DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Double Patenting
The previously raised double patenting rejections have been overcome by Applicant’s terminal disclaimer and are therefore withdrawn.

Claim Rejections - 35 USC § 103
Applicant’s arguments filed on 7/16/2021, directed at the amended claims submitted on 7/16/2021 were considered, but are moot in view of new rejections made below in response to the latest amendments by applicant.

	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 27, 28, 34 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over the non-patent literature entitled “Towards a Blockchain based digital identity verification, record attestation and record sharing system” by Aydar et al. (hereafter “Aydar”, provided in the IDS dated 2/01/2021), further in view of Kneen (US 2015/0006529), and further in view of Patel (US 2019/0230092).

Regarding claims 21, 28 and 35, Aydar teaches A computer-implemented method for claim verification (see Fig. 7 reproduced below), comprising: 

    PNG
    media_image1.png
    491
    1393
    media_image1.png
    Greyscale

verifying (see page 16, last two paragraphs and page 17, 1st ¶: “Verifying a credential involves verifying that the credential is owned by the identity owner and issued by a trusted authority, and that the credential is still valid, i.e. it has not been revoked by the issuer”) a verifiable claim (VC) (see caption of Fig. 7: “Using Verifiable Claims for third-party attestation”) that comprises a digital signature (see Fig. 7, step 5: “Bank signs the claim using its private key and sends it to the user”) of a second entity (the Examiner interprets “Bank (credential provider)” as a second entity) and a decentralized identifier (DID) of the second entity (see page 11, last ¶: “We propose a Blockchain based digital identity solution which makes use of attribute based data sharing, self-sovereign identity, decentralized identifiers, verifiable credentials... The system enables identity owners to … making a certain claim involving third-party certifications (attestation, i.e., proof of education degree certificates)”. And see page 15, ¶ 2: “Figure 6 show's an example of exchanging credentials of a University degree certificate. In the example, a University supplies its former student a verifiable credential proving her educational degree, using an existing claim schema from the ledger”. The Examiner also interprets “a verifiable credential” “making a certain claim” as a verifiable claim. And see page 15, ¶ 3: “A verifiable credential can also be issued upon a request from another third party. In this case, identity owners have already proven their identity with an institution (credential provider), and also need to prove their identity with another institution (credential requester,). …Based on the requested information, credential provider provides a verifiable credential to identity owner. Identity owner signs the verifiable credential with his/her private key, and forwards it to the authentication system of credential requester. Credential requester retrieves the DID of identity owner and DID of the credential provider, and verifies digital signatures of them using their public keys from DIDs”. The Examiner interprets the “credential provider” (in the example of Fig. 7, the Bank) as the second entity. Because Aydar teaches that the “[c]redential requester retrieves …DID of the credential provider” (a decentralized identifier (DID) of the second entity) from the forwarded verifiable credential (a verifiable claim), Aydar teaches a verifiable claim (VC) that comprises …a decentralized identifier (DID) of the second entity, as recited by claim 21. Also see Fig. 3 reproduced below implying that verifiable claim 4 (V.C.4) comprises DID4.
[AltContent: oval]
    PNG
    media_image2.png
    625
    871
    media_image2.png
    Greyscale
); 
obtaining, from a service endpoint associated with the VC, a status and a first hash value (see page 16, last two paragraphs and page 17, 1st ¶: “Verifying a credential involves verifying that the credential is owned by the identity owner and issued by a trusted authority, and that the credential is still valid, i.e. it has not been revoked by the issuer… Our system keeps a revocation registry on the ledger. Credential issuers are responsible to publish revoked credentials to the revocation registry. The registry is a cryptographic accumulator, which includes credentials or the specific attributes of a credential that have been revoked, in addition to the corresponding credential definitions. A cryptographic hash value of a revoked credential is calculated and kept in the revocation registry. Verifiers check existence of the hash value to test whether the credential has been revoked”. The Examiner interprets the revocation registry as a service endpoint associated with the VC. The Examiner interprets “verifiers …to test whether the credential has been revoked” as obtaining, from a service endpoint associated with the VC, a status. The Examiner further interprets “A cryptographic hash value of a revoked credential …kept in the revocation registry” as a first hash value. Aydar inherently teaches obtaining, from a service endpoint associated with the VC, … a first hash value for the following reason: Aydar teaches “[v]erifiers check existence of the hash value to test whether the credential has been revoked”. Verifiers cannot check existence of a query hash value in the revocation registry without comparing the query hash value with hash values obtained from the revocation registry, which is interpreted by the Examiner as a first hash value); 
obtaining, from a blockchain, a DID document corresponding to the DID of the second entity (see page 12, ¶ 2: “Each DID resolves to a DID document, a DID descriptor object (DDO) which is stored on the Blockchain. A DDO includes the public key associated with the corresponding DID”. And see page 10, section 3.4: “Each DID resolves to a DID document (DID descriptor object), which contains DID’s cryptographic key's”. And see Fig. 7, steps 8 and 9: “Telco receives the Verifiable Claim. Using digital signatures, Telco verifies that it came from User, and verifies that it was signed by the Bank”. And see page 9, ¶ 1: “Bob sends a message to Alice using digital signatures. Bob encrypts the hash of original message with his private key. This action is called signing. Bob sends original message and signed message to Alice. Alice applies the same hash function to the original message and decrypts signed message using Bob’s public key. Alice, then compares these two results. If they are equal, than it means that the message was indeed came from Bob and was not tampered”. The Examiner interprets resolving a DID of the Bank (the second entity) to a DID document of the Bank stored on the Blockchain to retrieve the public key of the Bank and verify that the verifiable claim (credential) was signed by the Bank as obtaining, from a blockchain, a DID document corresponding to the DID of the second entity); 
obtaining a public key associated with the second entity based on the DID document (see page 12, ¶ 2: “Each DID resolves to a DID document, a DID descriptor object (DDO) which is stored on the Blockchain. A DDO includes the public key associated with the corresponding DID”. And see page 10, section 3.4: “Each DID resolves to a DID document (DID descriptor object), which contains DID’s cryptographic key's”. And see Fig. 7, steps 8 and 9: “Telco receives the Verifiable Claim. Using digital signatures, Telco verifies that it came from User, and verifies that it was signed by the Bank”. And see page 9, ¶ 1: “Bob sends a message to Alice using digital signatures. Bob encrypts the hash of original message with his private key. This action is called signing. Bob sends original message and signed message to Alice. Alice applies the same hash function to the original message and decrypts signed message using Bob’s public key. Alice, then compares these two results. If they are equal, than it means that the message was indeed came from Bob and was not tampered”. The Examiner interprets resolving a DID of the Bank (the second entity) to a DID document of the Bank to retrieve the public key of the Bank as obtaining a public key associated with the second entity based on the DID document); 
determining that the digital signature is created based on a private key associated with the public key (see Fig. 7, steps 8 and 9: “Telco receives the Verifiable Claim. Using digital signatures, Telco verifies that it came from User, and verifies that it was signed by the Bank”. And see page 9, ¶ 1: “Bob sends a message to Alice using digital signatures. Bob encrypts the hash of original message with his private key. This action is called signing. Bob sends original message and signed message to Alice. Alice applies the same hash function to the original message and decrypts signed message using Bob’s public key. Alice, then compares these two results. If they are equal, than it means that the message was indeed came from Bob and was not tampered”. And see page 10, last ¶ and page 11, 1st ¶: “Verifiable credentials usually involves a third-party attestation, but it can also be self-attested. Attestation is done by exploiting the concept of digital signatures. An attester (issuer) having a DID creates a verifiable credential by signing identity owner’s records using its private key, and the credential is cryptographically verifiable by a verifier using the attester’s public key”); and 
verifying the VC based on the determining that the digital signature is created based on the private key associated with the public key, and that the status indicates that the VC is valid (see page 16, last two paragraphs and page 17, 1st ¶: “Verifying a credential involves verifying that the credential is owned by the identity owner and issued by a trusted authority, and that the credential is still valid, i.e. it has not been revoked by the issuer”. And see page 9, ¶ 1: “Bob sends a message to Alice using digital signatures. Bob encrypts the hash of original message with his private key. This action is called signing. Bob sends original message and signed message to Alice. Alice applies the same hash function to the original message and decrypts signed message using Bob’s public key. Alice, then compares these two results. If they are equal, than it means that the message was indeed came from Bob and was not tampered”).

Aydar fails to teach “determining that the status obtained from the service endpoint does correspond to the VC by: calculating a second hash value by applying a hash function on the VC, and  determining that the second hash value is identical to the first hash value”. Aydar also fails to teach that verifying the VC is based on the determining that the status obtained from the service endpoint does correspond to the VC.
However, Kneen teaches determining that the user data does correspond to the user identifier by: calculating a second hash value by applying a hash function on the user identifier, and  determining that the second hash value is identical to the first hash value (emphasis added to show the difference between the reference and the claim)(see [0050] and Fig. 2a: “In an embodiments such as those described above that include the exchange of sensitive user information between the system provider device 206 and the 3.sup.rd party device such as, for example, the email address and/or phone number discussed above, the system may operate to conceal such user information while still allowing that user information to be used as user identifiers. For example, sensitive user information such as when a 3.sup.rd party device sends any user identifiers associated with sensitive user information, that 3.sup.rd information may first perform a hashing operation on those user identifiers to produce hashed user identifiers, and those hashed user identifiers may then be sent to the system provider device. The system provider device may then perform that hashing operation of the user identifiers stored in their database to produce corresponding hashed user identifiers, and perform a check to determine whether any of their hashed user identifiers match the hashed user identifiers received from the 3.sup.rd party device. If so, the user data associated with the hashed user identifiers received from the 3.sup.rd party device may be associated with the user account provided by the system provider that includes the matching hashed user identifiers”. And see [0037] and FIGs. 1, 2b: “The method 100 then proceeds to block 104 where first user data that is associated with the first user identifier is received and stored in the database. In the embodiments discussed above with regard to FIG. 2a in which the user identifier 212 for an unknown user is received by the system provider device 206 during communications with the 3.sup.rd party device 210, that user identifier 212 may have been received along with the first user data 216, and at block 104 the system provider device 206 may associate that first user data 216 with the user account 214 in the database 208, as illustrated in FIG. 2b”. 
The Examiner interprets “the user data associated with the hashed user identifiers received from the 3.sup.rd party device may be associated with the user account provided by the system provider that includes the matching hashed user identifiers” taught in [0050] as determining that the user data does correspond to the user identifier for the following reason: Kneen teaches in [0037] and Figs. 1, 2a, 2b that only user data corresponding to a user identifier is associated with a user account associated with the user identifier. Because Kneen teaches in [0050] that “the user data associated with the hashed user identifiers received from the 3.sup.rd party device may be associated with the user account  user data associated with the hashed user identifiers received from the 3.sup.rd party device” taught in [0050] necessarily is determined to correspond to “the user identifier” based on the teaching of [0037]. 
The Examiner interprets the hashed user identifier produced by the 3rd party device taught in [0050] as the first hash value. The Examiner further interprets “The system provider device may then perform that hashing operation of the user identifiers stored in their database to produce corresponding hashed user identifiers” taught in [0050] as calculating a second hash value by applying a hash function on the user identifier. The Examiner interprets “The system provider device may then perform that hashing operation of the user identifiers stored in their database to produce corresponding hashed user identifiers, and perform a check to determine whether any of their hashed user identifiers match the hashed user identifiers received from the 3.sup.rd party device” taught in [0050] as calculating a second hash value by applying a hash function on the user identifier, and determining that the second hash value is identical to the first hash value. 
Finally, the Examiner interprets “The system provider device may then perform that hashing operation of the user identifiers stored in their database to produce corresponding hashed user identifiers, and perform a check to determine whether any of their hashed user identifiers match the hashed user identifiers received from the 3.sup.rd party device. If so, the user data associated with the hashed user identifiers received from the 3.sup.rd party device may be associated with the user account provided by the system provider that includes the matching hashed user identifiers” taught in [0050] as determining that the user data does correspond to the user identifier by: calculating a second hash value by applying a hash function on the user identifier, and determining that the second hash value is identical to the first hash value).
Both the verifiable claim (VC) taught by Aydar and the user identifier taught by Kneen are a data item. Both the status of the VC taught by Aydar and the user data taught by Kneen are information determining that the status obtained from the service endpoint does correspond to the VC by: calculating a second hash value by applying a hash function on the VC, and determining that the second hash value is identical to the first hash value;… verifying the VC based on the determining that the digital signature is created based on the private key associated with the public key, the determining that the status obtained from the service endpoint does correspond to the VC, and that the status indicates that the VC is valid”.  

Aydar modified in view of Kneen teaches verifying a verifiable claim (VC). However, Aydar modified in view of Kneen does not explicitly teach receiving, from a first entity, a request for verifying a verifiable claim (VC) (emphasis added to show the difference between the references and the claim).
In the same field of endeavor, Patel teaches receiving, from a first entity, a request for verifying a verifiable action (emphasis added to show the difference between the references and the claim) (see [0079] and Fig. 9: “when the first entity 901 is applying for a new job, the second entity 910 may indicate the first entity 901 may allow the DID management system 903 to generate a new decentralized identifier 904 and a new DID document 905 associated with the new decentralized identifier just for authorizing the second entity 910 to verify his/her university degree. Then, the DID management system 903 may send the newly generated decentralized identifier 904 to the second entity”. And see [0080]: “This action may be recorded in a distributed ledger of the recruiting service, the university's credential verification system, and/or an internal distributed ledger of the employer”. And see [0087] and Fig. 10: “Each of the distributed ledgers 1009, 1013 and 1017 may include records of actions for each of their service platforms. For example, the distributed ledger 1009 may include actions 1010 and 1012, and the distributed ledger 1013 may include actions 1014 and 1016”. And see [0088] and Fig. 10: “When the user agent 1001 indicates that the actions 1010 is to be verified. In response to the indication, the DID resolver and registrar 1006 retrieves the decentralized identifier "abcd:123456789abcdefghi" 1011 from the actions 1010”. The Examiner interprets the action 1010 to be verified taught in [0088] as a verifiable action. The Examiner interprets the DID resolver and registrar 1006 receiving, from the user agent 1001, the indication “that the actions 1010 is to be verified” taught in [0088]  as receiving, from a first entity, a request for verifying a verifiable action).

Both the verifiable action of Patel and the verifiable claim of Aydar modified in view of Kneen are verifiable data. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the data verification method taught by Aydar modified in view of Kneen by adding the step of receiving, from a first entity, a request for verifying verifiable data taught by Patel. It would have been obvious because doing so predictably achieves the commonly understood benefit of performing data verification on demand, i.e., upon receiving a request for verifying verifiable data. Because the verifiable data in Aydar modified in view of Kneen is a verifiable receiving, from a first entity, a request for verifying a verifiable claim (VC) that comprises a digital signature of a second entity and a decentralized identifier (DID) of the second entity, as recited by claims 21, 28 and 35.

Regarding claims 27 and 34, Aydar modified in view of Kneen fails to teach wherein the verifying the VC further comprises: obtaining, from the VC, an expiration date of the VC; and validating that the VC has not expired based on the expiration date and a current date.
In the same field of endeavor, Patel teaches wherein the verifying the VC further comprises: obtaining, from the VC, an expiration date of the VC; and validating that the VC has not expired based on the expiration date and a current date (see [0074] and Fig. 9: “The first entity 901 may also include an expiration date 919 in the DID document, thus, the second entity may only verify the credential 913 before the expiration date 919”. And see [0082]: “The DID management system may further manage the expiration time set by the first entity 901. Different methods or embodiments may be implemented to achieve this goal. For example, when the expiration time is reached, the DID management system may update the DID document 905 revoking the verification permission in the DID document 906 or removing the credential information from the DID document 906 completely. Alternatively, the DID management system may also access the time of the second entity's request and compare the request time with the expiration time set in the DID document 905”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the claim verification method of Aydar modified in view of Kneen by letting the verifying the VC further comprise: obtaining, from the VC, an expiration date of the VC; and validating that the VC has not expired based on the expiration date and a current date, as taught by Patel. It would have been obvious because Patel teaches that doing so achieves the following desirable control over the verifiable claim (credential): “The first entity 901 may also include an expiration date the second entity may only verify the credential 913 before the expiration date 919” (see Patel, [0074] and Fig. 9).

Claims 22, 23, 29, 30, 36 and 37  are rejected under 35 U.S.C. 103 as being unpatentable over the non-patent literature entitled “Towards a Blockchain based digital identity verification, record attestation and record sharing system” by Aydar et al. (hereafter “Aydar”, provided in the IDS dated 2/01/2021), further in view of Kneen (US 2015/0006529),  further in view of Patel (US 2019/0230092), and further in view of the non-patent literature entitled “A survey on essential components of a self-sovereign identity” by Mühle et al. (hereafter “Mühle”, provided in the IDS dated 2/01/2021). 

Regarding claims 22, 29 and 36, Aydar modified in view of Kneen and Patel does not explicitly teach wherein the obtaining, from a blockchain, a DID document corresponding to the DID of the second entity comprises: sending, to a blockchain node of the blockchain, a blockchain transaction comprising information associated with the DID of the second entity, wherein the blockchain transaction is for retrieving the DID document corresponding to the DID of the second entity.
In the same field of endeavor, Mühle teaches wherein the obtaining, from a blockchain, a DID document corresponding to the DID of the second entity comprises: sending, to a blockchain node of the blockchain, a blockchain transaction comprising information associated with the DID of the second entity, wherein the blockchain transaction is for retrieving the DID document corresponding to the DID of the second entity (see page 83, col. 2, first two paragraphs: “A decentralised identifier (DID) is comprised of a scheme as well as a method and method specific identifier. The method closely resembles the namespace component of an URN. Each distinct blockchain or rather each identity registry (there can be multiple per blockchain, i.e uPort, Civic [29], SelfKey [39] all operate on Ethereum) constitutes its own namespace while the blockchain specific identifiers such as a uPort ID or ENS name An example for such a DID path would be: did:examplechain: 123456789 The Decentralised Identity Foundation is developing a universal resolver for these DID paths. Currently Sovrin [31], Bitcoin [2], Blockstack [27], uPort [25], Interplanetary Identifiers [32], and Veres One [33] are supported by the resolver with implemented drivers. The resolver uses the method type to decide which driver to use and uses the method specific identifier to resolve to the DID document stored on the specified Blockchain. The DID document or its equivalent in other systems is the key to the decentralized identity”. The Examiner interprets resolving a DID to the DID document stored on the Ethereum blockchain as sending, to a blockchain node of the blockchain, a blockchain transaction comprising information associated with the DID of the second entity, wherein the blockchain transaction is for retrieving the DID document corresponding to the DID of the second entity).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to let the obtaining, from a blockchain, a DID document corresponding to the DID of the second entity taught by Aydar modified in view of Kneen and Patel comprise: sending, to a blockchain node of the blockchain, a blockchain transaction comprising information associated with the DID of the second entity, wherein the blockchain transaction is for retrieving the DID document corresponding to the DID of the second entity, as taught by Mühle. It would have been obvious because a person of ordinary skill has good reason to pursue the known options within his or her technical grasp with a reasonable expectation of success in obtaining, from a blockchain, a DID document corresponding to the DID of the second entity.

Regarding claims 23, 30 and 37, Mühle further teaches wherein the blockchain transaction invokes a blockchain contract for managing relationships between DIDs and DID documents (see page 83, col. 1, ¶ 9: “The Self-Sovereign Identity system uPort [25 ] uses an Ethereum smart contract address Ethereum) constitutes its own namespace while the blockchain specific identifiers such as a uPort ID or ENS name specify the actual identity addressed by the DID. An example for such a DID path would be: did:examplechain: 123456789 The Decentralised Identity Foundation is developing a universal resolver for these DID paths. Currently Sovrin [31], Bitcoin [2], Blockstack [27], uPort [25], Interplanetary Identifiers [32], and Veres One [33] are supported by the resolver with implemented drivers. The resolver uses the method type to decide which driver to use and uses the method specific identifier to resolve to the DID document stored on the specified Blockchain. The DID document or its equivalent in other systems is the key to the decentralized identity”).

Claims 25, 32 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over the non-patent literature entitled “Towards a Blockchain based digital identity verification, record attestation and record sharing system” by Aydar et al. (hereafter “Aydar”, provided in the IDS dated 2/01/2021), further in view of Kneen (US 2015/0006529), further in view of Patel (US 2019/0230092), and further in view of Official Notice.

Regarding claims 25, 32 and 39, Aydar further teaches before obtaining, from the service endpoint associated with the VC, the status and the hash value: obtaining a DID document associated with the DID (see page 12, ¶ 2: “Each DID resolves to a DID document, a DID descriptor object (DDO) ; and 
obtaining information associated with the service endpoint (see page 10, section 3.4: “Each DID resolves to a DID document (DID descriptor object), which contains DID’s cryptographic key's, publicly available metadata (if any) regarding the DID owner, and resource pointers for the discovery of endpoints for initiating interactions with the DID owner”. The Examiner interprets obtaining “resource pointers for the discovery of endpoints for initiating interactions with the DID owner” contained in a DID document as obtaining information associated with the service endpoint. And see page 12, ¶ 2: “Each DID resolves to a DID document, a DID descriptor object (DDO) which is stored on the Blockchain. A DDO includes … endpoints of the DID objects to initiate trusted peer interactions between the ledger entities”).
Aydar modified in view of Kneen and Patel fails to teach receiving, from the first entity, an account identifier associated with a subject of the VC; obtaining a DID associated with the subject of the VC based on a pre-stored mapping relationship between the account identifier and the DID.
The Examiner takes Official Notice that it is a well-known technique to receive, from the first entity, an account identifier associated with a subject of the VC; and to obtain a DID associated with the subject of the VC based on a pre-stored mapping relationship between the account identifier and the DID.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the claim verification method of Aydar modified in view of Kneen and Patel by adding the steps of receiving, from the first entity, an account identifier associated with a subject of the VC and obtaining a DID associated with the subject of the VC based on a pre-stored mapping relationship between the account identifier and the DID taught in Official Notice. It would have .

Claims 26, 33, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over the non-patent literature entitled “Towards a Blockchain based digital identity verification, record attestation and record sharing system” by Aydar et al. (hereafter “Aydar”, provided in the IDS dated 2/01/2021), further in view of Kneen (US 2015/0006529), further in view of Patel (US 2019/0230092), further in view of Ronda (US 2017/0250972), and further in view of Buhler (US 2016/0316365).

Regarding claims 26, 33 and 40, Aydar modified in view of Kneen and Patel fails to teach wherein the verifying the VC further comprises: obtaining, from the VC, an issuance date of the VC.
In the same field of endeavor, Ronda teaches wherein the verifying the VC further comprises: obtaining, from the VC, an issuance date of the VC (see [0286]: “Generally, a data bundle may be a container of name/value pairs, or claims. TABLE-US-00001 TABLE 1 Example data bundle metadata …iat The "issued at" date of this data”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the claim verification method of Aydar modified in view of Kneen and Patel by letting the verifying the VC further comprise: obtaining, from the VC, an issuance date of the VC, as taught by Ronda. It would have been obvious because doing so predictably achieves the desirable result of finding out when the verifiable claim was issued.
Aydar modified in view of Kneen, Patel and Ronda fails to teach wherein the verifying the VC comprises: validating the obtained issuance date based on a comparison between the obtained issuance date and a current date.
 Buhler teaches validating the obtained issuance date based on a comparison between the obtained issuance date and a current date (see [0007]: “In an embodiment, the location credential may further certify a timestamp indicating an issue time for the location credential. This timestamp can be included in the authentication token. A verifier server can verify that the location credential certifies the timestamp, and determine if the issue time indicated by the timestamp is within a predetermined time interval preceding a current time. The authentication token can then only be used within a predetermined time interval following issue”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the claim verification method of Aydar modified in view of Kneen, Patel and Ronda by letting the verifying the VC comprise: validating the obtained issuance date based on a comparison between the obtained issuance date and a current date taught by Buhler. It would have been obvious because doing so makes the claim verification more secure by performing one extra verification step based on the issuance date of the verifiable claim and the current date.

	Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHIMEI ZHU whose telephone number is (571)270-7990.  The examiner can normally be reached on 10am-6pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ZHIMEI ZHU/Examiner, Art Unit 2495    

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495