DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The amendment filed 10/6/2021 has been entered. Claims 1, 11, 15-17 are currently amended. Claim 5 has been currently cancelled. Claims 2-3, 6, 9 are previously cancelled claims. Claims 1, 4, 7-8, 10-17 are pending in the application.
Response to Amendments
The objection of claim 1, 15-17 due to informalities has been withdrawn in light of applicant’s amendment to the claims.
Response to Arguments
Applicant’s arguments, see pg. 9-10 of the Remarks filed 10/6/2021 regarding claims rejected under 35 USC 103 as being unpatentable over combination of references of record have been fully considered but are moot because the arguments do not apply to the present combination of references being used in the current office action with newly applied prior arts Lewison and Adam.
Examiner acknowledges that applicant has amended the independent claims 1, similarly claims 15-17, with underline reciting “determine revoked credentials, comprising to: query a credential system to determine whether a revocation indication has been written to a distributed ledger network for at least one stored credential of the list of the stored credentials;” and  “locally delete the revoked credentials; determine whether to purge metadata associated with the revoked credentials; and in response to a determination that the metadata associated with the revoked credentials is to be purged, locally purge the metadata associated with the revoked credentials” (inter alia). 
Applicant argued that the applied references of records fails to teach or render obvious the amended limitations shown above. However, upon review of the amended features and updated search, a new reference Lewison et al (US 20170338967A1) is found and asserted to teach the limitation “query a credential system to determine whether a revocation indication has been written to a distributed ledger network for at least one stored credential of the list of the stored credentials”, and previously identified reference Adam et al (US20170005809A1) is asserted to teach “locally delete the revoked credentials; determine whether to purge metadata associated with the revoked credentials; and in response to a determination that the metadata associated with the revoked credentials is to be purged, locally purge the metadata associated with the revoked credentials”. See details in claim rejection under 35 USC 103 below.
Applicant’s arguments regarding dependent claims are also moot due to their inheritance of the deficiencies of the independent claims. Applicant is advised to further incorporate innovative features into independent claims to advance the case.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4, 7-8, 11, 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Campero et al (US20180075247A1, hereinafter, "Campero"), in view of Freeman et al (US20040162985A1, hereinafter, “Freeman”), further in view of Lewison et al (US20170338967A1, hereinafter, “Lewison”) and Adam et al (US 20170005809A1, hereinafter, “Adam”).
Regarding claim 1, Campero teaches: 
A system for providing an application (Campero, [Abstract] user devices and a server system to process employee generated requests to allow guest access registration), comprising:
(Campero, See Fig. 15, a credential-based access process flow 300. Fig. 24-25 shows user interface); 
a hardware processor (Campero, Fig. 25, processor device) and a memory coupled with the hardware processor, wherein the memory is configured to provide the hardware processor with instructions which when executed cause the hardware processor (Campero, Fig. 25 and [0213]  Memory stores program instructions and data used by the processor) to:
provide the application to the device (Campero, [Abstract] Disclosed are techniques that use user devices and a server system to process employee generated requests to allow guest access registration (i.e. application)), wherein the application is configured to:
receive a request for a list of valid credentials (Campero, [0010] a method executed by a server system includes receiving by the server system from a first user device a request to allow guest access, sending by the server system to a second user device a message requesting user credentials);
determine a list of stored credentials (Campero, [0093] The mobile credential is stored in a user's wallet 13a (i.e. stored credentials) and is identified as authentic by use of the distributed ledger 14. The distributed ledger 14 is used to supply secure credentials to the user's wallet 13a all of which have been validated by the distributed ledger 14);
provide the list of the stored credentials to a database system (Campero, [0143] In summary, as above in FIGS. 13, 13A-13C, from the wallet the user's profile is also sent to the security application… The security application 188 sends/updates the received profile, public key and user type over a distributed network for transfer to and storage in the distributed ledger system (i.e. database system), where the profile, public key of the user and the user type are stored), wherein the database system is configured to: [determine revoked credentials; and determine new credentials] (See Freeman below for limitations in bracket), comprising to: [query a credential system to determine whether a revocation indication has been written to a distributed ledger network for at least one stored credential of the list of the stored credentials] (See Lewison below for limitations in bracket); 
and determine the list of the valid credentials based at least in part on the list of the stored credentials and the revoked credentials, and [the new credentials] (Campero, [0117] The OCSP and OCSP stapling can be used instead of CRL lists to determine if a certificate is valid or not. And [0120] although the certificate is authentic the wallet needs to verify that the certificate has not been revoked.  The wallet can do this verification a number of ways.  One way to verify that the certificate has not been revoked, has the wallet contact the company certificate authority directly through an OCSP request). Examiner further notes that the new credential is newly created therefore is not the revoked credential, i.e. valid credential. (See Freeman below for the new credentials)
While Campero does not explicitly teach the following limitation(s), but in the same field of endeavor Freeman teaches:
wherein the database system is configured to: determine revoked credentials (Freeman, [0032] Credential revocation list 306 includes indications of those credentials 102 that have been revoked and are therefore no longer valid. And [0048] This credential 102, which includes at least the credential identifier 202 thereof, is retrieved from database 512.  Using at least credential identifier 202 to identify the credential 102 that is to be revoked,… And [0079] Signed object canceller 1012 then causes credential 102 to be revoked by sending a revocation request that includes at least credential identifier 202 to credential authority 302);
and determine new credentials (Freeman, [0083] Credential authority 302 may be a root credential authority, an intermediate credential authority, any other authorized representative thereof, and so forth.  In response to the request for a new credential 102, credential authority 302 extracts a new credential 102 from available credentials 308), 
receive an indication of the revoked credentials from the database system (Freeman, [0032] Credential revocation list 306 includes indications of those credentials 102 that have been revoked and are therefore no longer valid);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Freeman in the access management method of Campero by determining revoked credentials using credential identifier and credential revocation list. This would have been obvious because the person having ordinary skill in the art would have been motivated to using valid credentials to digitally sign objects to associating individual credentials with individual objects in order to tie the lifetime and viability of an object to the time span and validity of a credential (Freeman, [Abstract], [0001]).
While Campero-Freeman combination further teaches determine revoked credentials, determine new credentials, but does not explicitly teach the following limitation(s), however in the same field of endeavor Lewison teaches:
query a credential system to determine whether a revocation indication has been written to a distributed ledger network for at least one stored credential of the list of the stored credentials (Lewison, [Abstract] An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. … and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lewison in the access management method of Campero-Freeman by using serial number of the certificate in the revocation store as ledger transaction for revoked certificate. This would have been obvious because the person having ordinary skill in the art would have been motivated to use revocation store to indicate the revoked certificate with ledger transaction through the ledger (Lewison, [Abstract], [0008]).
While Campero-Freeman-Lewison combination does not explicitly teach the following limitation(s), however in the same field of endeavor Adam teaches:
locally delete the revoked credentials; determine whether to purge metadata associated with the revoked credentials; and in response to a determination that the metadata associated with the revoked credentials is to be purged, locally purge the metadata associated with the revoked credentials (Adam, [0022] The organization data deletion system 116 manages deletion of organization data. When revoking access to data, the one or more encryption keys used to decrypt the data are deleted or otherwise made unavailable at the computing device 102. Additionally or alternatively, one or more organization metadata tags are denoted as revoked, and the access control … applies access restriction based on revocation. The organization data deletion system 116 follows up on the revocation by deleting the organization data itself on the computing device 102, thereby freeing up space in data store 114. And [0050] This deletion can include deleting files, deleting metadata (i.e. purge metadata)… And [0076] the second organization data comprising data that is associated with revoked user credentials; … and the deleting comprising deleting the higher priority second organization data before deleting lower priority second organization data).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Adam in the access management method of Campero-Freeman-Lewison by deleting revoked data. This would have been obvious because the person having ordinary skill in the art would have been motivated to remove the revoked organization data to save computing resources (Adam, [Abstract], [0076]).

Regarding claim 15, Campero-Freeman-Lewison-Adam combination teaches: 
A method for providing an application (Campero, [Abstract] user devices and a server system to process employee generated requests to allow guest access registration), comprising: method steps substantially similar to the method steps performed by the system of claim 1, therefore is rejected with same rational set forth as rejection of claim 1 above.

Regarding claim 16, Campero-Freeman-Lewison-Adam combination teaches: 
(Campero, [Abstract] user devices and a server system to process employee generated requests to allow guest access registration (i.e. application). And [0215] … a computer program tangibly embodied in one or more tangible, physical hardware storage devices that are computer and/or machine-readable storage devices for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, …) for: performing the method steps substantially similar to the method steps performed by the system of claim 1, therefore is rejected with same rational set forth as rejection of claim 1 above.

Regarding claim 17, Campero-Freeman-Lewison-Adam combination teaches: 
A system for identifying revoked credential information (Campero, [0007] The techniques described herein provide a higher level of identity validation…And [0120] One way to verify that the certificate has not been revoked, has the wallet contact the company certificate authority directly through an OCSP request.  The company certificate authority will provide an OCSP response that contains the status of the certificate (i.e. valid, revoked, etc.)), comprising: an interface configured to: receive a request for a list of valid credentials (Campero, [0202] The guest wallet interfaces to the door reader with the flows described above.  The Manager Application uses the distributed network, Authenticate REST API for authentication using credentials authentication flow for authentication); and a hardware processor; and a memory coupled with the hardware processor, wherein the memory is (Campero, Fig. 25 and [0213] Memory stores program instructions and data used by the processor) to: perform method steps substantially similar to the method steps performed by the system of claim 1, therefore is rejected with same rational set forth as rejection of claim 1 above.

Regarding claim 4, Campero-Freeman-Lewison-Adam combination further teaches:
The system of claim 1, wherein the hardware processor is further configured to delete one or more of the stored credentials associated with the revoked credentials (Adam, [0076] the second organization data comprising data (i.e. one or more of the stored credentials information or metadata) that is associated with revoked user credentials; the method further comprising prioritizing the second organization data so that second organization data that is more sensitive has a higher priority than second organization data that is less sensitive, and the deleting comprising deleting the higher priority second organization data before deleting lower priority second organization data).

Regarding claim 7, Campero-Freeman-Lewison-Adam combination further teaches:
The system of claim 1, wherein the hardware processor is further configured to retrieve the new credentials (Freeman, [0083] In response to the request for a new credential 102, credential authority 302 extracts (i.e. retrieve) a new credential 102 from available credentials 308).

Regarding claim 8, Campero-Freeman-Lewison-Adam combination further teaches:
The system of claim 1, wherein the database system is further configured to revoke one or more credentials (Freeman, [0010] accessing a database at an entry for the signed object to retrieve an associated credential, the associated credential having been used to sign an object to produce the signed object; and causing the associated credential to be revoked).

Regarding claim 11, Campero-Freeman-Lewison-Adam combination further teaches:
The system of claim 8, wherein the database system is further configured to provide a set of revoked credential identifiers to the credential system (Freeman, [0079] Signed object canceller 1012 then causes credential 102 to be revoked by sending a revocation request that includes at least credential identifier 202 to credential authority 302 (i.e. credential system)).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over the Campero-Freeman-Lewison-Adam combination as applied above to claim 8, further in view of Eberwine et al  (US20150350913A1, hereinafter, “Eberwine”).
Regarding claim 10, Campero-Freeman-Lewison-Adam combination teaches:
The system of claim 8, 
While the combination of Campero-Freeman-Lewison-Adam does not explicitly teach the following limitation(s), however in the same field of endeavor Eberwine teaches:
wherein one or more new credentials are provided to the database system for identifying revoked credential information (Eberwine, discloses control of mobile device access using credential identifier. And [0007] The lock device may also identify the second credential identifier as being a revoked identifier. Additionally, the lock device may receive a communication from the mobile device that includes the first credential identifier. The lock device may further identify whether the received first credential identifier is related to the revoked identifier). Examiner notes the recited one or more new credentials are provided to identify revoked credential information is interpreted as that the revoked credential is related to the new credentials, while one or more new credentials is interpreted as credentials since the one or more new credentials appear to be un-related to the new credentials as recited in the independent claim 1.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Eberwine in the access management method of Campero-Freeman-Lewison-Adam by identifying revoked credential based on a credential identifier that is related to the revoked credential identifier. This would have been obvious because the person having ordinary skill in the art would have been motivated to provide mobile device with distribution and revocation of credential identifier for access control of mobile device with credential management system (Eberwine, [Abstract], [0007]).

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over the Campero-Freeman-Lewison-Adam combination as applied above to claim 11, further in view of Qiu  (US20190036710A1, hereinafter, “Qiu”).
Regarding claim 12, Campero-Freeman-Lewison-Adam combination teaches:
The system of claim 11, 

wherein the credential system is configured to: for each credential identifier of the set of revoked credential identifiers: store an indication in a distributed ledger that the credential associated with the credential identifier is revoked (Qiu, [0141] The node can send a revocation request for revoking its own digital certificate, or another node's digital certificate. And [0142] a list of the revoked digital certificates is stored in the blockchain (i.e. distributed ledger). For example, multiple nodes (for example, the one or more nodes that have approved the revocation) may store the revoked digital certificate or another identifier of the targeted node into a revocation list).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Qiu in the access management method of Campero-Freeman-Lewison-Adam by storing a list of revoked digital certificates in the blockchain as method of digital certificate management. This would have been obvious because the person having ordinary skill in the art would have been motivated to allow node in a blockchain network to request consensus verification message with indication of whether to approve or deny the link request based on digital certificate of the node (Qiu, [Abstract], [0142]).

Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over the Campero-Freeman-Lewison-Adam combination as applied above to claim 1, further in view of Sarkissian (US20140181927A1, hereinafter, “Sarkissian”).
Regarding claim 13, Campero-Freeman-Lewison-Adam combination teaches:
The system of claim 1, wherein the database system is configured to: receive the list of the stored credentials (Campero, [0104] Each of the distributed databases 32a-32n of the distributed ledger system 14 will eventually receive 260 and store 262 an encrypted information record corresponding to the user's profile);
While Campero-Freeman-Lewison-Adam combination does not explicitly teach the following limitation(s), but in the same field of endeavor Sarkissian teaches:
provide an indication of the stored credentials to a credential server (Sarkissian, [0038] The application gateway 224 may communicate with a verification server 226 and an OVER File database 228); receive an indication from the credential server that one or more stored credentials of the stored credentials has been revoked (Sarkissian, [0038] A status indicator providing the validity of the OVER File credential may be sent to the OVER File third party client…If the OVER File verification server 226 determines 230 that the credentials are invalid (i.e. revoked), the OVER File verification server 226 may transmit a status indicator indicating an invalid credential and may provide the reason for the invalid status indicator to the third party device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Sarkissian in the access management method of Campero-Freeman-Lewison-Adam by having the credential database to provide an indication of invalid credential to the user device as verifying officially verifiable electronic representations for secure storing and displaying user credentials. This would have been obvious because the person having ordinary skill in the art would have been 

Regarding claim 14, Campero-Freeman-Lewison-Adam combination teaches:
The system of claim 1, 
While Campero-Freeman-Lewison-Adam combination does not explicitly teach the following limitation(s), but in the same field of endeavor Sarkissian teaches:
wherein the stored credentials comprise credentials verifying proof of salary, proof of employment, or proof of health insurance status (Sarkissian, [0025] The OVER File credentials may also comprise privately issued credentials, such as, for example, employee identification cards (i.e. proof of employment), merchant loyalty cards, access cards, insurance credentials (i.e. proof of health insurance status), transportation credentials, or any other credential that may be electronically verified by an issuing agency).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Sarkissian in the access management method of Campero-Freeman-Lewison-Adam by having the credential database to provide an indication of invalid credential to the user device as verifying officially verifiable electronic representations for secure storing and displaying user credentials. This would have been obvious because the person having ordinary skill in the art would have been motivated to allow system to indicate the validity of user credentials for storing and displaying user credentials (Sarkissian, [Abstract], [0004-0005]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Quan et al (US20140096213A1). Discloses credential provider application configured to perform an operation on a request from one of the applications and utilizes credentials associated with the application.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL M LEE/Examiner, Art Unit 2436
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436