Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) filed on 9/2/3021 have been considered but are moot because the new ground of rejection does not rely on matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1-18, 20 and 104 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 2018/0089971 (Campero et al.) in view of US 2013/0227286 (Brisson).
As to claim 1, Campero teaches a system for managing visitor access to one or more resources within a physical area (paragraphs 45, 50: [...] an exemplary distributed network system 10 for access control [...] the wallet holds a user's credentials that are needed for access to a facility using system 10; figure 1), comprising:
a mobile user device of a visitor (paragraph 46: The system 10 includes user devices, [...] such as smartphones 12a, 12b that house respective identity wallets 13a, 13b; figure 1(12a, 12b)) associated to the physical area with a secure component having stored thereon at least one credential for authorizing the mobile user device to communicate transactions with other components of the system (paragraph 46: The system 10 includes user devices, [...] such as smartphones 12a, 12b that house respective identity wallets 13a, 13b. The smartphones 12a, 12b house the identity wallets [...] 13a, 13b, respectively and thus carry user credentials and by use of the wallet and a processor on the smartphone, interacts with portions of the access control system 10; paragraphs 49-50: Identity Wallets 13a, 13b are also used to authenticate credentials of the holder of the particular wallet [...] the wallet holds a user's credentials that are needed for access to a facility using system 10; figure 1(13a, 13b));
one or more components remotely located from the mobile user device and communicatively coupled with the mobile user device (paragraph 54: The system 10 also includes a third party system 18. The third party system 18 can be any electronic system (or device) and is the system/device that seeks some aspect of the Pll or other confidential information of a user or held by the user device 12a, associated with the user. In the examples discussed in conjunction with FIGS. 12-24G, the third party systems are or are aspects of access systems, both physical access as well as logical access [...]; paragraph 86: [...] the facility 110 includes two secured rooms 112a and 112b [...] Room 112a has a doorway 113a and has associated therein an access controller 116a and an ingress card reader 118a [...]; paragraph 90: [...] The ledger 14 is then checked to see if the user is one of the authorized users; figures 9, 12), the one or more components including one or more data structures that define a plurality of entities and associate one or more attributes with the one or more entities corresponding to access to the one or more resources (paragraphs 54, 86, 90; figures 9, 12); and
a first application to manage access of the visitor to the one or more resources based on the one or more data structures and information communicated by the mobile user device to the one or more components in one or more transactions that are authorized using the at least one credential (paragraph 49: The term “wallet” encompasses a complication of three major systems, an electronic infrastructure, an application that operates with the system and the device (e.g., smartphone) that holds the wallet [...]; paragraph 90: The user's wallet 13a (or other application or user via a physical action using a user input device) either answers (yes or no) or simply ignores the message [...]. When the answer is yes, the user's wallet 13a (or other application) encrypts the data [...] The encrypted data is sent 167 from the user's wallet 13a to the broker system 16 [...] At the broker system 16, upon reception of the encrypted data from the user's wallet 18a, the broker system 16 sends the data to the third party system 162. The third party system takes such action as needed by sending a signal to unlock a door [...]
What is lacking is wherein the at least one credential is embedded in the secure component at a time of manufacture of the secure component and wherein the at least one credential is never transmitted outside the secure component.
In analogous art, Brisson teaches a secure component (~device on client side storing encryption keys) storing at least one credential (~encryption keys) that is embedded in the secure component at the time of manufacture and is never transmitted (see Brisson, paragraphs 100 and 154-158).
It would have been obvious to one of ordinary skill to one of ordinary skill in the arts to apply this teaching into Campero so as to ensure security for the credentials.
As to claim 2, Campero further teaches wherein the credential is a block chain credential and wherein the transactions are block chain transactions (see paragraph 51).
As to claim 3, Campero further teaches wherein the credential is a block chain credential and wherein the transactions are block chain transactions (see paragraphs 46 and 90).
As to claim 4, Campero further teaches wherein the secure component is internal to the mobile user device (see paragraphs 46 and 90).
As to claim 5, Campero further teaches wherein the entities include a physical area, the visitor and an entity on whose behalf the visitor is acting and wherein the information communicated by the mobile user device includes an identification of the visitor (see paragraphs 46 and 90). 
As to claim 6, Campero further teaches wherein the one or more entities include the visitor with attributes of the visitor corresponding to access to the one or more resources, a process associated with the physical area, and one or more rules defining conditions and actions corresponding to the process, wherein the information communicated by the mobile user device includes an identification of the visitor and wherein the first application manages access by the visitor to the one or more resources based at least in part on the one or more data structures defining the visitor, the process and the one or more rules (see paragraphs 46, 51, 54 and 90, access to physical area provided through the stored credentials and rules of the access system).
As to claim 7, Campero further teaches wherein at least a first of the one or more components is located within or in close physical proximity to the physical area (see paragraphs 54, 86 and 90; figure 1).
As to claim 8, Campero further teaches wherein the first component controls access to the physical area (see paragraphs 54, 86 and 90; figure 1).
As to claim 9, Campero further teaches wherein at least a first of the one or more components is not located in close physical proximity to the physical area (see paragraphs 54, 86 and 90; figure 1).
As to claim 10, Campero further teaches further comprising: one or more servers that store transactions resulting from visitor access to the physical area as block chain transactions of a block chain (see paragraph 51).
As to claim 11, Campero further teaches further comprising: one or more servers that store transactions resulting from visitor access to the physical area as block chain transactions of a block chain (see paragraph 51).
As to claim 12, Campero further teaches wherein the first application accesses the one or more block chain transactions to execute the smart contract while the visitor is within the physical area (see paragraph 51).
As to claim 13, Campero further teaches wherein the secure component includes a trusted platform module (see paragraphs 46 and 90).
As to claim 14, Campero further teaches wherein the secure component has stored thereon at least one cryptographic key for secure communication between the mobile user device and other components of the system (see paragraphs 46 and 90).
As to claim 15, Campero further teaches wherein the mobile user device has an application thereon to access the one or more resources within the physical area, wherein the secure component has stored thereon at least one secure credential for validation of the application and wherein the first application validates the application using the at least one secure credential thereby enabling execution of the application on the mobile user device (see paragraphs 46 and 54, interaction with access control system requires application).
As to claim 16, Campero further teaches wherein at least a portion of the first application is located on at least one of the one or more components (see paragraphs 49 and 90).
As to claim 17, Campero further teaches wherein at least a portion of the first application is located on the mobile user device (see paragraphs 49 and 90).
As to claim 18, Campero further teaches wherein the first application managing access of the visitor to the one or more resources includes managing access of the visitor to the physical area (see paragraphs 49 and 90).
As to claim 20, Campero further teaches wherein the one or more attributes associated with the one or more entities include attributes corresponding to safety of the visitor while within the physical area (see paragraphs 51 and 54, only authorized users can access locked physical facility).
As to claim 104, Brisson further teaches wherein the secure component is provided on a dongle that is connectible to the mobile user device (see Brisson, paragraph 165).
It would have been obvious to one of ordinary skill to one of ordinary skill in the arts to apply this teaching into Campero so as to allow for the use of the secure component for different client devices.



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAZDA SABOURI whose telephone number is (571)272-8892.  The examiner can normally be reached on 10 am-7 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Appiah can be reached on 571-272-7904.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAZDA SABOURI/Primary Examiner, Art Unit 2641