Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 11, 13-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 11 and 13-14 recite the limitation "the proposition information" in line 16, 6, 6 respectively.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 15 does not fall within at least one of the four categories of patent eligible subject matter because claim 15 is directed to a system claim comprising “a credential issuing server” and “an opening server”. However, “a credential issuing server” or “an opening server” is not necessarily a hardware or a device to render claim 15 to be a machine and fit it into one of the four category of eligible subject matter. When “a credential issuing server” and “an opening server” are given their BRI to one of ordinary skill in the art, they can be implemented as a software module and therefore they are considered program per se or software per se. [See Applicant’s Disclosure 0134-0136 and 0140]. Similarly, “a signature verification server” in claim 16, “a linking server” in claim 18 are considered program per se or software per se.  Claims 16-20, failed to remedy the deficiencies of claim 15 and they also failed to fall within at least one of the four categories of patent eligible subject matter. Therefore, 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-3, 11-12, 15-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Camenisch et al. Hereinafter referred to as Camenisch, US. Pub. No.: US 20140359289 A1 in view of Teranishi US. Pub. No.: US 20120124379 A1.

As per claim 1:
Camenisch discloses a method for authenticating in an anonymous credential authentication system ([0032]: The term "first system" may denote a computer system of a user, e.g., an online bank client or an online shopper. He may have received his credential(s) from an issuer. The user may generate the verification token and may send it to a bank of an online retailer for an online transaction. This receiver may be a verifier), the method comprising:
receiving an anonymous credential signature value from a user device that has been issued the credential combined with multiple pieces of attribute information constituting personal information ([0027]: The term "credential" may denote a trusted attestation of "features of a person" or other data to be used to verify the validity of information given by that person. The credential may be used as verification for an access to electronic accounts, e.g., bank accounts or Internet shopping accounts. However, credentials may be used in a wide variety of ways, also for an access to governmental or healthcare services. Typically, a trust center or issuer certifies the credentials of a user who then may use the credentials as an authorization key. The credentials of a user may be certified based on information outside the computer networks in 
generating and outputting signer authentication information that confirms a signer of the anonymous credential signature value using an opening key ([0086-0087]: The issuer of the credential cred may generate a key pair of public and secret key (pkI, skI) for a redactable signature scheme; create a verification token that discloses attributes (ai)i.di-elect cons.D, the user first authenticates the verifier V and receives a random nonce N, redacts the signature .sigma.C to a new signature .tau. that certifies only the attributes (ai)i.di-elect cons.D and pkC, but hides the attributes (ai)iD.).

Camenisch does not explicitly disclose the anonymous credential signature value indicating that setting proposition information using a credential is satisfied from the user device. Teranishi, in analogous art however, discloses the anonymous credential signature value indicating that setting proposition information using a credential is satisfied from the user device ([0041]: the signature text generating module 221a of the user device combines a part of the user public key and a part of the attribute certificate corresponding to the undisclosed attributes, and generates a signature text of knowledge regarding the fact that the combined data satisfies an expression defined in advance; [0098-0099]: The attribute authentication unit 251 issues an attribute certificate regarding the attribute .chi. to the user device).  Therefore, it would have 

As per claim 2:
Camenisch discloses verifying the signer authentication information ([0072]: The credential may also comprise further secret cryptographic information that may be used, but not necessarily revealed when authenticating to a verifier; [0087]: To create a verification token that discloses attributes (ai)i.di-elect cons.D, the user first authenticates the verifier V).

As per claim 3:
Camenisch discloses wherein further comprising verifying validity of the anonymous credential signature value ([0084]: the verification token tok is valid with respect to pkI; [0087])

As per claim 11:
Camenisch discloses a method for authentication of an anonymous credential authentication system in a user device ([0032]: The term "first system" may denote a computer 
transmitting, to a credential issuance server, a credential issuance request message ([0027]: The term "credential" may denote a trusted attestation of "features of a person" or other data to be used to verify the validity of information given by that person. The credential may be used as verification for an access to electronic accounts, e.g., bank accounts or Internet shopping accounts. However, credentials may be used in a wide variety of ways, also for an access to governmental or healthcare services. Typically, a trust center or issuer certifies the credentials of a user who then may use the credentials as an authorization key. The credentials of a user may be certified based on information outside the computer networks in the real world; [0036]: The term "issuer" may denote a trusted authority generating a credential out of attributes of a user or other data), including multiple pieces of attribute information constituting personal information ([0029]: The term "attribute" may denote a set of personal information of a user, like, full name, address, telephone number account number and other sensitive private information that should not be made available to the general public to avoid a misuse), a commitment value for the multiple pieces of attribute information ([0030]:  The term "commitment" may denote a blinded version of an attribute from the credentials,  from the commitment alone a receiver may not be able to read the attribute, but at the same time a commitment already determines a concrete attribute, One verification token may comprise several commitments; [0052]: the commitments for the subset of the plurality of attributes, and 
getting a credential including a signature value of the credential issuing server generated by using an issuing key and random values selected from an integer set representing the multiple pieces of attribute information issued from the credential issuing server ([0004]:  Attribute-based credentials, such as X.509 certificates or privacy-enhancing Identity Mixer credentials, are certified attribute-value pairs that are issued by an issuer, e.g., a trusted government-backed official authority--to a user; [0009]: The credential may be a set of attributes certified by an issuer to a user with reference to a public key of the issuer, generating, in particular, on a user system, the verification token out of the credential, wherein the verification token may comprise at least one commitment, in particular, a plurality of commitments--e.g., one for each attribute—wherein a commitment is a blinded version of an attribute; [0027]);
generating an attribute authentication signature key by combining a system public key published by the credential issuing server, the credential and the multiple pieces of attribute information ([0086-0087]: The issuer of the credential cred may generate a key pair of public and secret key (pkI, skI) for a redactable signature scheme; create a verification token that discloses 
presenting an anonymous credential signature value and receiving a verification result for the anonymous credential signature value ([0086; 0089]: The issuer of the credential cred may generate a key pair of public and secret key (pkI, skI) for a redactable signature scheme. For each credential cred, the user may generate a fresh signature key pair (pkC, skC) for a standard signature scheme; In case of a private construction from anonymous credentials, the issuer generates a Camenisch-Lysyanskaya (from here on CL) signature key pair (skI, pkI)=(p, (n, R0, . . . , RL, S, Z)). The values R0, . . . , RL, S, Z may be values of the private key of the issuer. A user's credential cred on attribute values a0, . . . , aL is a CL signature (e, A, v) on the message (a0, . . . , aL)).

Camenisch does not explicitly disclose the anonymous credential signature value indicating the proposition information set is satisfied using the credential and the attribute authentication signature key. Teranishi, in analogous art however, discloses the anonymous credential signature value indicating the proposition information set is satisfied using the credential and the attribute authentication signature key ([0041]: the signature text generating module 221a of the user device combines a part of the user public key and a part of the attribute certificate corresponding to the undisclosed attributes, and generates a signature text of knowledge regarding the fact that the combined data satisfies an expression defined in advance; [0098-0099]: The attribute authentication unit 251 issues an attribute certificate regarding the 

As per claim 12:
Camenisch discloses wherein the system public key includes at least one of a first public parameter providing a signer authentication and a second public parameter providing a linking check between two signature values ([0037] The term "public key" may denote an authentication key that may be publicly available for verifying information that was previously authenticated, using the corresponding secret key;[0072]: user must be able to somehow check the verifier's identifier V, the identifier V could, for example, be the verifier's public key or, it could be its URL if a PKI is in place to authenticate servers by their URL, the verification token may be "bound" to the nonce N and the verifier's identifier V, in the sense that it may not be used out of context with a different nonce N or verifier's identifier V).

As per claim 15:

a credential issuing server that issues a credential combined with multiple pieces of attribute information constituting personal information in response to a system public key to the user ([0027]: The term "credential" may denote a trusted attestation of "features of a person" or other data to be used to verify the validity of information given by that person. The credential may be used as verification for an access to electronic accounts, e.g., bank accounts or Internet shopping accounts. However, credentials may be used in a wide variety of ways, also for an access to governmental or healthcare services. Typically, a trust center or issuer certifies the credentials of a user who then may use the credentials as an authorization key. The credentials of a user may be certified based on information outside the computer networks in the real world; [0036]: The term "issuer" may denote a trusted authority generating a credential out of attributes of a user or other data), including multiple pieces of attribute information constituting personal information ([0029]: The term "attribute" may denote a set of personal information of a user, like, full name, address, telephone number account number and other sensitive private information that should not be made available to the general public to avoid a misuse), a commitment value for the multiple pieces of attribute information ([0030]:  The term "commitment" may denote a blinded version of an attribute from the credentials,  from the commitment alone a receiver may not be able to read the attribute, but at the same time a commitment already determines a concrete attribute, One verification token may comprise several commitments; [0052]: the commitments for the subset of the plurality of attributes, and 
an opening server that generates and outputs signer authentication information for confirming a signer of an anonymous credential signature value ([0071-0072]: selective auditing by running the verification token; generate, one or more opening keys, outputs oi may be the individual opening keys for those commitments; 0093; 0098)

Camenisch does not explicitly disclose the anonymous credential signature value indicating that setting proposition information set is satisfied using the credential from the user who is issued the credential is received. Teranishi, in analogous art however, discloses the anonymous credential signature value indicating that setting proposition information set is satisfied using the credential from the user who is issued the credential is received ([0041]: the signature text generating module 221a of the user device combines a part of the user public key and a part of the attribute certificate corresponding to the undisclosed attributes, and generates a signature text of knowledge regarding the fact that the combined data satisfies an expression defined in advance; [0098-0099]: The attribute authentication unit 251 issues an attribute 

As per claim 16:
Camenisch discloses a signature verification server that classifies the attribute information combined with the credential into hidden attribute information, direct disclosure attribute information, and attribute information related to a setting function, performs basic verification on the anonymous credential signature value, and then verifies validity of the anonymous credential signature value by verifying the classified attribute information, respectively ([0070; 0093]).

As per claim 17:
Camenisch discloses a signer identification server that verifies the validity of the signer authentication information according to a verification request of the signer authentication 

As per claim 19:
Camenisch discloses wherein the system public key includes at least one of a first public parameter providing a signer authentication and a second public parameter providing a linking check between two anonymous credential signature values ([0084]:L The user also creates a standard signature sC=SignskC(D, N, V) and sends the verification token tok=(.tau., s) to the verifier. The verifier checks that .tau. is a valid redactable signature for (ai)i.di-elect cons.D and pkC under the issuer's public key pkI, and checks that s is a valid signature of (D, N, V) under pkC; [0093])..

Allowable Subject Matter
Claims 4-10, 13-14, 18 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is a statement of reasons for the indication of allowable subject matter: After consideration and through examination of the claims the pertinent prior arts of record, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the following particular claims:


Claim 5:  wherein the generating and outputting includes: receiving the anonymous credential signature value for the proposition information; calculating a signature value of an issuer using the opening key and the anonymous credential signature value; obtaining user registration information from a user registration list using the signature value of an issuer; and generating the signer authentication information by using the user registration information and values included in the anonymous credential signature value.
Claim 6: if two anonymous credential signature values generated by the user device are given, checking whether the two anonymous credential signature values are linked to each other using a linking key.
Claim 13:  wherein the presenting includes: generating a value providing the signer authentication using the first public parameter and the signature value of the credential issuing server; calculating a proof value that proves each piece of attribute information; generating a zero-knowledge proof value for qualification requirements among the proposition information; and generating an anonymous credential signature value including at least the proof value, the value providing the signer authentication, the zero-knowledge proof value, and the multiple pieces of attribute information.

Claim 18: a linking server that checks whether two anonymous credential signature values are linked to each other using a linking key user when the two anonymous credential signature values generated by the user are given.
Claim 20: wherein when a credential issuance request message including a commitment value for the multiple pieces of attribute information, a zero knowledge proof value for the commitment value, and a user signature value for the commitment value is received from the user, the credential issuing server that calculates a signature value of the credential issuing server using random values selected from an integer set representing the multiple pieces of attribute information, the system public key, the issuing key, and the commitment value, and generates the credential including the random values and the signature value of the credential issuing server.

BRI (Broadest Reasonable Interpretation)
The above claims under examination have been given their BRI consistent with the applicant’s disclosure as they would be interpreted by one of ordinary skill in the art at the time of filing the invention and the following claim words or terms or phrases or languages have been 

Proposition: 
[0089]:	The proposition information QI represents a criterion that attributes should be satisfied. For example, when it is necessary to prove that the user is an adult, the proposition information QI may indicate “age>18”. 

Linking key:
[0009]: The controllable linkability refers to the ability to verify that signature values are linked to each other when a special linking key is given. [0053]: The linking server 300 manages the linking key. When two valid anonymous credential signature values are given, the linking server 300 outputs a signature link result whether they are linked to each other using the linking key, that is, whether two anonymous credential signature values are generated by one signer.

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Contact In formation
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.