DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The preliminary amendment filed 6/4/2019 has been placed of record in the file.
Claims 1-4, 7-10, 12-16, 20, 22, 23, 27-29, and 31 are presented for examination.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:

(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “artifact engine”, “offchain identification protector controller”, “verify engine”, and “update engine” in claims 1-4 and 7-10.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.  See, for example, paragraph 31 of the specification.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 7, 12-15, 22, 23, and 27 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Wang (U.S. Patent Application Publication Number 2020/0382306).
Regarding claim 1, Wang discloses an apparatus to verify token integrity for a computing device, the apparatus comprising: an artifact engine to: store first artifact data with a first timestamp in a device artifact storage (paragraph 55, stores hashed biometric template, and paragraph 26, hash stored with time stamp); and store second artifact data with a second timestamp in the device artifact storage ( paragraph 55, stores hashed biometric template, and paragraph 26, hash stored with time stamp); an offchain identification protector (OIP) controller to: generate a first token based on the first artifact data and the first timestamp, the first token to establish a first entry in a blockchain at a first time (paragraph 56, biometric certification token stored in blockchain); and generate a second token based on the second artifact data, the second timestamp, and the first token, the second token to establish a second entry in the blockchain at a second time after the first time (paragraph 56, biometric certification token stored in blockchain, 
Regarding claim 2, Wang discloses wherein the verify engine is to, in response to a successful match of the selected first or second artifact in the blockchain, designate the second token as valid (paragraph 66, indicates biometric certification token is valid).
Regarding claim 3, Wang discloses wherein the OIP controller is to store the valid second token in a cloud storage device (paragraph 84, remote server computer in the cloud).
Regarding claim 4, Wang discloses wherein the OIP controller is to provide access information corresponding to the cloud storage device in response to an authentication request to the computing device (paragraph 75, authorization response message).
Regarding claim 7, Wang discloses wherein the verify engine is to, in response to a failed match of the selected first or second artifact in the blockchain, designate the second token as unverified (paragraph 64, templates do not match).
Regarding claim 12, Wang discloses a non-transitory computer readable storage medium comprising instructions that, when executed, cause a machine to at least: store first artifact data with a first timestamp in a device artifact storage (paragraph 55, stores hashed biometric template, and paragraph 26, hash stored with time stamp); store second artifact data with a second timestamp in the device artifact storage ( paragraph 55, stores hashed biometric template, and paragraph 26, hash stored with time stamp); generate a first token based on the first artifact data and the first timestamp, the first token to establish a first entry in a blockchain at a 
Regarding claim 13, Wang discloses wherein the instructions, when executed, cause the machine to, in response to a successful match of the selected first or second artifact in the blockchain, designate the second token as valid (paragraph 66, indicates biometric certification token is valid).
Regarding claim 14, Wang discloses wherein the instruction, when executed, cause the machine to store the valid second token in a cloud storage device (paragraph 84, remote server computer in the cloud).
Regarding claim 15, Wang discloses wherein the instructions, when executed, cause the machine to provide access information corresponding to the cloud storage device in response to an authentication request to the computing device (paragraph 75, authorization response message).
Regarding claim 22, Wang discloses a method to verify token integrity for a computing device, the method comprising: storing first artifact data with a first timestamp in a device artifact storage (paragraph 55, stores hashed biometric template, and paragraph 26, hash stored 
Regarding claim 23, Wang discloses in response to a successful match of the selected first or second artifact in the blockchain, designating the second token as valid (paragraph 66, indicates biometric certification token is valid).
Regarding claim 27, Wang discloses in response to a failed match of the selected first or second artifact in the blockchain, designating the second token as unverified (paragraph 64, templates do not match).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective 

Claims 8, 9, 28, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Belton et al. (U.S. Patent Application Publication Number 2013/0333002), hereinafter referred to as Belton.
Wang disclosed techniques for determining if a biometric certification token is valid.  In an analogous art, Belton disclosed techniques for dynamic authentication across distinct standards.  Both systems deal directly with user authentication management.
Regarding claim 8, Wang does not explicitly state wherein the OIP controller is to remove the second token from a cloud storage device to prevent unauthorized access to digital services.  However, managing authentication tokens in such a way was well known in the art as evidenced by Belton.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Wang by adding the ability that the OIP controller is to remove the second token from a cloud storage device to prevent unauthorized access to digital services as provided by Belton (see paragraph 76, credentials deleted).  One of ordinary skill in the art would have recognized the benefit that streamlining authentication management would provide benefits for users related to time and resources (see Belton, paragraph 4).
Regarding claim 9, Wang does not explicitly state including an update engine to invoke generation of a third token to replace the unverified second token, the third token based on third artifact data.  However, managing authentication tokens in such a way was well known in the art as evidenced by Belton.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Wang by adding the ability for including an update engine 
Regarding claim 28, Wang does not explicitly state removing the second token from a cloud storage device to prevent unauthorized access to digital services.  However, managing authentication tokens in such a way was well known in the art as evidenced by Belton.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Wang by adding the ability for removing the second token from a cloud storage device to prevent unauthorized access to digital services as provided by Belton (see paragraph 76, credentials deleted).  One of ordinary skill in the art would have recognized the benefit that streamlining authentication management would provide benefits for users related to time and resources (see Belton, paragraph 4).
Regarding claim 29, Wang does not explicitly state invoking generation of a third token to replace the unverified second token, the third token based on third artifact data.  However, managing authentication tokens in such a way was well known in the art as evidenced by Belton.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Wang by adding the ability for invoking generation of a third token to replace the unverified second token, the third token based on third artifact data as provided by Belton (see paragraph 76, credentials deleted and new variables created).  One of ordinary skill in the art .

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Biyani et al. (U.S. Patent Application Publication Number 2019/0036906), hereinafter referred to as Biyani.
Wang disclosed techniques for determining if a biometric certification token is valid.  In an analogous art, Biyani disclosed techniques for authentication using a security framework based on blockchain.  Both systems deal directly with user authentication management.
Regarding claim 10, Wang does not explicitly state wherein the verify engine is to confirm the match when a timestamp associated with the second token at the third time matches the second timestamp in the second entry of the blockchain.  However, using timestamps in this way was well known in the art as evidenced by Biyani.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Wang by adding the ability that the verify engine is to confirm the match when a timestamp associated with the second token at the third time matches the second timestamp in the second entry of the blockchain as provided by Biyani (see paragraph 91, verification includes comparing timestamp with timestamp of encrypted block).  One of ordinary skill in the art would have recognized the benefit that blockchain would assist in providing security for IoT devices and networks (see Biyani, paragraph 2).
Regarding claim 20, Wang does not explicitly state wherein the instructions, when executed, cause the machine to confirm the match when a timestamp associated with the second .

Claims 16 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Boye et al. (U.S. Patent Application Publication Number 2007/0061590), hereinafter referred to as Boye.
Wang disclosed techniques for determining if a biometric certification token is valid.  In an analogous art, Boye disclosed techniques for secure biometric authentication.  Both systems deal directly with user authentication management.
Regarding claim 16, Wang does not explicitly state wherein the instructions, when executed, cause the machine to repeat the verification of the integrity of the second token using an alternate one of the selected first or second artifacts when searching for the match in the blockchain.  However, performing biometric authentication in such a way was well known in the art as evidenced by Boye.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed 
Regarding claim 31, Wang does not explicitly state applying at least one of a random or pseudo-random selection of the first or the second artifact from the device artifact storage.  However, performing biometric authentication in such a way was well known in the art as evidenced by Boye.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Wang by adding the ability for applying at least one of a random or pseudo-random selection of the first or the second artifact from the device artifact storage as provided by Boye (see paragraph 79, random selection of biometric templates).  One of ordinary skill in the art would have recognized the benefit that performing authentication in such a fashion would assist in enhancing the security of biometric identification systems (see Boye, paragraph 11).

Conclusion
14.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

15.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812.  The examiner can normally be reached on Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.