DETAILED ACTION
This Office Action is in response to the application 16/731,703 filed on December 31st, 2019.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 05/04/2021, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –



Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Baughman et al. (Baughman), U.S. Pub. Number 2019/0068367.
Regarding claim 1; Baughman discloses a system (par. 0071; fig. 5; environment 500.), comprising:
a user computing device (par. 0071; fig. 5; a user device 210.) configured for: submitting an access request for accessing a resource, the access request comprising user identification information associated with a user and permission information describing permission of use associated with the user identification information (par. 0072; the user device 210 requests access to a client server 220.);
providing responses to authentication inquiries generated by an authentication system (par. 0072; provide the biometrics data to an authentication server 230); and
obtaining an access control decision for the access request (pars. 0094; the authentication server compares the scrambled data with stored or a pre-registered version of the scrambled data for the user.);
an access control system communicatively coupled to the user computing device, the access control system configured for: determining, from the permission information in the access request, that the access request is valid (pars. 0095-0096; the authentication server authenticates the user.);
submitting an authentication request for the authentication system to authenticate the user (par. 0073; a client server 330 receives a requests for access from a user device 210, directs an authentication server 230 to authenticate a user of the user device 210 and receives an authentication message from the authentication server 230 when the authentication server 230 authenticates the user.);
obtaining authentication results generated by the authentication system (pars. 0095-0096; provide an authentication message to the client server 220.);
generating the access control decision for the access request based, at least in part, upon the authentication results (pars. 0095-0096; sending the authentication message from the client server 220.); and
submitting the access control decision for the access request (par. 0095; authenticate the user.); and
the authentication system communicatively coupled to the user computing device and the access control system, the authentication system configured for: responsive to obtaining the authentication request, generating and submitting authentication inquiries to the user computing device (pars. 0091 & 0097; authentication server 230 receives biometrics data from a user device 210 as part of a request from a user of the user device 210 to access a client server 220.);
obtaining the responses to the authentication inquiries submitted by the user computing device (pars. 0091 & 0097; the authentication server 230 receives suitable biometrics data including fingerprint data, handprint data, retina data, facial imaging data, pulse rate information);
accessing, from a data repository, reference user authentication data associated with the user (par. 0095; pre-registered version of the scrambled data.);
(pars. 0095-0096; provide authentication message to the client server 220.); and
submitting the authentication results to the access control system (par. 0095-0096; sending a message to the user device 210.).
Regarding claim 2; Baughman discloses the system of claim 1, wherein the permission information of the access request specifies one or more of an intended recipient of the access request, an intended purpose of the access request, a valid channel of receiving the access request, and a valid time period of the access request; and wherein determining that the access request is valid comprising performing, based on the permission information of the access request, one or more of: a determination that the intended recipient of the access request comprises an entity associated with the access control system, a determination that the intended purpose matches a purpose of the access request, a determination that the access request is received through the valid channel, and a determination that the valid time period has not expired (pars. 0091-0097.).
Regarding claim 3; Baughman discloses the system of claim 2, further comprising a qualification verification system, wherein: the access control system is further configured for: sending a qualification request to the qualification verification system to request determining a qualification of the user, the qualification request comprising the user identification information, the permission information and the authentication results (); and receiving qualification data describing the qualification of the user, wherein the access control decision for the access request is generated further based on the qualification of the user; and the qualification verification system is configured for: verifying that the (pars. 0067, 0078 & 0089; fig. 7.).
Regarding claim 4; Baughman discloses the system of claim 3, wherein: the authentication results comprise one or more of a valid time period of the authentication results or a maximum number of uses of the authentication results, and verifying that the qualification request is valid comprises determining one or more of: the valid time period of the authentication results has not expired or the maximum number of uses has not been reached, the intended recipient of the access request comprises an entity associated with the access control system, and the valid time period of the access request has not expired (pars. 0067, 0078 & 0089; fig. 7.).
Regarding claim 5; Baughman discloses the system of claim 1, further comprising a secure storage system implementing a blockchain, the blockchain configured for storing one or more of: the access request, wherein the access request is retrievable from the blockchain by the access control system, the authentication inquires, wherein the authentication inquiries are retrievable from the blockchain by the user computing device, the responses to authentication inquiries, wherein the responses to the authentication inquiries are retrievable from the blockchain by the authentication system, the authentication request, wherein the authentication request is retrievable from the blockchain by the authentication system obtains the authentication request from the blockchain, the access control decision for the access request, wherein the authentication results are retrievable from the blockchain by the access control system, or the authentication results, wherein the access control decision for the access request retrievable from the blockchain by the user computing device (pars. 0067, 0078 & 0089; fig. 7.)
Regarding claim 6; Baughman discloses the system of claim 1, wherein the authentication system is further configured for, prior to submitting the authentication inquiries to the user computing device: receiving a registration request from the user computing device; sending a distortion function to the user computing device associated with the user; receiving distorted user information generated by the user computing device applying the distortion function to user information collected from the user by the user computing device; and storing the distorted user information in the data repository as the reference user authentication data associated with the user (pars. 0067, 0078 & 0089; fig. 7.).
Regarding claim 7; Baughman discloses the system of claim 6, wherein the distortion function is unique to the user computing device (pars. 0067, 0078 & 0089; fig. 7.).
Regarding claim 8; Baughman discloses the system of claim 6, wherein the user information associated with the user comprises one or more of biometrics of the user, keystroke patterns of the user, a picture pass selected by the user, devices associated with the user, or a location associated with the user (pars. 0067, 0078 & 0089; fig. 7.).
Regarding claim 9; Baughman discloses the system of claim 6, wherein the authentication system is further configured for: determining that the distortion function for the user is to be updated (); and sending an updated distortion function to the user computing device to replace the distortion function for the user that is stored on the user computing device (pars. 0067, 0078 & 0089; fig. 7.).
Regarding claims 10-16
Regarding claims 17-20; Claims 17-20 are directed to non-transitory computer-readable storage medium which have similar scope as claims 1-9. Therefore, claims 17-20 remain un-patentable for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access 



/KHOI V LE/
Primary Examiner, Art Unit 2436