Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.

Specification
The disclosure is objected to because of the following informalities: 
Section [0050] recites “The DI provider 121 may be a an issuer, an acquirer, a transaction service provider, a government agency, and/or the like.” and should recite “The DI provider 121 may be [[a]] an issuer, an acquirer, a transaction service provider, a government agency, and/or the like.”  (Emphasis added)
Appropriate correction is required.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 8-10, 12-13, and 15-20 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Ronda (2017/0250972).



a method comprising:
receiving, from a relying entity, a request for one or more assertions for a target entity, wherein the request includes an identifier of the relying entity and an identifier of the target entity; (Ronda, [0118] Flow 200 begins at 210 with a user device 130 requesting to authenticate with relying party server 110. At 220, the relying party server 110 sends a request to the broker server 140 containing the user identifier supplied to the relying party server 110.  [0120] At 240, broker server 140 sends a request to the identity provider server 150 associated with the selection made at 230.  (EN: user device reads on target entity)
[0165] User computing device 330 communicates with a relying party (RP) server 310 and an identity provider (IdP) server 350 via a data communication network 305, such as the Internet.
[0167] RP server 310 is a server that makes a request for identity data by requesting a scope, which identifies the claim categories of identity attributes to be fulfilled.
identifying an assertions model based on the identifier of the relying entity, wherein the assertions model specifies a set of assertion types; (Ronda, [0216] At 414, IdP server 350 retrieves attributes, where each retrieved attribute corresponds to a claim category of the one or more claim categories identified in the request.)
determining a plurality of assertion values for the target entity; (Ronda, [0213] In some embodiments, the request may also specify particular data bundles to be created by the IdP.  For example, one data bundle may include claim categories of [First name, Second name, Profession]. Corresponding attributes values may be [John, Smith, Engineer].)
identifying a subset of the plurality of assertion values for the target entity, based on the set of assertion types specified by the assertions model; (Ronda [0213] Data bundles are collections of claim categories and attribute values. For example, one data bundle may include claim categories of subset of the identity attributes that were originally obtained from an IdP server as part of an issued data bundle)
generating a package of assertions for the target entity, based on the subset of the plurality of assertion values for the target entity; and (Ronda, [0289] In some cases, when generating a response data bundle as described elsewhere herein, user agent server 3390 may be permitted to provide only a subset of the identity attributes that were originally obtained from an IdP server as part of an issued data bundle. To facilitate this, the IdP server can issue claim-level metadata in the issued data bundle, that permits the user agent server 3390 to subset identity attributes. Accordingly, user agent server 3390 may not be required to transmit the entire issued data bundle. This can enhance the user's privacy in several ways: 1) it allows the user to remove sensitive information; 2) it further masks the issuer of identity attributes from the relying party; 3) it hinders parties from colluding to uncover the identity of a user by comparing common data (e.g., expiration date).)
transmitting, to the relying entity, the package of assertions for the target
entity (Ronda, [0196] Generally, to obtain data bundles, RP server 310 can first authenticate to the user device 330 user agent 3310, using one or more interfaces. In one example, RP server 310 can employ client interface 3160. As will be appreciated, various interfaces can be used, such as OAuth 2.0, OpenID Connect or Security Assertion Markup Language ( SAML) form interfaces. Once authenticated, transaction processing module 3150 can request a particular data bundle type, by communicating with transaction processing module 3330 of user agent 3310. Transaction processing module 3330 may exchange data with transaction processing module 3392 of user agent server 3390, to ensure that authorization is obtained and that the request data bundles can be decrypted. The data bundles can 
[0203] and then generating a data bundle in response to the request, the data bundle identifying one or more identity attributes associated with a user related to the user agent server, wherein each attribute corresponds to a claim category of the one or more claim categories identified in the request and a corresponding value; and 3) transmitting the generated data bundle to the user agent server
[0287] An example payload of a data bundle from an IdP server is as follows:)

Regarding claim 8, Ronda teaches
the method of claim 1, wherein the request further comprises a set of filter criteria and the method further comprises ensuring the package of assertions for the target entity meets the set of filter criteria (Ronda [0203] At a high level, identity management method 400 involves three primary acts: 1) generating a request from a user agent server to an IdP server, wherein the request identifies one or more claim categories, (EN: claim categories reads on filter criteria))

Regarding claim 9, Ronda teaches
the method of claim 1, wherein the package of assertions comprises two or more distinct assertion values for the target entity (Ronda, [0208] For example, the interface may display the indication of the claim categories, or identity attributes, received from IdP server 350 at 403, along with corresponding checkboxes or similar user interface elements. As part of obtaining the consent, the user may select the specific identity attributes to be obtained from the IdP server 350. For example, the user may wish to obtain a mailing address identity attribute from the particular IdP; this can be selected and confirmed via the user device 330.)


the method of claim 1, further comprising:
determining a plurality of sources and a set of information to retrieve from the plurality of sources, wherein the set of information is necessary for generating the package of assertions;  (Ronda, [01080] identity management system 300 can include one or more user devices 330, one or more RP servers 310 and one or more IdP servers 350. [0293] Referring now to FIG. 6A, there is illustrated a system block diagram for a distributed service ledger system in accordance with some embodiments. Distributed service ledger system 370 has a distributed service ledger server 3730, a relying party private service ledger server 3720, and an identity provider private service ledger 3710. In addition, system 370 has a second distributed service ledger 3731, which employs replication of, or synchronization with, distributed service ledger 3730. Similarly, system 370 has a second identity provider private service ledger 3711, which may be replicated from server 3710, or which may be independent (e.g., with separate data). 
[0322] Identity management method 800 generally enables the asynchronous authentication and provision of identity attributes. This means that a user--and more specifically the user agent--can collect digital identity data from one or more IdP servers at any time before exchanging data with a RP server and, in some embodiments, store the data with a digital lock box provider)
retrieving the set of information from the plurality of sources;  (Ronda, [0281] IdP servers generally are the sources of data for a user's digital identity.)
generating the package of assertions for the target entity based on the set of information; and
transmitting, to the relying entity, the package of assertions for the target entity. (Ronda, [0289] In some cases, when generating a response data bundle as described elsewhere herein, user agent server 3390 may be permitted to provide only a subset of the identity attributes that were originally obtained from an IdP server as part of an issued data bundle. To facilitate this, the IdP server subset identity attributes. Accordingly, user agent server 3390 may not be required to transmit the entire issued data bundle. This can enhance the user's privacy in several ways: 1) it allows the user to remove sensitive information; 2) it further masks the issuer of identity attributes from the relying party; 3) it hinders parties from colluding to uncover the identity of a user by comparing common data (e.g., expiration date). , [0196] Generally, to obtain data bundles, RP server 310 can)

Regarding claim 12, Ronda teaches
the method of claim 1, wherein transmitting the package of assertions for the target entity comprises writing the package of assertions to a distributed ledger (Ronda, [0260] In both cases, records may also exist in the underlying hash chains and contain identifiers to allow location of the transaction in the distributed ledgers.)

Regarding claim 13, Ronda teaches
the method of claim 1, wherein the package of assertions comprises a singular answer based on the subset of the plurality of assertion values (Ronda, [0392] The response data bundle can contain more, or fewer, elements in some cases. [0287] An example payload of a data bundle from an IdP server is as follows: TABLE-US-00002 [ ''iss'' : ''https://example.com/" , ''claims'' : [ ''first_name'' : ''John'' , ''last_name'' : ''Smith'' , ''dob'' : 1969-12-31 ] ]))

Regarding claim 15, Ronda teaches
the method of claim 1, wherein at least one assertion value, of the plurality of assertion values in the package of assertions comprises an expiration date (Ronda, [0235] expiry information corresponding to the one or more attributes--in some embodiments, expiry information may differ for 

Regarding claim 16, Ronda teaches
the method of claim 1, further comprising generating an event in an event log, the event being associated with the transmitting of the package of assertions (Ronda, [0141] Blockchain-type ledgers can be used to provide system auditing, monitoring and usage statistics, while preserving participant privacy and confidentiality. These Service Ledgers offer the ability to: [0142] Deliver proof that events and transactions occurred and were authorized;)  [0260] Generally, each transaction record can have one or more associated audit record stored by an auditor server, with each audit record eventually assigned to a custodian (and a separate audit record stored for each transaction participant).

Regarding claim 17, Ronda teaches
the method of claim 1, wherein determining the assertions model based on the identifier of the relying entity comprises:
determining a type of the relying entity based on the identifier of the relying entity; and (Ronda, [0463] New relying parties can be registered as part of system 300. Generally, relying parties can be added by a trusted party, such as an existing a system governance authority or IdP.)
determining the assertions model based on an association between the assertions model and the type of the relying entity (Ronda, [0463] New relying parties can be registered as part of system 300. Generally, relying parties can be added by a trusted party, such as an existing a system governance authority or IdP. The trusted party can register the relying party in a registry (e.g., configuration database 3397), which can be pushed to or otherwise updated by user agent servers 3390. Optionally, 

Regarding claim 18, Ronda teaches
the method of claim 1, wherein the subset of the plurality of assertion values for the target entity are retrieved from a database (Ronda, [0393] In the case of identity attributes that are present only in the distributed database)

Claim 19 is a system claim for the method claim 1 and is rejected for the same reasons as claim 1.

Regarding claim 20, Ronda teaches
a method comprising:
transmitting, by a relying entity, a request for one or more assertions for a target entity, wherein the request includes an identifier of the relying entity and an identifier of the target entity; and (Ronda, [0167] RP server 310 is a server that makes a request for identity data by requesting a scope, which identifies the claim categories of identity attributes to be fulfilled. [0118] Flow 200 begins at 210 with a user device 130 requesting to authenticate with relying party server 110. At 220, the relying party server 110 sends a request to the broker server 140 containing the user identifier supplied to the relying party server 110.)
responsive to the request, receiving, by the relying entity, a package of assertions for the target entity, wherein the package of assertions comprises a subset of a plurality of assertion values for the target entity, determined based on an assertions model corresponding to the identifier of the relying entity (Ronda, [0289] In some cases, when generating a response data bundle as described elsewhere herein, user agent server 3390 may be permitted to provide only a subset of the identity attributes that were originally obtained from an IdP server as part of an issued data bundle. To facilitate this, the IdP server can issue claim-level metadata in the issued data bundle, that permits the user agent server 3390 to subset identity attributes. Accordingly, user agent server 3390 may not be required to transmit the entire issued data bundle. This can enhance the user's privacy in several ways: 1) it allows the user to remove sensitive information; 2) it further masks the issuer of identity attributes from the relying party; 3) it hinders parties from colluding to uncover the identity of a user by comparing common data (e.g., expiration date).)


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 3, 11 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Ronda (2017/0250972) in view of Atef (2012/0290482).

Regarding claim 2, Ronda teaches
the method of claim 1, wherein determining the plurality of assertion values comprises, for each assertion value, of the plurality of assertion values:
determining a type of assertion corresponding to the assertion value;
determining a type of identity attribute corresponding to the type of
assertion; 
obtaining identity attribute data associated with the target entity corresponding to the type of identity attribute; and (Ronda [0392] The response data bundle can contain more, or fewer, elements in some cases. [0287] An example payload of a data bundle from an IdP server is as follows: TABLE-US-00002 [ ''iss'' : ''https://example.com/" , ''claims'' : [ ''first_name'' : ''John'' , ''last_name'' : ''Smith'' , ''dob'' : 1969-12-31 ] ])  (EN: claim reads on assertion, data (e.g. name) reads on attribute)
Ronda does not teach calculating the assertion value.
However Atef teaches calculating the assertion value corresponding to the type of assertion based on the identity attribute data (Atef, [0167] In step 510, an identification score is assigned to each of the at least one source of identification. In step 515, a total identification score of the user is generated from the identification scores of each of the at least one source of identification)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Atef’s identity scores to Ronda’s identity verification because doing so improves confidence in transactions (Atef [0008] The transaction is performed when the total identification score of the user is one of greater than and equal to the minimum identification score.)

Regarding claim 3, Ronda and Atef teach
the method of claim 2, wherein transmitting the package of assertions for the target entity comprises transmitting the package of assertions using one or more of: a cryptographic key for the target entity or a cryptographic key for the relying entity (Ronda, [0209] At 406, user agent server 3390 can generate cryptographic keys for use with IdP server 350. User agent server 3390 can generate a user agent cryptographic key pair for use with a public key cryptographic system,)

Regarding claim 11, Ronda and Atef teach 
the method of claim 10, further comprising determining the plurality of sources and the set of information to retrieve from the plurality of sources based on the assertions model (Atef, [0065] For example, the total identification score generation module 115 can use a summing function to sum the individual scores to create the total identification score. (EN: summation of scores reads on plurality of information from sources).)

Regarding claim 14, Ronda and Atef teach 
the method of claim 13, further comprising calculating an overall score for the package of assertions based on a strength score associated with each assertion value, of the subset of the plurality of assertion values (Atef, [0036] The transaction is performed when at least one of i.) the total identification score of the user is one of greater than and equal to the minimum identification score, and ii.) the identity confidence factor of the user is greater than a predetermined identity threshold value. Additional sources of identification of the user are received before performing the transaction when at least one of: i.) the total identification score is less than the minimum identification score, and ii.) the identify confidence factor of the user is less than the predetermined identity threshold value. (EN: without the additional sources for identification it is a subset) [0161] The transaction is performed when the total identification score of the user is one of greater than and equal to the minimum identification 


Claims 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over Ronda (2017/0250972) in view of Atef (2012/0290482) in view of Karantzis (2017/0364917).

Regarding claim 4, Ronda and Atef teach 
the method of claim 2, wherein:
the request further comprises a set of filter criteria; 
the set of filter criteria comprises a minimum acceptable … score for a plurality of sources corresponding to the identity attribute data; and(Atef, [0036] The transaction is performed when at least one of i.) the total identification score of the user is one of greater than and equal to the minimum identification score, and ii.) the identity confidence factor of the user is greater than a predetermined identity threshold value. Additional sources of identification of the user are received before performing the transaction when at least one of: i.) the total identification score is less than the minimum identification score,
each source, of the plurality of sources, is associated with a … score that meets the minimum acceptable … score Atef, [0065] For example, the total identification score generation module 115 can use a summing function to sum the individual scores to create the total identification score.)
Ronda does not teach a strength score of a source.
However Karantzis teaches each source, of the plurality of sources, Karantzis, [0149] Another further factor in determining the level of assurance is shown in FIG. 6 and described below. In addition to considering the type of payment recipient 110, the identity agent 120 may compare 610 the identity  is associated with a strength score (Karantzis, [0150] The identity agent 120 may determine 620 the level of assurance based on the outcome of the comparison. For example, if the identity information provided by the user 160 matches the record in these third-party databases 125, 127, 130, the level of assurance may be increased.  (EN: assurance level read on strength score) [0180] Referring to FIG. 4, the level of assurance score may be mapped 410 to a level of assurance indication set by a level of assurance standard. These indications may be represented as Level of Assurance (LoA) 1 to 4, or LoA1, LoA2, LoA3, LoA4, as often used by various governments.  [0186] The identity agent 120 then determines 273 if a transaction is approved or not approved based on the determined level of assurance and a level of assurance threshold or other relevant criteria that the identity agent 120 is aware of that relates to the payment recipient 110. The result of determining whether the transaction is approved or not approved is then sent 275 in a message from the identity agent 120 to the payment recipient 110.  [0144] .SIGMA.(GDb.sub.i . . . GDb.sub.n)=Sum of the weights attributed to comparison of identity information and records collected with Government databases; .SIGMA.(DBDb.sub.i . . . DBDb.sub.n)=Sum of the weights attributed to comparison of identity information and records collected from other third-party databases; (EN: government and third-party databases reads on plurality of sources.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Karantzis’ identity assurance levels with Ronda’s identity verification because doing so improves the reliability of the identity information (Karantzis, [0008] The level of assurance provides a measure of the degree of certainty of the identity information of a user. It is an advantage that the level of assurance determined improves reliability of the identity information of the user when conducting an online transaction. Importantly, this in turn better secures the online transaction.)

Regarding claim 5, Ronda, Atef and Karantzis teach
the method of claim 4, further comprising:
calculating an overall strength score for the package of assertions based on the strength score associated with each source of the plurality of sources (Karantzis, [0116] The level of assurance score may be affected by one or more of the following example factors;  [0144] The above factors may have weights assigned 510 thereto. An example method 500 of determining 520 a level of assurance score based on the weights is given in the equation (1) below. … .SIGMA.(GDb.sub.i . . . GDb.sub.n)=Sum of the weights attributed to comparison of identity information and records collected with Government databases; .SIGMA.(DBDb.sub.i . . . DBDb.sub.n)=Sum of the weights attributed to comparison of identity information and records collected from other third-party databases;
 [0148] As can be further seen from the above example of determining the level of assurance, the level of assurance may further be determined based on comparison of identity information of the user 160 and records collected from third-party databases, which is described in detail with reference to a method 600 illustrated in FIG. 6.)

Regarding claim 6, Ronda, Atef and Karantzis teach
the method of claim 5, further comprising:
transmitting, to the relying entity, the overall strength score for the package of assertions and the strength score associated with each source of the plurality of sources (Atef, [0023] The system can include means for transmitting data. The data transmitting means can be configured to transmit at least the total identification score of the user to the third party upon verification of the identity access authorization code. [0167] In step 510, an identification score is assigned to each of the at least one 

Regarding claim 7, Ronda, Atef and Karantzis teach
the method of claim 5, wherein the overall strength score for the package of assertions is based on a lowest strength score among the plurality of sources (Karantzis, [0144] The above factors may have weights assigned 510 thereto. An example method 500 of determining 520 a level of assurance score based on the weights is given in the equation (1) below.  … RL=0 if the user's name is on a watch-list, otherwise 1;  (EN: if RL is zero, the score is the minimum)


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315.  The examiner can normally be reached on 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained 






/BRUCE S ASHLEY/Examiner, Art Unit 2494                                                                                                                                                                                                        
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494