DETAILED ACTION

1. 	This Office Action is in response to an application filed on Jan. 22, 2020. The original filing includes claims 1-20. Therefore, Claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Drawings
3. 	The drawing filed on Jan. 22, 2020 are accepted.

Oath/Declaration
4. 	For the record, the Examiner acknowledges that the Oath/Declaration submitted on Jan. 22, 2020 has been accepted by the office. 
Information Disclosure Statement
5.	The information disclosure statements (IDS) submitted on Jan. 22, 2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.

Priority
6.	Acknowledgment is made of domestic priority data as claimed by provisional application 62/830,618 has been filed 04/08/2019.

Claim Rejections - 35 USC § 101
7.	35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

8.	Claims 15-16 and 18-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
Independent claim 15 is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim is not directed towards an apparatus/a system/a machine claim as it recites " A system, the system comprising: ..." without at least one hardware component in the body of the claim as part of the system, thus claim 15 as a whole is interpreted to be software per se. An attempt to claim a system (i.e. a device or a machine) with no tangible structural component in the body of the claim is not patent eligible. See New Interim Patent Subject Matter Eligibility Examination  eligible if it "is programmed to perform particular functions pursuant to instructions from program software," In re Alappat, 33 F.3d 1526, 1545 (Fed. Cir. 1994), here, there is no hardware in the body of the claim that executes the claimed limitation.
Claims 16 and 18-20 are being rejected since they do not remedy the deficiencies of claim upon which it depends.

Claim Rejections - 35 USC § 101
9.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


10.	Claims 1-2, 5-9, 12-16, and 19-20 are not patent eligible for directed to an abstract idea.
11.	Claim 8 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites storing a claim describing an attribute associated with a user identity along with a confirmation of the claim, the confirmation of the claim originating from an authority for the attribute; receiving a request to authenticate the user identity to a service provider, wherein authentication requires that the user identity has the attribute; sending a communication attesting that the user identity has the attribute, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “storing, receiving, and sending,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “storing, receiving, and sending” language, “confirming and authenticating user” in the context of this claim encompasses the steps from practically being performed in the mind.

This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using storing, receiving, and sending to perform confirming and authenticating user in the results steps. Storing, receiving, and sending in all the steps is recited at a high-level of generality (i.e., as a generic computing system performing a generic computer function of confirming and authenticating user) such that it amounts no more than mere instructions to apply the exception using a generic computing component. 
Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using storing, receiving, and sending to perform confirming and authenticating user in steps amounts to no more than mere instructions to apply the exception using a generic computing component. Mere instructions to apply an exception using a generic computing component cannot provide an inventive concept. The claim is not patent eligible.
Claim 9 and 12-13 further recites details of user identity, does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing 
Claim 14 further recites details of authentication, does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea and do not add significantly more limitations. These limitations merely further the abstract idea. 
12.	Claims 1-2 and 5-7 are a non-transitory, computer-readable storage medium storing claims recite substantially the same limitations as claims 8-9 and 12-14 and the use of a non-transitory, computer-readable storage medium does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Hence, claims 1-2 and 5-7 do not add significantly more limitations and are rejected with the same rationale as method claims 8-9 and 12-14 above.
13.	Claims 15-16 and 19-20 are system claims recite substantially the same limitations as claims 8-9 and 12-14 and the use of a authentication provider does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Hence, claims 15-16 and 19-20 do not add significantly more limitations and are rejected with the same rationale as method claims 8-9 and 12-14 above.

Claim Rejections - 35 USC § 102
14.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

15.	Claims 1-11 and 15-20 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Carretero IEEE Access “Federated Identity Architecture of the European eID System” hereinafter “Carretero” Published Nov. 22, 2018.

Regarding claims 1, 8, and 15, Lang teaches: A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: A method, A system, and an authentication provider, (Carretero, see abstract and right col. first paragraph first 4 lines page 75320, “steps of an eID request, throughput of the servers, and the use of CPU and RAM memory”), the method comprising:
storing a claim describing an attribute associated with a user identity along with a confirmation of the claim, the confirmation of the claim originating from an authority for the attribute (Lang, see left col. first paragraph first 12 lines page 75305, “digital identity is information of an entity used by ICT systems to represent an internal or external agent. This information usually consists of an identifier, which is an unique code used to refer the identity, and a set of claims or attributes”), 
receiving a request to authenticate the user identity to a service provider, wherein authentication requires that the user identity has the attribute; receiving a request to authenticate the user identity to a service provider (Carretero, see FIG.  along with left col. first paragraph first 15 lines page 75309, “The authorization grant is then accomplished by redirecting the user agent from the client application to the authorization server, where it is asked for authentication as the resource owner. The user agent is returned with an authorization code and redirected to the client application, which, in turn, sends the code to the authorization server obtaining the Access Token as a response. This token is used to manage user consent against the resource server and to consume the resource, even though it may be considered with a kind of pseudo-authentication. The access token consists of a string denoting a specific scope, lifetime, and other access attributes”), 
wherein authentication requires that the user identity has the attribute (Carretero, see right col. last paragraph last 9 lines page 75306, “A Resource Provider can request just a subset of attributes to  
sending a communication attesting that the user identity has the attribute (Carretero, see right col. second paragraph first 8 lines page 75306, “transferring profile information or performing claim-based authorization (based on Attributes)” also see FIG. 1 and FIG. 5). 

Regarding claims 2, 9, and 16, Carretero teaches all the limitations of claims 1, 8, and 15 respectively. Further Carretero teaches: wherein the communication attesting that the user identity has the attribute does not include details about the attribute (Carretero, see right col. last paragraph last 9 lines page 75306, “A Resource Provider can request just a subset of attributes to access a resource and an Identity Provider can assert that a particular principal possesses these attributes without divulging the actual identity of the principal”).

Regarding claims 3, 10, and 17, Carretero teaches all the limitations of claims 1, 8, and 15 respectively. Further Carretero teaches: wherein the instructions are further effective to cause at least one processor to: receive, from a device operated by the user, the claim describing the attribute associated with their identify (Carretero in right col. section F of page 75309 discloses tools that that are connected to identity server that provides identity services (instructions effective to cause processors to receive claims describing the attributes), see right col. last paragraph last 9 lines page 75306, “A Resource Provider can request just a subset of attributes to access a resource and an Identity Provider can assert that a particular principal possesses these attributes without divulging the actual identity of the principal”);
 send a query to the authority for the attribute (Carretero, first see the right col. section A of page 75307 second paragraph discloses the communication regarding the query and policies and continues in the left col. last two paragraphs of page 75314 where queried through a SAML attribute query as well that reads on applicant’s limitations); and receive a communication from the authority for the attribute confirming the claim is true (Carretero, see FIG. 7 along with first paragraph of left col. page 75312, “The parties involved in the system are the user … The KDC is composed by an Authentication Server (AS), which proves the identities of principals, and the Ticket Grant Server (TGS), which issues tickets to access the desired network service. The concept of the Kerberos system consists of the client proving its identity against the AS, which return a Ticket Granting Ticket as a proof of successful authentication”).

Regarding claims 4, 11, and 18, Carretero teaches all the limitations of claims 1, 8, and 15 respectively. Further Carretero teaches: wherein the communication from the authority is cryptographically signed, and wherein at least a portion of the cryptographically signed communication is stored as the confirmation of the claim (Carretero, see right col. page 75303 last two paragraphs, “A digital certificate includes at least an identifier of the subject, its public key, and the digital signature of a trusted entity called the Certification Authority (CA), over the certificate itself … cryptographic information to derive the public key such as the algorithm … a Certification Authority (CA), issuing digital certificates to end-users or other intermediate certificate authorities that also issues certificates, so that a chain of trust of the certificate is established … the cryptographic material exchanged between the participants is signed using a digital certificate, which is exchanged by the participants”).

Regarding claims 5, 12, and 19, Carretero teaches all the limitations of claims 1, 8, and 15 respectively and also in previous claims discloses instructions causes processor to execute. Further Carretero teaches: store an additional claim describing an additional attribute associated with the user identity along with an additional confirmation of the additional claim, the confirmation of the additional claim originating from an additional authority for the additional attribute, whereby multiple claims and respective validations of the multiple claims are stored in association with the user identity (Carretero, first see page 75305 first two paragraphs of right col. that 

Regarding claims 7, 14, and 20, Carretero teaches all the limitations of claims 1, 8, and 15 respectively. Further Carretero teaches: wherein a condition for authentication with the service provider is defined by a service provider policy. (Carretero, see right col. page 75308 sections C and D last two paragraphs, “policy administration point (PAP), defining policies; Policy Decision Point (PDP), that evaluates applicable policy, match requests against policies, and renders an authorization decision; Policy Enforcement Point (PEP), performing access control; And Policy Information and Retrieval Point (PIP), to get and to store access authorization policies and attribute values.… The OAuth 2.0 protocol (RFC6749) [49] is an authorization framework that enables a third-party consumer application to obtain access to some resource operated/hosted by a service provider with the resource owner consent and without sharing its credentials”).

Claim Rejections - 35 USC § 103
16.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
17.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


18.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
19.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

20.	Claims 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Carretero IEEE Access “Federated Identity Architecture of the European eID System” hereinafter “Carretero” Published Nov. 22, 2018 in view of Brown et al. US 20190173873 filed on Dec. 3, 2018 (according to applicant’s IDS filed on 01/22/2020 Cite No. 1).

Regarding claims 6 and 13, Carretero teaches all the limitations of claims 1, 8, and 15 respectively. Carretero does not explicitly discloses: wherein the claim is that a user has a specified birthdate, and the confirmation originates from a government agency having authoritative records for the birthdate of the user identity
However Brown teaches: wherein the claim is that a user has a specified birthdate, and the confirmation originates from a government agency having authoritative records for the birthdate of the user identity  (Brown, first see ¶¶ [0063-0064] where discloses government agency having authoritative records for user’s birthday or social security, “A particular certificate authority may be associated with a particular entity type, such as a commercial entity, government entity, and the like …. Certain certificate authorities may be highly trusted due to their entity type ( e.g., government certificate authorities) or due to other factors such as length of operation (e.g., a commercial certificate authority with a long existence may be more trusted than a new commercial certificate authority)”; then see ¶¶ [0066, 0072, and 0086], “wherein the ID-VERIFIED certificate is signed by the trusted certificate authority and comprises "ID-VERIFIED information" … The term "identity verification document" refers to any document that can be used to verify an identity of a user/entity, or contains identification information associated with the identity of the user/entity. For example, an identity verification document may include a social security card, birth certificate, driver's license, national identification card, and the like … the user identification document repository is configured to store identity verification documents (e.g., social security card, birth certificate, national identification card, and the like)”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Carretero with the teaching of Brown because the use of Brown’s idea (Brown, abstract) could provide Carretero (Carretero, page 75304 section III first two paragraphs) the ability to verify user identity through government entity by ID-verification information such as user birthday or social security for user successful authentication confirmation, “the user identification document repository is configured ¶¶ [0066, 0072, and 0086]).

Examiner note:
21.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
22.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
James F. Kragh US 10255419 discloses verify and validate user identity for enrollment in a secure personal dataset accessing system, wherein a personal dataset includes identifiable attributes of a user. Authenticity of an asserted user identity includes electronically verified identifiable attributes to form the personal dataset.
Kalman Csaba Toth US 20150095999 discloses an electronic credentialing system that allows personal identity devices to interact; each interacting device has an installed 
Carretero et al. 2018 IEEE “Federated Identity Architecture of the European eID System” discloses basic architecture and evaluation of eID system performance and scalability that the solution is feasible from the point of view of performance while keeping security constrains in mind.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8 AM-5 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/Primary Examiner, Art Unit 2437