DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/29/2021 has been entered.
Notice to Applicant
The amendment filed 6/29/2021 has been entered. The following has occurred: Claims 1, 14, and 19 have been amended; No new claims have been added; Claims 6-13 have been withdrawn due to restriction requirement. 
Claims 1-5 and 14-20 are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Effective Filling Date: 11/27/2017.
Response to Amendment
Previous 35 U.S.C. 112(a) rejection is withdrawn in light of the amended claim limitation. 
New 35 U.S.C. 112(a) rejection is added in light of the amended claim limitations
35 U.S.C. 102 rejection is withdrawn in light of the amended claim limitations
35 U.S.C. 103 rejection is maintained in light of the amended claim limitations, new rationale is added.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to 

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 19 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  Specifically, the examiner asserts that the Specification, as originally filled fails to disclose with enough specificity, the following limitations:
Claim 19, recites “wherein the verification key is generated using a randomized key-generation algorithm and without feedback from the customer device, and wherein the service provider device provides the verification key to the review server directly”, (underline emphasis included), which the Specification fails to provide support for the newly amended limitation. That is, in paragraph [0023] of the Specification recites “redactable signature scheme includes: key generation (KeyGen), signing (Sign), redaction (Redact), and verification (Verify). In FIG. 1, during KeyGen, the service provider device utilizes a randomized key-generation algorithm that outputs a pair of keys, a signing key and its corresponding verification key.” The Specification discloses the verification key is generated using a randomized key-generation algorithm, however, the Specification does not describe the negative limitation for the verification key to be generated using a randomized key-generation algorithm and without feedback from the customer device. Further, the Specification does not provide support for “wherein the service provider device provides the verification key to the review server directly.”
In re Johnson, 558 F.2d 1008, 1019, 194 USPQ 187, 196 (CCPA 1977) ("[the] specification, having described the whole, necessarily described the part remaining."). See also Ex parte Grasselli, 231 USPQ 393 (Bd. App. 1983), aff’d mem., 738 F.2d 453 (Fed. Cir. 1984). The mere absence of a positive recitation is not basis for an exclusion. Any claim containing a negative limitation which does not have basis in the original disclosure should be rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement. Note that a lack of literal basis in the specification for a negative limitation may not be sufficient to establish a prima facie case for lack of descriptive support. Ex parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 1993). 
To be clear, according to MPEP 2173.05(i), the negative limitation does not have to be recited verbatim in the Specification: “Note that a lack of literal basis in the specification for a negative limitation may not be sufficient to establish a prima facie case for lack of descriptive support. Ex parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 1993).” Otherwise, applicants may be unduly burdened in having to describe every known piece of prior art so as to expressly recite what is not included in their invention. The following are examples of sufficient basis for negative limitations: 
Specification describes a reason to exclude the relevant limitation (Inphi Corp. v. Netlist, Inc.) 
Specification describes alternatives (Santarus, Inc. v. Par Pharm., Inc.) 
Description of prior art in the specification discusses shortcomings of certain features 
Drawings that show the presence of certain features which necessitates the absence of opposite features specification explicitly describes the lack of a particular feature.
The dependent claims 2-5 and 15-20 depend on claims 1 and 14 therefore inherit the deficiencies of the independent claims. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 4, 5, 14, and 15  are rejected under 35 U.S.C. 103 as being unpatentable over Montano (US 20140114877 A1) in view of Bilzhause et al. “Position Paper: The Past, Present, and Future of Sanitizable and Redactable Signature”, Pages 1-10, August 29-September 1, 2017, hereinafter “Bilzhause.”
Claim 1, Montano discloses a method for checking legitimacy of a customer review (Abstract, Claims 1-18, and para. [0007] disclosing systems and methods for authenticating online customer service reviews using unique customer identifiers such as payment data and location data), the method comprising:
receiving, via a service provider device, a verification key (Claim 1, “receiving payment information from a customer for a service by a service provider;” disclosing receiving from the service provider (which is employee device used by a service provider, see para. [0025]), payment information, which is interpreted to be verification key. Additionally, in para [0022]-[0030] disclosing the use of unique customer identifier which may be payment identifier, e-wallet, name, credit card number, billing address, location-based identifier, RFID, QR code, unique code, and more can be used to verify the customer in the process of authenticating the customer review. The list above can all be interpreted to be verification key);
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Claim 1 disclosing receiving a customer service review from the customer in response to the prompt; the redacted message is interpreted to be the customer review prior to publish, which is hidden or censored from public, as motivated in para. [0019], “credibility of the customer service review is therefore significantly higher than a review posted by an anonymous reviewer, and malicious false negative reviews can be prevented by requiring authentication prior to a review being posted”.  Para. [0023], “Another type of unique customer identifier is a location-based identifier which uses location services on the customer's mobile device to determine if the customer is in the same location as the service that was performed, or if the customer is in the same vicinity as the mobile device of the employee that performed the service. In addition to location-based services, the employee could use their mobile device to interact with the customer's mobile device to verify their vicinity with each other and confirm that the customer is the person that the employee is interacting with. The mobile device interactions could be through any wired or wireless communication protocol, such as Bluetooth®, 802.11, near-field communications, RFID, etc. or through an optical recognition procedure such as having the customer take a picture of a QR code displayed on the employee's mobile device.” Disclosing the customer mobile device taking a picture of QR code displayed on employee’s mobile device for verification of service. The receiving of picture of QR code is representative of receiving via a customer device of a redacted signature. This is supported in Applicant’s Drawing, Fig. 1 that redacted signature can be QR code); and
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Para. [0025]-[0031] disclosing the verification of unique customer identifier with customer service provided by employee with unique code (i.e. redacted signature) entered, once the review has been authenticated (i.e. legitimate), the review can be published), 
wherein the verification key is bound to the service provider device and is sent to the review server from the service provider device (Para. [0023], “addition to location-based services, the employee could use their mobile device to interact with the customer's mobile device to verify their vicinity with each other and confirm that the customer is the person that the employee is interacting with. The mobile device interactions could be through any wired or wireless communication protocol, such as Bluetooth®, 802.11, near-field communications, RFID, etc. or through an optical recognition procedure such as having the customer take a picture of a QR code displayed on the employee's mobile device.” The QR code displayed on the employee’s mobile device discloses the verification key is bound to the service provider device to confirm the communication and presence of employee at service. The service provider or employee device can also receive other examples of verification key such as payment identifier, location-based identifier of the customer’s mobile device, biometric, gesture recognition or passwords associated with the customer to be transmitted to confirm the identity of the customer, see para. [0022]-[0024]. Para. [0030]-[0032] disclosing the verification key (e.g., customer identifier, unique identifier) is transmitted to the review authentication server to match with unique customer identifier with data stored in a connected authentication database to authenticate the customer, then the customer servicer review can be authenticated in the review website, see Fig. 1).
Under the broadest reasonable interpretation, Montano discloses the above-mentioned limitations. However, for the purpose of compact prosecution, the Examiner will introduce Bilzhause (cited by the Applicant in the IDS of 2/26/2018 and the Specification paragraph [0004]), to specifically teach the well-known feature of redactable digital signature can mark specific parts of a signed message as redactable or censored, while still retaining verifiability of the signature (App. Specification para. [0004]). 
Specifically, Bilzhause teaches:
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Page 1, RSSs allow to remove, i.e., redact, parts of a signed message, while SSSs allow a designated third party, named the sanitizer, to change, i.e., sanitize, signer-chosen parts of a signed message to different bitstrings) 
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Page 1, Abstract, Page 2, “Attribute-based signatures [99] allow users to sign messages which are bound to specific attributes. This type of signature scheme requires that the signer holds the corresponding attributes. More precisely, a signature verification only reveals that the signer has a signing key which fulfills the predicate on the claimed attributes. Page 2, under “III. Santizable signature Schemes” teaching sanitizer holds his own public key, the sanitization process requires the corresponding private key, which verifies under the given public keys. Additionally see Framework of Sanitizable Signature Schemes using algorithms. Page 3, teaches verification takes input of signature for a message w.r.t. the public keys). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the systems and methods for authentication online customer service review to include the authentication or verification process of sanitiable and redactable signatures schemes of Bilzhause for the motivation of providing an improved system and methods of privacy protection and stronger security, see Bilzhause page 4 “Unlinkability”, “Stronger Security Definition”, “Receipts” and “Data loss Prevention.” 
Claim 2, the combination of Montano and Bilzhause makes obvious of the method of claim 1. Montano further discloses wherein the redacted message includes a list of purchased goods and services and/or a serial number (Abstract, “Once the authentication process verifies that the customer creating the review, the resulting online customer service review can be identified as an authentic customer review of the service provider, employee and the service.”). 
Claim 4, the combination of Montano and Bilzhause makes obvious of the method of claim 1. Montano further discloses further comprising uploading the legitimate customer review to a review website (Para. [0031], “Once the review has been authenticated, the review can be published (step 212) by transmitting the review to the business server 112 or a review website 116 operated by the business, a third party reviewing service or by the system's own review website or application running on a computing device such as a smartphone or tablet”).
Claim 5, the combination of Montano and Bilzhause makes obvious of the method of claim 1. Montano further discloses further comprising storing the customer review in a review database based on the checking determining that the redacted signature is legitimate and not storing the customer review in the database based on the checking determining that the redacted signature is not legitimate (Para. [0031], “the review has been authenticated, the review can be published (step 212) by transmitting the review to the business server 112 or a review website 116 operated by the business, a third party reviewing service or by the system's own review website or application running on a computing device such as a smartphone or tablet. In one example, the review maybe published to the employee's personal profile on a social media service where they advertise their services in addition to on the employer's website in order to further promote their service. The employee could then advertise their own customer service reviews with a card, email advertisement or online advertisement linking to their online review profile. The review may be displayed with an authentication indicator such as a keyword, logo or other symbol indicating that the review has been authenticated (step 214).” Disclosing once authenticated (which the redacted signature is legitimate), the review is transmitted and stored to a business server or review website).
Claim 14, Montano discloses a trustworthy review system for verifying that a customer review is legitimate, the system comprising a review server having one or more processors (Para. [0049] disclosing processor) which, alone or in combination are configured to provide for performance of the following steps (Abstract, Claims 1-18, and para. [0007] disclosing systems and methods for authenticating online customer service reviews using unique customer identifiers such as payment data and location data):
receiving, via a service provider device, a verification key (Claim 1, “receiving payment information from a customer for a service by a service provider;” disclosing receiving from the service provider (which is employee device used by a service provider, see para. [0025]), payment information, which is interpreted to be verification key. Additionally, in para [0022]-[0030] disclosing the use of unique customer identifier which may be payment identifier, e-wallet, name, credit card number, billing address, location-based identifier, RFID, QR code, unique code, and more can be used to verify the customer in the process of authenticating the customer review. The list above can all be interpreted to be verification key);
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Claim 1 disclosing receiving a customer service review from the customer in response to the prompt; the redacted message is interpreted to be the customer review prior to publish, which is hidden or censored from public, as motivated in para. [0019], “credibility of the customer service review is therefore significantly higher than a review posted by an anonymous reviewer, and malicious false negative reviews can be prevented by requiring authentication prior to a review being posted”.  Para. [0023], “Another type of unique customer identifier is a location-based identifier which uses location services on the customer's mobile device to determine if the customer is in the same location as the service that was performed, or if the customer is in the same vicinity as the mobile device of the employee that performed the service. In addition to location-based services, the employee could use their mobile device to interact with the customer's mobile device to verify their vicinity with each other and confirm that the customer is the person that the employee is interacting with. The mobile device interactions could be through any wired or wireless communication protocol, such as Bluetooth®, 802.11, near-field communications, RFID, etc. or through an optical recognition procedure such as having the customer take a picture of a QR code displayed on the employee's mobile device.” Disclosing the customer mobile device taking a picture of QR code displayed on employee’s mobile device for verification of service. The receiving of picture of QR code is representative of receiving via a customer device of a redacted signature. This is supported in Applicant’s drawing, Fig. 1 that redacted signature can be QR code); and
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Para. [0025]-[0031] disclosing the verification of unique customer identifier with customer service provided by employee with unique code (i.e. redacted signature) entered, once the review has been authenticated (i.e. legitimate), the review can be published), 
wherein the verification key is bound to the service provider device and is sent to the review server from the service provider device (Para. [0023], “addition to location-based services, the employee could use their mobile device to interact with the customer's mobile device to verify their vicinity with each other and confirm that the customer is the person that the employee is interacting with. The mobile device interactions could be through any wired or wireless communication protocol, such as Bluetooth®, 802.11, near-field communications, RFID, etc. or through an optical recognition procedure such as having the customer take a picture of a QR code displayed on the employee's mobile device.” The QR code displayed on the employee’s mobile device discloses the verification key is bound to the service provider device to confirm the communication and presence of employee at service. The service provider or employee device can also receive other examples of verification key such as payment identifier, location-based identifier of the customer’s mobile device, biometric, gesture recognition or passwords associated with the customer to be transmitted to confirm the identity of the customer, see para. [0022]-[0024]. Para. [0030]-[0032] disclosing the verification key (e.g., customer identifier, unique identifier) is transmitted to the review authentication server to match with unique customer identifier with data stored in a connected authentication database to authenticate the customer, then the customer servicer review can be authenticated in the review website, see Fig. 1).
Under the broadest reasonable interpretation, Montano discloses the above-mentioned limitations. However, for the purpose of compact prosecution, the Examiner will introduce Bilzhause (cited by the Applicant in the IDS of 2/26/2018 and the Specification paragraph [0004]), to specifically teach the well-known feature of redactable digital signature can mark specific parts of a signed message as redactable or censored, while still retaining verificaility of the signature (App. Specification para. [0004]). 
Specifically, Bilzhause teaches:
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Page 1, RSSs allow to remove, i.e., redact, parts of a signed message, while SSSs allow a designated third party, named the sanitizer, to change, i.e., sanitize, signer-chosen parts of a signed message to different bitstrings) 
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Page 1, Abstract, Page 2, “Attribute-based signatures [99] allow users to sign messages which are bound to specific attributes. This type of signature scheme requires that the signer holds the corresponding attributes. More precisely, a signature verification only reveals that the signer has a signing key which fulfills the predicate on the claimed attributes. Page 2, under “III. Santizable signature Schemes” teaching sanitizer holds his own public key, the sanitization process requires the corresponding private key, which verifies under the given public keys. Additionally see Framework of Sanitizable Signature Schemes using algorithms. Page 3, teaches verification takes input of signature for a message w.r.t. the public keys). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the systems and methods for authentication online customer service review to include the authentication or verification process of sanitiable and redactable signatures schemes of Bilzhause for the motivation of providing an improved system and methods of privacy protection and stronger security, see Bilzhause page 4 “Unlinkability”, “Stronger Security Definition”, “Receipts” and “Data loss Prevention.” 
Claim 15, the combination of Montano and Bilzhause makes obvious of the system of claim 15. Montano further discloses further configured to store the customer review in a review database based on the checking determining that the redacted signature is legitimate and to not store the customer review in the database based on the checking determining that the redacted signature is not legitimate (Para. [0031], “the review has been authenticated, the review can be published (step 212) by transmitting the review to the business server 112 or a review website 116 operated by the business, a third party reviewing service or by the system's own review website or application running on a computing device such as a smartphone or tablet. In one example, the review maybe published to the employee's personal profile on a social media service where they advertise their services in addition to on the employer's website in order to further promote their service. The employee could then advertise their own customer service reviews with a card, email advertisement or online advertisement linking to their online review profile. The review may be displayed with an authentication indicator such as a keyword, logo or other symbol indicating that the review has been authenticated (step 214).” Disclosing once authenticated (which the redacted signature is legitimate), the review is transmitted and stored to a business server or review website).
Claims 3 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Montano (US 20140114877 A1), in view of Bilzhause et al. “Position Paper: The Past, Present, and Future of Sanitizable and Redactable Signature”, Pages 1-10, August 29-September 1, 2017, hereinafter “Bilzhause,” and further in view of Wilson et al. (US 20180204191 A1), hereinafter “Wilson.”
Claim 3, the combination of Montano and Bilzhause makes obvious of the method of claim 2. However, Montano does not expressly teach:
wherein the redacted message includes the serial number, the method further comprising a second check that the customer review is legitimate by checking a database of previously-encountered serial numbers to determine whether the serial number is present.
	Nonetheless, Wilson is directed to system and method for storing and endorsing data describing an entity more efficiently and in particular data describing a person or company, which specifically teaches,
wherein the redacted message includes the serial number, the method further comprising a second check that the customer review is legitimate by checking a database of previously-encountered serial numbers to determine whether the serial number is present (Para. [0188],“key block data may further comprise at least one of: a block number; a time stamp; and/or a hash of the previous block in the block chain.” which is teaching the redacted message can be a block number, time stamp or hash of the previous block in the block chain, are all example of serial number. Also described in para. [0401], “block header 310 comprises a block number 311, a hash of the most recent previous block that appeared in the digital currency ledger 312, a time stamp 314, and optionally an identifier of the oldest active block in the digital currency ledger 313. The block header 310 may optionally also comprise a merkle root for a merkle tree of hashes of sets of operation data and/or the number of sets of operation data contained in the block 300. The block number 311 will uniquely identify the new block 300 and may be set to a value that is one greater than most recent previous block in the digital currency ledger. The hash of the most recent previous block in the digital currency ledger 312 is used to tie the new block 300 to the most recent previous block (i.e., chain them together). The time stamp 314 indicates when the new block 300 was created. The optional identifier of the oldest active block in the digital currency ledger 313 is described in more detail below.” Para. [0407], “verification entity 20 may recognise the chronological order of the blocks in the digital currency ledger using the block number 311 and/or the time stamp 314. The verification entity 20 may set the identifier 313 in the new block 300 by looking at the oldest active block identified in the block header of the most recent previous block in the digital currency ledger. If the sets of operation data 320 in that block no longer identify any active/valid amounts of digital currency, i.e. all amounts identified in that block have been used or spent, as explained earlier (for example, because all of the currency public key hashes in the Output data in that block have appeared in the operation data of subsequent blocks and/or in the sets of operation data 320 of the new block 300), the verification entity 20 will review the digital currency ledger to identify the next oldest active block and set the identifier 313 accordingly. Thus, as old amounts of digital currency are used/spent, the identifier 313 may be updated such that the oldest active block is always identified.” Para. [0426], “The key block data may be added to the key block chain in an analogous manner to the addition of operation data to the digital currency ledger. For example, a block may be created comprising the key block data (and the key block data for any other public keys that the primary authority 50 wishes to put on the key block chain) and a block header. The block header may comprise at least one of a block number, a hash of the previous block in the key block chain and/or a time stamp. The block may then be added to the key block chain by, for example, broadcasting it to all entities in the network 200, using a P2P network, storing it in a location known to, and accessible by, the entities in the network 200, and/or adding it to their copy of the key block chain, which is then supplied to any entity that requests it, etc.” Additionally in para. [0015], [0018]-[0019], teaching the additional checking of block data with previous block stored in the block chain which is checking a database of previously-encountered serial numbers to determine whether the serial number is present).
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano and Bilzhause with the feature of second check the customer review is legitimate by checking a database of previously-encountered serial numbers to determine whether the serial number was previously present as legitimate such as checking the hash block data of previous block in block chain as taught in Wilson for the motivation and benefit of verifying the previous block with hash function reduces the risk of tampering of data (para. [0058]) and providing a more trustworthy verification process.
Claim 19, the combination of Montano and Bilzhause makes obvious of the method of claim 1.
Montano further discloses, wherein the service provider device provides the verification key to the review server directly (Fig. 1 and Para. [0023], [0025], and [0030] disclosing the unique identifier is transmitted to the review authentication server). 
 	However, the combination does not expressly teach:
wherein the verification key is generated using a randomized key-generation algorithm and without feedback from the customer device.
	Nonetheless, Wilson is directed to system and method for storing and endorsing data describing an entity more efficiently and in particular data describing a person or company, which specifically teaches,
wherein the verification key is generated using a randomized key-generation algorithm and without feedback from the customer device (Para. [0064], “the identifier of the data may be further generated from a random factor generated by the first entity. This may provide privacy of the first entity as the information may be made public or at least distributed in a limited way but it may only be possible to identify the first entity when provided with the random factor. This random factor may be a number or series of symbols, for example.” Teaching the identifier (i.e. verification key) is generated by the first entity and without the need for feedback from the customer device. Abstract, teaching the first entity can be the payer or the recipient.).
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano and Bilzhause with the feature of randomly generating verification key as taught in Wilson for the motivation and benefit of providing a more trustworthy and secure verification process (para. [0002]). 
Claims 16-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Montano (US 20140114877 A1), in view of Bilzhause, and further in view of NPL Content Extraction Signatures by Steinfeld, Bull, and Zheng, published in Feb 20, 2002 < https://www.cs.fsu.edu/~burmeste/zheng1.pdf>” hereinafter “CES.” 
Claim 16, the combination of Montano and Bilzhause makes obvious of the method as in claim 1. However, the combination does not expressly teach:
wherein the verification key is from a key-pair, and wherein the key-pair comprises the verification key and a signing key. 
However, CES is directed to digital signature for producing an extracted signature on selected extracted portions of the original documents, which can be verified by third party while hiding unextracted (removed) document portions, which specifically teaches:
wherein the verification key is from a key-pair, and wherein the key-pair comprises the verification key and a signing key (Pages 8-9, “KeyGen — Takes a security parameter k and generates a secret/public key pair (SK, PK).” teaching a key generation algorithm for generating a secret/public key pair. Wherein the secret key is representative of private and signing key and public key is representative of verification key).
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano and Bilzhause with the feature of key pair of public and private keys as taught in CES, for the motivation and benefit for providing the user/signer the ability to specify allowed extraction of document content and achieving provable security. 
Claim 17, the combination of Montano, Bilzhause, and CES make obvious of the method as in claim 16. However, CES further teaches:
wherein the redacted signature is generated based on redacting at least a portion of a signature, and wherein the signature is generated using the signing key (Page 8, under section 3.4 Definition of a Content Extraction Signature, “The Extract algorithm allows the user to extract (from a ‘full’ content extraction signature σFull) a signature for the subdocument consisting of the submessages whose indexes are specified by the extraction subset X. The extracted signature σExt can then be forwarded to the verifier along with the extracted subdocument M . The ‘Content Extraction Access Structure’ (CEAS) is an encoding of the subsets of submessage indexes in the original document which the signer can use to specify which extracted subdocuments the user is “allowed” to extract valid signatures for. Therefore the CEAS is an encoding of a collections of subsets of [n], where n = length(M) and M is the signed document. We assume these subsets are encoded as bit strings in {0, 1}n so that if Cl(M ) ∈ CEAS for some document M then length(M ) = n = length(M). Also disclosed in the Abstract in page 1, “we define a new type of digital signature called a ‘Content Extraction Signature’ (CES).A CES allows the owner, Bob, of a document signed by Alice, to produce an ‘extracted signature’ on selected extracted portions of the original document, which can be verified to originate from Alice by any third party Cathy, while hiding the unextracted (removed) document portions.” The content of document only produce a selected extracted portions of the original document (which other portions are redacted) based on extracted signature). 
Claim 18, the combination of Montano, Bilzhause, and CES make obvious of the method as in claim 16. However, CES further teaches:
wherein the verification key is a public key of the key-pair and the signing key is a private key of the key-pair (Pages 8-9, “KeyGen — Takes a security parameter k and generates a secret/public key pair (SK, PK).” teaching a key generation algorithm for generating a secret/public key pair. Wherein the secret key is representative of private and signing key and public key is representative of verification key).
Claim 20, the combination of Montano and Bilzhause makes obvious of the method as in claim 1. However, the combination does not expressly teach:
wherein the redacted message is generated based on customer feedback, from the customer, indicating for at least one good or service, from a list of goods and services that the customer has purchased, to be redacted. 
However, CES is directed to digital signature for producing an extracted signature on selected extracted portions of the original documents, which can be verified by third party while hiding unextracted (removed) document portions, which specifically teaches:
wherein the redacted message is generated based on customer feedback, from the customer, indicating for at least one good or service, from a list of goods and services that the customer has purchased, to be redacted (Pages 6-8 teaching the user/signer have full control to determine/select which subdocuments signature can be extracted for which is indicating the other portions to be redacted. The document can be intended for any document that can be subdocumented which can include receipts with list of goods and service that the customer has purchased).  
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano with the feature of key pair of public and private keys as taught in CES, for the motivation and benefit for providing the user/signer the ability to specify allowed extraction of document content and achieving provable security. 
Response
35 U.S.C. 112 Rejections:
	The prior 112(a) rejection has been withdrawn in light of the objected limitation has been amended, however, new 112(a) rejection is added. 
35 U.S.C. 103 Rejections:
Applicant’s arguments are fully considered, however, found to be unpersuasive. 
The remarks directed to amended claim limitation are deem moot and have been addressed in view of the new reference provided above. 
Regarding to the remark, “In particular, the present claimed invention utilizes a verification key that is bound and generated by the service provider device for verifying that a review obtained by the customer device is legitimate. See Present Specification, at paragraphs [0015], [0026], and [0033]. 
It is respectfully submitted that Montano fails to disclose or suggest at least the above- recited features of amended claims 1 and 14. For instance, the Office asserts that claim 1 and paragraphs [0022]-[0030] of Montano disclose receiving a verification key. In particular, it appears the Office is suggesting that the verification key of claim 1 is disclosed by the "payment information" of Montano, which can be a unique customer identifier (e.g., QR codes, RFID, biometrics, gesture recognition, or passcodes). Detailed Action, p. 5 and 6 and Montano, paragraphs [0023] and [0024].”
The respectfully disagrees, Montano also utilizes a verification key (i.e. QR code, similar to Applicant’s example and drawing Fig. 1) generated by the service provider device (see para. [0023] verify the customer have received service from the service provider for the customer review to be legitimate and authorized to be published, similar to what the applicant have described. 
Further on bottom of page 8 to page 9, the applicant asserts Montano fails to disclose or suggest the amended limitation of “verification key is bound to the service provider device and is sent to a review server from the service provider device.” The Examiner refers to page 7 of the remark, the Applicant admits that “a person skilled in the art would have understood that the verification key is bound to the service provider device as each provider has their own key-pair (e.g., the verification key).” Additionally, Montano does teach the receiving, via a service provider device, a verification key, as result, the verification key is bound to the service provider device and is sent to a review server from the service provider device (See Fig. 1 and Para. [0023], [0025], and [0030] disclosing the QR code from the service provider device and unique identifier are transmitted to the review authentication server). Therefore, the 103 rejection is maintained.  
Relevant Prior Art Not Relied Upon
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure. The additional cited art, including but not limited to the excerpts below, further establishes the state of the art at the time of Applicant’s invention and shows the following was known:
Chen (CN 104376252 B) is directed to a content verification method based on digital signature code, comprises: One endorses step, is endorsed using one first private key pair one first digital content, to produce one first digital signature corresponding with this first digital content and one first stamped signature code; One dual stamped signature step, first according to this this first digital signature of the first stamped signature code verification, one second private key is recycled to be endorsed again according to this first stamped signature code, to produce one second corresponding digital signature and one second stamped signature code, between this first stamped signature code and this second stamped signature code, there is a connection, and form a stamped signature code-group, and this first digital signature and this second digital signature form a digital signature group and a verification step, according in this stamped signature code-group at least one, verify at least one in this digital signature group. The present invention can easily confirm the true and false of digital content endorsed.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WENREN CHEN whose telephone number is (571)272-5208.  The examiner can normally be reached on Monday - Friday 10AM - 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah M. Monfeldt can be reached on (571) 270-1833.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/W.C./Examiner, Art Unit 3689                                                                                                                                                                                                        /SARAH M MONFELDT/Supervisory Patent Examiner, Art Unit 3689