [identifying, by the processor, the at least one attribute provider; submitting, by the processor, the at least one query], with the CFFID [the unique identifier (CFFID) of the Hardware Token 110, See [0038]] and correlates the result with the list of authorized attributes for the attributes data associated with the CFFID that are authorized for disclosure to the Relying Party”
)
	However, the combination of Boysen, Kim, and Gupta does not expressly disclose 
wherein the at least one query includes at least a first query and a second query and wherein the at least one attribute provider includes a first attribute provider and a second attribute provider; and 
wherein the method further comprises: 
submitting the second query to the second attribute provider; and 
receiving a second attribute response from the second attribute provider, the second attribute response including a response to the second query; and
wherein compiling the response to the at least one query of the identity request includes compiling the response based on the first attribute response and the second attribute response.

Morozov discloses 
a first query and a second query and a first data provider and 
a second data provider; and 
submitting the first query to the first data provider; 
receiving a first data response from the first data provider, the first data response including a response to the first query; 
submitting the second query to the second data provider; and 
receiving a second data response from the second data provider, the second data response including a response to the second query;

(See Morozov Para. 
[0080]
“The first query 108-1 may include the person ID as the query parameter 110, …a user may want to obtain the provider-specific data associated with the person ID attribute corresponding to the first data provider 150-1.”
Morozov [0088] “Similar to the first query 108-1, the second query 108-2 relates to obtaining provider-specific data corresponding to the common integration ID attribute associated with the second data provider 150-2....... “).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Boysen, Kim, and Gupta with the multiple queries submitted to respective data providers of Morozov to include 
wherein the at least one query includes at least a first query and a second query and wherein the at least one attribute provider includes a first attribute provider and a second attribute provider; and 
wherein the method further comprises: 
submitting the first query to the first attribute provider; 
receiving a first attribute response from the first attribute provider, the first attribute response including a response to the first query; 
submitting the second query to the second attribute provider; and 
receiving a second attribute response from the second attribute provider, the second attribute response including a response to the second query

One of ordinary skill in the art would have made this modification to improve the ability of the system to gather data from multiple sources to compile a response. The credential issuer server 140 of the reference can be modified to submit the queries to the sources of attribute data and receive the response with the attribute data.

However, the combination of Boysen, Kim, Gupta, and Morozov does not expressly disclose 
wherein compiling the response to the at least one query of the identity request includes compiling the response based on the first attribute response and the second attribute response.

Mo discloses 
wherein compiling the response to the at least one query of the identity request includes compiling the response based on the first attribute response and the second attribute response.
 
(See Mo Para. [0023] “generates a final query result by combining the first query result and the second query result.”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Boysen, Kim, Gupta, and Morozov with the technique for generating a combination response of Mo to include 
wherein the at least one query includes at least a first query and a second query and wherein the at least one attribute provider includes a first attribute provider and a second attribute provider; and 
wherein the method further comprises: 
submitting the first query to the first attribute provider; 
submitting the second query to the second attribute provider; and 
receiving a second attribute response from the second attribute provider, the second attribute response including a response to the second query; and
wherein compiling the response to the at least one query of the identity request includes compiling the response based on the first attribute response and the second attribute response.

One of ordinary skill in the art would have made this modification to improve the ability of the system to generate a response based on data received from multiple sources, since the attribute data is not necessarily originating from a single source, this allows for more flexible manage such data from different sources.  The credential issuer server 140 of the Boysen reference can be modified to combine query results from multiple sources in order to generate an attribute validation result.

As per claim 6, the combination of Boysen, Kim, Gupta, Morozov & Mo discloses  
identifying, by the processor, the first attribute provider based on the first query, prior to submitting the first query to the first attribute provider.
(See Boysen Para. [0044] “Attribute Database 525 includes attributes data associated with each Hardware Token 110, and an attribute disclosure profile for each Relying Party identifying the scope (attributes) of the attribute data authorized for disclosure to the associated Relying Party.”
Boysen [0109]
“Credential Issuer Server 140 locates the attribute disclosure profile [submitting the first query; the validation request would indicate attribute data and that would be used to identify 
)

As per claim 18, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.  In addition, claim 18 recites where the second portion of the identifying information is different from the portion of the identifying information at the first attribute provider and is indicative of an answer to the second query; 
wherein the response to the identity request includes the answer to the second query, based on a second attribute response from the second attribute provider, and wherein the response to the identity request excludes the second portion of the identifying information indicative of the answer to the second query, thereby further permitting the requesting party to be informed about the identity of the user by the answer to the second query without revealing the identifying information of the user to the requesting party.
Boysen in view of Kim, in view of Gupta, in view of Morozov, in view of Mo discloses 
wherein the response to the identity request includes the answer to the second query, based on a second attribute response from the second attribute provider, and wherein the response to the identity request excludes the second portion of the identifying information indicative of the answer to the second query, thereby further permitting the requesting party to be informed about the identity of the user by the answer to the second query without revealing the identifying information of the user to the requesting party.
(See Boysen [0041]
“attribute validation response may include attribute data associated with the credential authorized for disclosure to the Relying Party Terminal 120 but excluding attribute data associated with the credential not authorized for disclosure to the Relying Party Terminal nd attribute provider to be different from the 1st attribute provider]
)

	However, the combination of Boysen, Kim, and Gupta does not expressly disclose, but 
Morozov discloses 
the second portion of the information is different from the portion of the identifying information at the first provider 
(See 
Morozov [0080]
‘The first query 108-1 may include the person ID as the query parameter 110, and Prov1DS as the context information 112. In this example, a user may want to obtain the provider-specific data associated with the person ID attribute corresponding to the first data provider 150-1. ‘
Morozov [0088] ‘Similar to the first query 108-1, the second query 108-2 relates to obtaining provider-specific data [different from the portion of the identifying information at the first provider] corresponding to the common integration ID attribute associated with the second data provider 150-2.‘
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Boysen, Kim, and Gupta with the provider-specific data of Morozov to include 
the second portion of the information is different from the portion of the identifying information at the first provider 

. 

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boysen in view of Kim, further in view of Gupta, further in view of Mogollon et al. U.S. Publication 20130346314 (hereinafter “Mogollon”).
As per claim 20, the rejection of claim 1 is incorporated herein. 
	However, the combination of Boysen, Kim, and Gupta does not expressly disclose wherein the at least one of the multiple attributes is a government identification number, and wherein the answer to the first query includes only a portion of the government identification number.
Mogollon discloses wherein the at least one of the multiple attributes is a government identification number, and wherein the answer to the first query includes only a portion of the government identification number. 
(See Mogollon Para. [0041] 
‘The enhanced authorization data may include at least one of user 102 name; passenger name; a national identification code associated with a particular country (such as a social security number), ….. The enhanced authorization data may be provided in whole or in part, for instance providing only the last four digits of a social security number.’
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Boysen, Kim, and Gupta with the technique for providing only a portion of an identification number of Mogollon to include wherein the at least one of the multiple attributes is a government identification number, and wherein the answer to the first query includes only a portion of the government identification number. 
One of ordinary skill in the art would have made this modification to improve the ability of the system to protect sensitive data of users. Credential Issuer Server 140 of the primary reference Boysen may be modified to provide only a portion of a social security number as taught in the Mogollon reference. 



Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is (571)272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        

/SHANTO ABEDIN/Primary Examiner, Art Unit 2494