DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the amendment filed on 09/22/2021. Claims 1, 5, 8, 9, 13, and 16 have been amended. Claims 1 – 16 are pending for consideration. 

Information Disclosure Statement
The information disclosure statement (IDS) dated 06/24/2021 has been received and considered.

Response to Arguments
Applicant’s arguments filed on 09/22/2021 have been considered but they are moot in view of new grounds of rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3 – 5, 7, and 9 – 15 are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharya et al. (US 2018/0219857) (hereafter Bhattacharya) and in view of Driscoll (US 2020/0374106) (hereafter Driscoll).


Regarding claim 1 Bhattacharya teaches: A method for performing authentication of a client device (Bhattacharya, in Para. [0021] discloses “the computing device may be authenticated by virtue of the certificate chain being validated by the certificate authority”),
[using a hash chain] 
comprising: receiving, by a receiver of a processing server, a first data request from a client device (Bhattacharya, in Para. [0016] discloses “The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers.”),
[the first data request including at least a user identifier and a first hash value as hashed by the client device, wherein the first hash value is a hash value from a hash chain created by the client device;] 
transmitting, by a transmitter of the processing server, a first data response message to the client device (Bhattachary, in Para. [0079] discloses “The device communication interface 306 may also transmit communications to another computer.”); 
[receiving, by the receiver of the processing server, a second data request from the client device from which the first data request was received, the second data request including at least the user identifier and a second hash value, as hashed by the client device, wherein the second hash value is another has value from the hash chain created by the client device;
generating, by a processor of the processing server, a validating hash value by applying a hashing algorithm to the second hash value received in the second data request from the client device from which the first data request was received; 
validating, by the processor of the processing server, the first hash value received in the first data request from the client device as being equal to the generated validating hash value; and ] Attorney Docket No. 0076412-001495Application No. 16/705,506Page 3 of 13 
transmitting, by the transmitter of the processing server, a second data response message to the client device upon successful validation of the first hash value, wherein the second data response message includes one or more data values associated with (Bhattacharya, in Para. [0092] discloses “The server communication interface 406 may also transmit communications to another computer or computing device.”).
Bhattacharya fails to explicitly teach: using a hash chain
the first data request including at least a user identifier and a first hash value as hashed by the client device, wherein the first hash value is a hash value from a hash chain created by the client device;
receiving, by the receiver of the processing server, a second data request from the client device from which the first data request was received, the second data request including at least the user identifier and a second hash value, as hashed by the client device, wherein the second hash value is another has value from the hash chain created by the client device;
generating, by a processor of the processing server, a validating hash value by applying a hashing algorithm to the second hash value received in the second data request from the client device from which the first data request was received; 
validating, by the processor of the processing server, the first hash value received in the first data request from the client device as being equal to the generated validating hash value; and Attorney Docket No. 0076412-001495Application No. 16/705,506Page 3 of 13 
Driscoll from the analogous technical field teaches: using a hash chain (Driscoll, in Para. [0004] discloses “a device includes a receiver configured to receive a first message including a first element of a hash chain and receive a second message after receiving the first message, where the second message includes a second element of the hash chain”)
as hashed by the client device, wherein the first hash value is a hash value from a hash chain created by the client device (Driscoll, in Para. [0003] discloses “A communication device receives a message including an element of a hash chain and verifies the authenticity of the message by applying a hash function to the element to generate a hashed element.” Driscoll, in Para. [0059] discloses “communication device 120 optionally receives a first message including a first element in a hash chain (600).”)
receiving, by the receiver of the processing server, a second data request from the client device from which the first data request was received, the second data request including at least the user identifier and a second hash value, as hashed by the client device, wherein the second hash value is another has value from the hash chain created by the client device (Examiner note: the first and second messages are received by processor from the same source, i.e. the receiver) (Driscoll, in Para. [0006] discloses “causing the processing circuitry to receive a first message including a first element of a hash chain from a receiver and receive a second message from the receiver after receiving the first message, where the second message includes a second element of the hash chain.”);
generating, by a processor of the processing server, a validating hash value by applying a hashing algorithm to the second hash value received in the second data request from the client device from which the first data request was received (Driscoll, in Para. [0018] discloses “Each subsequent hash element received by communication device 120 and other receivers can be authenticated by hashing the hash element and comparing the hash result to a previously received and authenticated hash element”);
validating, by the processor of the processing server, the first hash value received in the first data request from the client device as being equal to the generated validating hash value; and Attorney Docket No. 0076412-001495Application No. 16/705,506Page 3 of 13 (Driscoll, in Para. [0042] discloses “To confirm the authenticity of the HN-1 hash value, receivers 320A-320C can compare the hashed element to the HN hash value. If the hashed element matches the HN hash value, receivers 320A-320C know that the HN-1 hash value is authentic because only transmitter 310 knows the hash values in reverse order.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Bhattacharya, in view of the teaching of Driscoll which discloses operations with a hash chain comprising additional hashing of the chain elements and comparative analysis of the hashed chain elements in order to higher security of communication (Driscoll, [0004, 0006, 0018, 0042, 0059]).

Regarding claim 3 Bhattacharya teaches: The method of claim 1, wherein the second data request includes an identification of the hashing algorithm (Examiner note: identification of the hashing algorithm is met by using a second identifier as a Secure Hash Algorithm 1, i.e. SHA-1) (Bhattachary, in Para. [0006] discloses “The second identifier of the parent certificate may be a "Secure Hash Algorithm 1" (SHA-1) hash value of the modulus of the public key of the parent certificate.”).

Regarding claim 4 Bhattacharya teaches: The method of claim 1, wherein the second data response message is transmitted to the client device without the one or more data values if validation of the first hash value is unsuccessful (Examiner note: data transmission (or denial) depending on the first hash value validation is met by the certificate chain validation process comprising generation of parent certificate affecting data communication in the system) (Bhattachary, in Para. [0096] discloses “The method further includes the step 503 of obtaining a first hash value that is a hash of a public key modulus of the public key of the parent certificate.” Bhattachary, in Para. [0082] discloses “the microprocessor 313 may use the microchip communication interface 314 to send the microchip certificate 350 to a device reader” Bhattachary, in Para. [0053] discloses “Upon receiving the microchip certificate 114, the authentication server 122 can lookup the corresponding parent certificate and perform a certificate chain validation process.” Bhattachary, in Para. [0046] discloses “The service provider 120 can implement an authentication server 122 for authenticating devices using certificate chain validation. Devices, including the device 132, may communicate with the authentication server 122 using a device reader 150” Bhattachary, in Para. [0047] discloses “In order to be authenticated, devices can provide their signed certificates to the authentication server 122. In this embodiment, the authentication server 122 stores numerous certificates for authenticating a variety of different devices.”)

Regarding claim 5 Bhattacharya teaches: A method for authentication of a client device (Bhattachary, in Para. [0021] discloses “the computing device may be authenticated by virtue of the certificate chain being validated by the certificate authority”) 
[using a hash chain,] 
comprising: an identifying step of identifying, by a processor of a computing device, a base data value (Examiner note: the base data value is met by the parent certificate corresponding to the initially chosen database value) (Bhattachary, in Para. [0001] discloses “Certificate chain validation is an iterative process that validates the signature of a signed certificate using the public key of a parent certificate in a chain of certificates.” Bhattachary, in Para. [0006] discloses “The authentication server can identify the parent certificate corresponding to second identifier value using a table or database containing associations of second identifiers to parent certificates or parent public keys.”);  
a first generating step of generating, by the processor of the computing device, a first hash value by applying a hashing algorithm to the identified base data value; (Bhattachary, in Para. [0096] discloses “The method further includes the step 503 of obtaining a first hash value that is a hash of a public key modulus of the public key of the parent certificate.”);
a second generating step of generating, by the processor of the computing device, a subsequent hash value by applying the hashing algorithm to the generated first hash valueAttorney Docket No. 0076412-001495Application No. 16/705,506Page 4 of 13 (Bhattachary, in Para. [0021] discloses “The term "certificate chain validation" refers to is an iterative process that validates the signature of the first signed certificate within a chain of certificates using a public key of the signer of the first certificate. The public key of the signer of the first certificate is included in the second certificate within the chain of certificates. The second certificate may be validated similarly” Bhattachary, in Para. [0090] discloses “The memory unit 404 can store a plurality of certificates 411 for performing certificate chain validation as discussed above.”);
[a creating step of creating, by the processor, a hash chain of a plurality of hash values by repeating, by the processor of the computing device, the second generating step a predetermined number of times;]
(Examiner note: creation (and storage) of the hash values predetermined number of times is met by setting the subset of the hash value numbers to be processed) (Driscoll, in Para. [0043] discloses “As a compromise between computation workload and storage space, transmitter 310 could store just a subset of the hash values, for example, every 1000th value. Transmitter 310 can regenerate the remaining hash values using the stored hash values as needed.”  
a first transmitting step of transmitting, by a transmitter of the computing device, a first data request to a processing server (Bhattachary, in Para. [0079] discloses “The device communication interface 306 may also transmit communications to another computer.”); 
[the first data request including at least a user identifier and a final hash value in the hash chain of the plurality of hash values; a first receiving step of receiving, by a receiver of the computing device, a first data response message from the processing server;]
 [a second transmitting step of transmitting, by the transmitter of the computing device, a second data request to the processing server, the second data request including at least the user identifier and a second-to-final hash value in the hash chain of the plurality of hash values;] 
 [and a second receiving step of receiving, by the receiver of the computing device, a second data response message from the processing server,] 
wherein the second data response message includes one or more data values associated with the user identifier (Bhattachary, in Para. [0075] discloses “The microchip certificate can contain a hash value or other identifier value such that the authentication server can identify the certificate authority of the device's secure element.”)
Bhattacharya fails to explicitly teach: using a hash chain
a creating step of creating, by the processor, a hash chain of a plurality of hash values by repeating, by the processor of the computing device, the second generating step a predetermined number of times;
the first data request including at least a user identifier and a final hash value in the hash chain of the plurality of hash values; a first receiving step of receiving, by a receiver of the computing device, a first data response message from the processing server;
a second transmitting step of transmitting, by the transmitter of the computing device, a second data request to the processing server, the second data request including at least the user identifier and a second-to-final hash value in the hash chain of the plurality of hash values;
a second receiving step of receiving, by the receiver of the computing device, a second data response message from the processing server 
Driscoll from the analogous technical field teaches: using a hash chain (Driscoll, in Para. [0004] discloses “a device includes a receiver configured to receive a first message including a first element of a hash chain and receive a second message after receiving the first message, where the second message includes a second element of the hash chain”),
a creating step of creating, by the processor, a hash chain of a plurality of hash values by repeating, by the processor of the computing device, the second generating step a predetermined number of times (Examiner note: creation (and storage) of the hash values predetermined number of times is met by setting the subset of the hash value numbers to be processed) (Driscoll, in Para. [0043] discloses “As a compromise between computation workload and storage space, transmitter 310 could store just a subset of the hash values, for example, every 1000th value. Transmitter 310 can regenerate the remaining hash values using the stored hash values as needed.”)  
the first data request including at least a user identifier and a final hash value in the hash chain of the plurality of hash values; a first receiving step of receiving, by a receiver of the computing device, a first data response message from the processing server (Driscoll, in Para. [0003] discloses “A communication device receives a message including an element of a hash chain and verifies the authenticity of the message by applying a hash function to the element to generate a hashed element.” Driscoll, in Para. [0059] discloses “communication device 120 optionally receives a first message including a first element in a hash chain (600).”); 
a second transmitting step of transmitting, by the transmitter of the computing device, a second data request to the processing server, the second data request including at least the user identifier and a second-to-final hash value in the hash chain of the plurality of hash values (Driscoll, in Para. [0063] discloses “After transmitting the first packet, transmitter 310 transmits the second hash value (706). Receivers 320A-320C can verify the authenticity of the second hash value by applying the hash function to the second hash value and comparing the output of the hash function to the first hash value.”)
and a second receiving step of receiving, by the receiver of the computing device, a second data response message from the processing server (Driscoll, in Para. [0006] discloses “causing the processing circuitry to receive a first message including a first element of a hash chain from a receiver and receive a second message from the receiver after receiving the first message, where the second message includes a second element of the hash chain.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Bhattacharya, in view of the teaching of Driscoll which discloses operations with a hash chain comprising additional hashing of the chain elements and comparative analysis of the hashed chain elements in order to higher security of communication (Driscoll, [0003, 0004, 0006, 0043, 0059, 0063]).

Regarding claim 7, claim 7 dependent on claim 5 discloses a method that is substantially equivalent to the method of claim 3 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 7 and rejected for the same reasons.

Regarding claim 9, claim 9 discloses a system that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 9 and rejected for the same reasons.

Regarding claim 10, claim 10 dependent on claim 9 discloses a system that is substantially equivalent to the method of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 10 and rejected for the same reasons.

Regarding claim 11, claim 11 dependent on claim 9 discloses a system that is substantially equivalent to the method of claim 3 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 11 and rejected for the same reasons.

Regarding claim 12, claim 12 dependent on claim 9 discloses a system that is substantially equivalent to the method of claim 4 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 4 are equally applicable to claim 12 and rejected for the same reasons.

Regarding claim 13, claim 13 discloses a system that is substantially equivalent to the method of claim 5. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 13 and rejected for the same reasons.

Regarding claim 14, claim 14 dependent on claim 13 discloses a system that is substantially equivalent to the method of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 14 and rejected for the same reasons.

Regarding claim 15, claim 15 dependent on claim 13 discloses a system that is substantially equivalent to the method of claim 3 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 15 and rejected for the same reasons.

Claims 2, 6,  8, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharya et al. (US 2018/0219857) (hereafter Bhattacharya), in view of Driscoll (US 2020/0374106) (hereafter Driscoll), and in view of Padmanabhan (US 2020/0374106) (hereafter Padmanabhan).

Regarding claim 2 Bhattacharya as modified fails to explicitly teach: The method of claim 1, wherein the first and second data requests are transmitted and received using a stateless protocol.
Padmanabhan from the analogous technical field teaches: The method of claim 1, wherein the first and second data requests are transmitted and received using a stateless protocol (Padmanabhan in Para. [0185] discloses “Utilizing a stateless protocol and standard operations, RESTful systems aim for fast performance, reliability, and the ability to grow, by re-using components that can be managed and updated without affecting the system as a whole, even while it is running, thus permitting fuller interoperability between the depicted blockchain and the connected elements, such as the partner user, the host org users, and the integration builder 153.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Bhattacharya, as modified by Driscoll, in view of the teaching of Padmanabhan which discloses network communication using stateless protocol in order to improve management of network communication (Padmanabhan, [0185]).

Regarding claim 6, claim 6 dependent on claim 5 discloses a method that is substantially equivalent to the method of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 6 and rejected for the same reasons.

Regarding claim 8 Bhattacharya as modified fails to explicitly teach: The method of claim 5, wherein the user identifier and final hash value are included in a header of the first data request.
Padmanabhan from the analogous technical field teaches: The method of claim 5, wherein the user identifier and final hash value are included in a header of the first data request (Examiner note: the last hash value is met by the hash of the previous data block in a chain) (Padmanabhan in Para. [0191] discloses “a series of standard blocks 142, each having a header which is formed based at least in part from a hash of the header of the block which precedes it.” Padmanabhan in Para. [0072] discloses “The access privileges can utilize a unique user identifier (UUID) or similar entity identifier.” Padmanabhan in Para. [0535] discloses “any node that seeks to service a request to access the protected data (Block 1131) makes an initial check of the UUID of the requestor and/or identification information”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Bhattacharya, as modified by Driscoll, in view of the teaching of Padmanabhan which discloses data block headers each comprising identifiers and hash values from the previous data blocks in a chain in order to improve   data management in the system (Padmanabhan, [0072, 0191, 0535]).

Regarding claim 16, claim 16 dependent on claim 13 discloses a method that is substantially equivalent to the method of claim 8 dependent on claim 5. Therefore, the arguments set forth above with respect to claim 8 are equally applicable to claim 16 and rejected for the same reasons.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Applicant's amendment necessitated the new ground(s) of rejection presented in
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37
CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE
MONTHS from the mailing date of this action. In the event a first reply is filed within
TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/V.I.G./Examiner, Art Unit 2431         

/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431