DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 10/28/2021. Applicant provides no amendments to the claims.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant presents arguments with respect to independent claims 1, 8, and 15. All arguments have been fully considered.
Applicant argues that the primary reference, Gudorf, fails to disclose, “… determining an aspect of the user credentials that is to be satisfied to grant access to the requested service…” and “… transmitting, to the user device, a request for information related to the aspect of the user credential… .” Applicant’s argument appears to take issue with Examiner’s interpretation of the recited, “aspect of the user credentials.” 
Examiner responds: In considering the language chosen by applicant to articulate the present invention, Examiner is required to apply the broadest reasonable interpretation to the claims as presented, in light of the specification but cannot bring limitations in from the specification.  Applicant chooses to describe the invention using terminology that engenders a broad interpretation of certain terms. Applicant specifies that “an aspect” of the user credentials is determined, which under the doctrine of broadest reasonable interpretation can include characteristics of user credentials as disclosed in the primary reference. In the art, user credentials amount to information about a user or a device used by a user that is shared, generally, for the purposes of authentication. It is difficult to see how the cited reference, which uses a characteristic of user information as a type of credential, cannot read on the recited “aspect of the user credentials” used to satisfy a granting of access. The reference shares credentials about the user wherein an aspect of those credentials communicates the age of the user for authentication/verification. 
Applicant has ample freedom to choose the language used to articulate the invention. If Applicant intends for the term “aspect of the user credential” to specify a particular characteristic of the credential, Applicant best articulate that in the claim language. Further, Examiner suspects that clarifying the user credential would likely overcome the current combination of prior art. Applicant’s arguments are unpersuasive.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 5, 8-9, 12, 15-16, 19 rejected under 35 U.S.C. 103 as being unpatentable over Gudorf (U.S. Pat. App. Pub. 2006/0259778 A1) in view of Fitch (U.S. Pat. App. Pub. 2015/0365394 A1).
Regarding claim 1, Gudorf discloses: a method for authenticating user credentials, the method comprising: receiving, from a user device, a request for access to a service that requires valid user credentials (authenticating a user including receiving a request for information from a user. Gudorf para. 0006.); determining an aspect of the user credentials that is to be satisfied to grant access to the requested service (in response to the request for access to the content, sending a request for user age data. Gudorf para. 0007.  User age data is required to provide access to the web site. Gudorf para. 0027.); transmitting, to the user device, a request for information related to the aspect of the user credential (sending a request for user age data. Gudorf para. 0007.); receiving, from the user device, information related to the aspect of the user credential (user provides age data in response to the request for age data. Gudorf paras. 0007 and 0017.), and in response to determining that the aspect of the user credential has been satisfied, granting access to the service (providing access based upon the verification that the user is older than the required age. Gudorf para. 0007.).  
Gudorf does not disclose: wherein the information has been signed using a key associated with the user device; verifying the key used to sign the information by the user device; in response to verifying the key used to sign the information, determining whether the aspect of the user credential has been satisfied based on the received information.
However, Fitch does disclose: wherein the information has been signed using a key associated with the user device (a client device signs a request using a key. Fitch para. 0012.  The request includes a client token that establishes the user identity. Fitch para. 0012.); verifying the key used to sign the information by the user device (the recipient uses the stored shared secret to authenticate the identity of the sender. Fitch para. 0012.); in response to verifying the key used to sign the information, determining whether the aspect of the user credential has been satisfied based on the received information (the received token can be decrypted to provide identity information from the request. Fitch para. 0026.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with sharing 
Regarding claim 2, Gudorf in view of Fitch discloses the limitations of claim 1, further comprising inhibiting access to the service in response to determining that the aspect of the user credential has not been satisfied (user being denied access to the content dependent upon whether the age data indicates that  the user is older that the particular age. Gudorf para. 0007.).  
Regarding claim 5, Gudorf in view of Fitch discloses the limitations of claim 1, wherein the aspect of the user credential is an age of a user of the user device (providing age data in response to the request for the age data of the user. Gudorf para. 0007.).
Regarding claim 8, Gudorf discloses: a system for authenticating user credentials, the system comprising: a memory; and a hardware processor that, when configured to execute computer executable instructions stored in the memory, is configured to: receive, from a user device, a request for access to a service that requires valid user credentials (authenticating a user including receiving a request for information from a user. Gudorf para. 0006.); determine an aspect of the user credentials that is to be satisfied to grant access to the requested service (in response to the request for access to the content, sending a request for user age data. Gudorf para. 0007.  User age data is required to provide access to the web site. Gudorf para. 0027.); transmit, to the user device, a request for information related to the aspect of the user credential (sending a request for user age data. Gudorf para. 0007.); receive, from the user device, information related to the aspect of the user credential (user provides age data in response to the request for age data. Gudorf paras. 0007 and 0017.), and in response to determining that the aspect of the user credential has been satisfied, grant (providing access based upon the verification that the user is older than the required age. Gudorf para. 0007.).  
Gudorf does not disclose: wherein the information has been signed using a key associated with the user device; verify the key used to sign the information by the user device; in response to verifying the key used to sign the information, determine whether the aspect of the user credential has been satisfied based on the received information.
However, Fitch does disclose: wherein the information has been signed using a key associated with the user device a client device signs a request using a key. Fitch para. 0012.  The request includes a client token that establishes the user identity. Fitch para. 0012.); verify the key used to sign the information by the user device (the recipient uses the stored shared secret to authenticate the identity of the sender. Fitch para. 0012.); in response to verifying the key used to sign the information, determine whether the aspect of the user credential has been satisfied based on the received information (the received token can be decrypted to provide identity information from the request. Fitch para. 0026.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with sharing credential information protected by signing shared credentials with a key associated with the sending device based upon the teachings of Fitch. The motivation being to protect the communication of shared authentication information and verify the parties involved in the communication. Fitch para. 0002.
Regarding claim 9, Gudorf in view of Fitch discloses the limitations of claim 8, wherein the hardware processor is further configured to inhibit access to the service in response to determining that the aspect of the user credential has not been satisfied (user being denied access to the content dependent upon whether the age data indicates that the user is older that the particular age. Gudorf para. 0007.)
Regarding claim 12, Gudorf in view of Fitch discloses the limitations of claim 8, wherein the aspect of the user credential is an age of a user of the user device (providing age data in response to the request for the age data of the user. Gudorf para. 0007.).
Regarding claim 15, Gudorf discloses: a non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor, cause the processor to perform a method for authenticating user credentials, the method comprising: receiving, from a user device, a request for access to a service that requires valid user credentials (authenticating a user including receiving a request for information from a user. Gudorf para. 0006.); determining an aspect of the user credentials that is to be satisfied to grant access to the requested service (in response to the request for access to the content, sending a request for user age data. Gudorf para. 0007.  User age data is required to provide access to the web site. Gudorf para. 0027.); transmitting, to the user device, a request for information related to the aspect of the user credential (sending a request for user age data. Gudorf para. 0007.); receiving, from the user device, information related to the aspect of the user credential (user provides age data in response to the request for age data. Gudorf paras. 0007 and 0017.), and in response to determining that the aspect of the user credential has been satisfied, granting access to the service (providing access based upon the verification that the user is older than the required age. Gudorf para. 0007.).  
Gudorf does not disclose: wherein the information has been signed using a key associated with the user device; verifying the key used to sign the information by the user device; in response to verifying the key used to sign the information, determining whether the aspect of the user credential has been satisfied based on the received information.
However, Fitch does disclose: wherein the information has been signed using a key associated with the user device (a client device signs a request using a key. Fitch para. 0012.  The request includes a client token that establishes the user identity. Fitch para. 0012.); verifying the key used to sign the information by the user device (the recipient uses the stored shared secret to authenticate the identity of the sender. Fitch para. 0012.); in response to verifying the key used to sign the information, determining whether the aspect of the user credential has been satisfied based on the received information (the received token can be decrypted to provide identity information from the request. Fitch para. 0026.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with sharing credential information protected by signing shared credentials with a key associated with the sending device based upon the teachings of Fitch. The motivation being to protect the communication of shared authentication information and verify the parties involved in the communication. Fitch para. 0002.
Regarding claim 16, Gudorf in view of Fitch discloses the limitations of claim 15, wherein the method further comprises inhibiting access to the service in response to determining that the aspect of the user credential has not been satisfied (user being denied access to the content dependent upon whether the age data indicates that the user is older that the particular age. Gudorf para. 0007.).
Regarding claim 19, Gudorf in view of Fitch discloses the limitations of claim 15, wherein the aspect of the user credential is an age of a user of the user device (providing age data in response to the request for the age data of the user. Gudorf para. 0007.).

Claims 3, 10, 17 rejected under 35 U.S.C. 103 as being unpatentable over Gudorf in view of Fitch in view of Gennermann (U.S. Pat. App. Pub. 2017/0096123 A1).
Regarding claim 3, Gudorf in view of Fitch discloses the limitations of claim 1. Gudorf in view of Fitch does not disclose: wherein granting access to the service comprises actuating a lock to grant access to a location.
However, Gennermann does disclose: wherein granting access to the service comprises actuating a lock to grant access to a location (access control by means of verification of identity applied to the vehicle door unlocking. Gennermann paras. 0047 and 0050.).
  Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with granting access to service being actuating a lock to access a location based upon the teachings of Gennermann.  The motivation being to allow for electronic ID transmission and verification for vehicle keyless entry. Gennermann para. 0003.
Regarding claim 10, Gudorf in view of Fitch discloses the limitations of claim 8. Gudorf in view of Fitch does not disclose: wherein granting access to the service comprises actuating a lock to grant access to a location.
However, Gunnermann does disclose: wherein granting access to the service comprises actuating a lock to grant access to a location (access control by means of verification of identity applied to the vehicle door unlocking. Gennermann paras. 0047 and 0050.).
  Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with granting access to service being actuating a lock to access a location based upon the teachings of Gennermann.  The motivation being to allow for electronic ID transmission and verification for vehicle keyless entry. Gennermann para. 0003.
Regarding claim 17, Gudorf in view of Fitch discloses the limitations of claim 15. Gudorf in view of Fitch does not disclose: wherein granting access to the service comprises actuating a lock to grant access to a location.
However, Gunnermann does disclose: wherein granting access to the service comprises actuating a lock to grant access to a location (access control by means of verification of identity applied to the vehicle door unlocking. Gennermann paras. 0047 and 0050.).
  Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with granting access to service being actuating a lock to access a location based upon the teachings of Gennermann.  The motivation being to allow for electronic ID transmission and verification for vehicle keyless entry. Gennermann para. 0003.

Claims 4, 11, 18 rejected under 35 U.S.C. 103 as being unpatentable over Gudorf in view of Fitch in view of Kote (U.S. Pat. App. Pub. 2017/0300901 A1).
Regarding claim 4, Gudorf in view of Fitch discloses the limitations of claim 1. Gudorf in view of Fitch does not disclose: wherein verifying the key used to sign the information comprises querying an auditable ledger.
However, Kote does disclose: wherein verifying the key used to sign the information comprises querying an auditable ledger (public ledger-based authentication of the generated user identification-based key. Kote para. 0017.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with a system for authenticating an issued personal key based upon the logging of the key in a public ledger based upon the teachings of Kote.  The motivation being to incorporate a public ledger for authentication in an online or mobile payment system. Kote para. 0001.
Regarding claim 11, Gudorf in view of Fitch discloses the limitations of claim 8. Gudorf in view of Fitch does not disclose: wherein verifying the key used to sign the information comprises querying an auditable ledger.
However, Kote does disclose: wherein verifying the key used to sign the information comprises querying an auditable ledger (public ledger-based authentication of the generated user identification-based key. Kote para. 0017.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with a system for authenticating an issued personal key based upon the logging of the key in a public ledger based upon the teachings of Kote.  The motivation being to incorporate a public ledger for authentication in an online or mobile payment system. Kote para. 0001.  
Regarding claim 18, Gudorf in view of Fitch discloses the limitations of claim 15. Gudorf in view of Fitch does not disclose: wherein verifying the key used to sign the information comprises querying an auditable ledger.
However, Kote does disclose: wherein verifying the key used to sign the information comprises querying an auditable ledger (public ledger-based authentication of the generated user identification-based key. Kote para. 0017.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with a system for authenticating an issued personal key based upon the logging of the key in a public ledger based upon the teachings of Kote.  The motivation being to incorporate a public ledger for authentication in an online or mobile payment system. Kote para. 0001.

Claims 6-7, 13-14, 20-21 rejected under 35 U.S.C. 103 as being unpatentable over Gudorf in view of Fitch in view of Atzmony (U.S. Pat. 7,945,776 B1).
Regarding claim 6, Gudorf in view of Fitch discloses the limitations of claim 1. Gudorf in view of Fitch does not disclose: wherein the information related to the aspect of the user credential received from the user device comprises a portion of a user credential issued to the user device by a second user device.
However, Atzmony does disclose: wherein the information related to the aspect of the user credential received from the user device comprises a portion of a user credential issued to the user device by a second user device (receiving an encrypted passphrase comprising separate portions with a one-way encoded portion used to match with the second portion to determine validity. Atzmony col. 2, ll. 20-48.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with a user credential comprises a portion of a user credential issued by a second device based upon the teachings of Atzmony.  The motivation being to providing additional security to exchanged credentials to protect against the theft of an encryption key. Atzmony col. 2, ll. 1-11.
Regarding claim 7, Gudorf in view of Fitch in view of Atzmony discloses the limitations of claim 6, wherein the portion of the user credential comprises permission for a user of the user device to access a location specified by the second user device (the passphrase is generated by a second device and issued for the purpose of access to a location being a specific storage device. Atzmony col. 11, ll. 3-14.).
 Regarding claim 13, Gudorf in view of Fitch discloses the limitations of claim 8. Gudorf in view of Fitch does not disclose: wherein the information related to the aspect of the user credential received from the user device comprises a portion of a user credential issued to the user device by a second user device.
However, Atzmony does disclose: wherein the information related to the aspect of the user credential received from the user device comprises a portion of a user credential issued to the user device by a second user device (receiving an encrypted passphrase comprising separate portions with a one-way encoded portion used to match with the second portion to determine validity. Atzmony col. 2, ll. 20-48.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with a user credential comprises a portion of a user credential issued by a second device based upon the teachings of Atzmony.  The motivation being to providing additional security to exchanged credentials to protect against the theft of an encryption key. Atzmony col. 2, ll. 1-11.  
Regarding claim 14, Gudorf in view of Fitch in view of Atzmony discloses the limitations of claim 13, wherein the portion of the user credential comprises permission for a user of the user device to access a location specified by the second user device (the passphrase is generated by a second device and issued for the purpose of access to a location being a specific storage device. Atzmony col. 11, ll. 3-14.).
Regarding claim 20, Gudorf in view of Fitch discloses the limitations of claim 15. Gudorf in view of Fitch does not disclose: wherein the information related to the aspect of the user credential received from the user device comprises a portion of a user credential issued to the user device by a second user device.
However, Atzmony does disclose: wherein the information related to the aspect of the user credential received from the user device comprises a portion of a user credential issued to the user device by a second user device (receiving an encrypted passphrase comprising separate portions with a one-way encoded portion used to match with the second portion to determine validity. Atzmony col. 2, ll. 20-48.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the controlled access to information based upon both identity and associated personal information disclosed in Gudorf with a user credential comprises a portion of a user credential issued by a second device based upon the teachings of Atzmony.  The motivation being to providing additional security to exchanged credentials to protect against the theft of an encryption key. Atzmony col. 2, ll. 1-11.  
Regarding claim 21, Gudorf in view of Fitch in view of Atzmony discloses the limitations of claim 20, wherein the portion of the user credential comprises permission for a user of the user device to access a location specified by the second user device (the passphrase is generated by a second device and issued for the purpose of access to a location being a specific storage device. Atzmony col. 11, ll. 3-14.).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408. The examiner can normally be reached Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/VANCE M LITTLE/Examiner, Art Unit 2494