DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments filed 10/12/2021 have been fully considered but they are not persuasive.

In response to 35 USC 112, Applicant has amended claims 1, 9, and 17. The 35 USC 112 has been withdrawn in light of claim amendment.

In response to 35 USC 101, Applicant has amended claims 17-20. The 35 USC 101 has been withdrawn in light of claim amendment.

In response to 35 USC 103, Applicant argues that Lee-Smith fails to teach “determine a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on the device”.

The examiner respectfully disagree. Smith teaches “determine a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on the device”. Smith discloses “A data repository can include one or more local computing devices or remote computing devices, each accessible to the server 110 directly or indirectly via network 120 [Col 5 lines 24-52]. The claim verification system can access data repositories having digital information stored thereon. The data in each data repository can be searched to identify and retrieve relevant pieces of information about a target entity (e.g., an advertising target) based on a 

In response to 35 USC 103 for claim 17, Applicant argues the limitation “code to receive, from the service provider and in response to the sending the request for the service, a request for a verified claim, the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server that is independent of the service provider, the verified claim being associated with the device”.

Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record for any teaching or matter specifically challenged in the argument.

In response to 35 USC 103, Applicant argues that Lee-Smith fails to teach “receiving, by a device, from the service provider and in response to the sending the request for the service, a request for a verified claim, the verified claim comprising plural data fields to identify a user of the device and being signed by a server, the verified claim being specific to the device”.


In response to 35 USC 103, Applicant argues that Lee-Smith fails to teach “receive, from the service provider and in response to the sending the request for the service, a request for a verified claim, the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with to the device,”.

The examiner respectfully disagree, Lee teaches “receive, from the service provider and in response to the sending the request for the service, a request for a verified claim, the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with to the device,”. Lee discloses “At stage 186, the sign-up module 84 sends the SP-signed certificate (or an indication of the denial of such a certificate) to the user device 12 [0060] (SP-signed certificate interpreted as verified claim). The module 84 is preferably configured to use at least some of the user information to produce the SP certificate. The module 84 may produce the SP certificate to include content and/or formatting that is server specific, user specific, subscription specific, service -provider specific, and/or device specific. User-specific content is information pertaining to (e.g., identifying, associated with, provided by) the user of the user device 12. Device-specific content is information in addition to the device ID and the device public key that is associated with the user device 12 that is used to subscribe to the service (e.g., device manufacturer, device model, one or more device capabilities (e.g., quantity of display pixels), etc.) [0037]. The SP-signed certificate module 86 is configured to receive the signing request from the module 84, with the signing request including the SP certificate, sign the SP certificate to produce an SP-signed certificate, and send the SP-signed certificate to the sign-up module 84 [0038]”. Lee shows sending the verified claim to the user. The certificate contains user and device specific. The user content is information identifying the user. The certificate being signed by the server. The dependent claims do not cure the deficiencies of independent claims 1, 9, 17.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4-6, 9-10, and 12-14  are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 20160365984, hereinafter Lee) in view of Smith et al. (US 10956932, hereinafter Smith).

Re. claim 1, Lee discloses a method comprising: sending, to a service provider, a request for a service provided by the service provider (Lee discloses the user device sends a request for service to the service module 88. The request for service preferably includes the SP-signed certificate received from the sign-up server 30 corresponding to the service provider server 32, i.e., that is part of the same service provider system 18 as the service provider server 32 to which the request is sent [0062]); 
receiving, by a device, from the service provider and in response to the sending the request for the service, a request for a verified claim (At stage 186, the sign-up module 84 sends the SP-signed certificate (or an indication of the denial of such a certificate) to the user device 12 [0060] (SP-signed certificate interpreted as verified claim) Please see 112 rejection), the verified claim comprising plural data fields to identify a user of the device and being signed by a server, the verified claim being specific to the device (Lee teaches the module 84 is preferably configured to use at least some of the user information to produce the SP certificate. The module 84 may produce the SP certificate to include content and/or formatting that is server specific, user specific, subscription specific, service -provider specific, and/or device specific. User-specific content is information pertaining to (e.g., identifying, associated with, provided by) the user of the user device 12. Device-specific content is information in addition to the device ID and the device public key that is associated with the user device 12 that is used to subscribe to the service (e.g., device manufacturer, device model, one or more device capabilities (e.g., quantity of display pixels), etc.) [0037]. The SP-signed certificate module 86 is configured to receive the signing request from the module 84, with the signing request including the SP certificate, sign the SP certificate to produce an SP-signed certificate, and send the SP-signed certificate to the sign-up module 84 [0038]).
Although Lee discloses verified claim to the service provider, Lee does not explicitly teach but Smith teaches in response to the receiving, determining a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on the device (Smith teaches a data repository can include one or more local computing devices or remote computing devices, each accessible to the server 110 directly or indirectly via network 120 [Col 5 lines 24-52]. The claim verification system can access data repositories having digital information stored thereon. the data in each data repository can be searched to identify and retrieve relevant pieces of information about a target entity (e.g., an advertising target) based on a received request to verify a claim about the target entity [Col 4 lines 1-12]. an associated set of keywords that can describe an entity associated with the data repository or the type or context of data stored in the data repository. The keywords associated with a data repository can be searched by accessing the data repository, or can be stored locally in a memory of the server 110. scores, ranks, or numbers of matching terms, are some non-limiting examples of values that can be compared relative to one another, or to predefined thresholds, to determine that a data repository is relevant to the received request [Col 9 lines 18-36]), and sending the confidence assessment and the verified claim to the service provider (Smith teaches notification that verifies claims about entities with a calculated and reliable level of certainty. The claim verification system can access data repositories having digital information stored thereon. The claim verification system can determine if any of the results at least partially correspond to, or in other words, verify any portion of the claim about the entity or subject. The claim verification system can also calculate a veracity score for the claim based on a determined likelihood that the results support the veracity (e.g., factual accuracy) of the claim. The claim verification system can also generate an attestation notification, which can include or be associated with the calculated veracity score. The attestation notification can indicate whether the claim is true (e.g., by reciting the claim or a corresponding claim), and in some aspects, provide a calculated level of certainty that the claim is in fact true. The generated attestation notification can then be communicated back to the requesting device [Col 1 line 49 – Col 2 line 20]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee to include in response to the receiving, determining a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on the device, and sending the confidence assessment and the verified claim to the service provider as disclosed by Smith. One of ordinary skill in the art would have been motivated for the purpose of trusting the accuracy of digital information and the sources from which the digital information is obtained (Smith [Col 1 lines 7-25]).

Re. claim 2, Lee-Smith teach the method of claim 1, further comprising: receiving the verified claim from the server, wherein the verified claim is generated by the server based on verification of the plural data fields by an identity verification provider (Lee discloses the request for service preferably includes the SP-signed certificate received from the sign-up server 30 corresponding to the service provider server 32. the service module 88 authenticates the SP-signed certificate, determines whether the requested service is subscribed to (e.g., paid for), and if so, provides the subscribed-to service to the user device [0061]).

Re. claim 4, Lee-Smith teach the method of claim 1, Lee do not explicitly teach but Smith teaches further comprising: prompting, prior to the determining, the user for authorization to access the data locally- stored on the device; and receiving, in response to the prompting, user input authorizing access to the data locally- stored on the device (Smith teaches provide public or limited access (e.g. read-only) rights, while others provide privileged -access rights based on determined verified privileged access information. In various embodiments, privileged access information can be provided to the server 110 in various forms, such as login credentials (e.g., username, password). The privileged access information can be provided by third-party servicers (e.g., data storage entities) to the server 110 as a requirement for participation in the proof [Col 6 lines 51-64]. After open or authorized access with a selected data repository is established and an initial set of results determined to be relevant to the request is obtained [Col 10 lines 32-52]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee to include prompting, prior to the determining, the user for authorization to access the data locally- stored on the device; and receiving, in response to the prompting, user input authorizing access to the data locally- stored on the device as disclosed by Smith. One of ordinary skill in the art would have been motivated for the purpose of trusting the accuracy of digital information and the sources from which the digital information is obtained. Providing credentials limiting to a read-only access privilege, though other privileges (e.g., write access) enabled for various purposes (Smith [Col 1 lines 7-25] [Col 15 lines 1-10]).

Re. claim 5, Lee-Smith teach the method of claim 1, Smith further teaches wherein the service provider is configured to authenticate the user for service based on the verified claim and the confidence assessment (Smith teaches The claim verification system can access data repositories having digital information stored thereon. the data in each data repository can be searched to identify and retrieve relevant pieces of information about a target entity (e.g., an advertising target) based on a received request to verify a claim about the target entity [Col 4 lines 1-12]. Generate, for third-parties or users, a proof and attestation notification that verifies claims about entities with a calculated and reliable level of certainty [Col 1 line 49 – Col 2 line 20]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee to include teaches wherein the service provider is configured to authenticate the user for service based on the verified claim and the confidence assessment as disclosed by Smith. One of ordinary skill in the art would have been motivated for the purpose of trusting the accuracy of digital information and the sources from which the digital information is obtained (Smith [Col 1 lines 7-25]).

Re. claim 6, Lee-Smith teach the method of claim 5, wherein the service provider is further configured to authenticate the user for service based on an assessment of the plural data fields by at least one of an identity verification provider or an overall account assessment service (Lee discloses the request for service preferably includes the SP-signed certificate received from the sign-up server 30 corresponding to the service provider server 32. the service module 88 authenticates the SP-signed certificate, determines whether the requested service is subscribed to (e.g., paid for), and if so, provides the subscribed-to service to the user device [0061]).

Re. claim 9, Lee discloses a device, comprising: at least one processor (Lee discloses processor [0026]); and a memory including instructions that, when executed by the at least one processor (memory 42 is a processor-readable storage medium that may store the software 48 which is processor-readable, processor-executable software code containing instructions that are configured to, when executed, cause the processor 40 to perform various functions [0026]), cause the at least one processor to: send, to a service provider, a request for a service provided by the service provider (The user device sends a request for service to the service module 88. The request for service preferably includes the SP-signed certificate received from the sign-up server 30 corresponding to the service provider server 32, i.e., that is part of the same service provider system 18 as the service provider server 32 to which the request is sent [0062]); 
receive, from the service provider and in response to the sending the request for the service, a request for a verified claim (At stage 186, the sign-up module 84 sends the SP-signed certificate (or an indication of the denial of such a certificate) to the user device 12 [0060] (SP-signed certificate interpreted as verified claim) Please see 112 rejection), the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with to the device (The module 84 is preferably configured to use at least some of the user information to produce the SP certificate. The module 84 may produce the SP certificate to include content and/or formatting that is server specific, user specific, subscription specific, service -provider specific, and/or device specific. User-specific content is information pertaining to (e.g., identifying, associated with, provided by) the user of the user device 12. Device-specific content is information in addition to the device ID and the device public key that is associated with the user device 12 that is used to subscribe to the service (e.g., device manufacturer, device model, one or more device capabilities (e.g., quantity of display pixels), etc.) [0037]. The SP-signed certificate module 86 is configured to receive the signing request from the module 84, with the signing request including the SP certificate, sign the SP certificate to produce an SP-signed certificate, and send the SP-signed certificate to the sign-up module 84 [0038]).
Although Lee discloses verified claim to the service provider, Lee does not explicitly teach but Smith teaches in response to the receiving, determine a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on a device (Smith teaches a data repository can include one or more local computing devices or remote computing devices, each accessible to the server 110 directly or indirectly via network 120 [Col 5 lines 24-52]. The claim verification system can access data repositories having digital information stored thereon. the data in each data repository can be searched to identify and retrieve relevant pieces of information about a target entity (e.g., an advertising target) based on a received request to verify a claim about the target entity [Col 4 lines 1-12]. an associated set of keywords that can describe an entity associated with the data repository or the type or context of data stored in the data repository. The keywords associated with a data repository can be searched by accessing the data repository, or can be stored locally in a memory of the server 110. scores, ranks, or numbers of matching terms, are some non-limiting examples of values that can be compared relative to one another, or to predefined thresholds, to determine that a data repository is relevant to the received request [Col 9 lines 18-36]), and send the confidence assessment and the verified claim to the service provider (Smith teaches notification that verifies claims about entities with a calculated and reliable level of certainty. The claim verification system can access data repositories having digital information stored thereon. The claim verification system can determine if any of the results at least partially correspond to, or in other words, verify any portion of the claim about the entity or subject. The claim verification system can also calculate a veracity score for the claim based on a determined likelihood that the results support the veracity (e.g., factual accuracy) of the claim. The claim verification system can also generate an attestation notification, which can include or be associated with the calculated veracity score. The attestation notification can indicate whether the claim is true (e.g., by reciting the claim or a corresponding claim), and in some aspects, provide a calculated level of certainty that the claim is in fact true. The generated attestation notification can then be communicated back to the requesting device [Col 1 line 49 – Col 2 line 20]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee to include in response to the receiving, determining a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on the device, and sending the confidence assessment and the verified claim to the service provider as disclosed by Smith. One of ordinary skill in the art would have been motivated for the purpose of trusting the accuracy of digital information and the sources from which the digital information is obtained (Smith [Col 1 lines 7-25]).

Re. claim 10, rejection of claim 9 is included and claim 10 is rejected with the same rationale as applied in claim 2.

Re. claim 12, rejection of claim 9 is included and claim 12 is rejected with the same rationale as applied in claim 4.

Re. claim 13, rejection of claim 9 is included and claim 13 is rejected with the same rationale as applied in claim 5.

Re. claim 14, rejection of claim 13 is included and claim 14 is rejected with the same rationale as applied in claim 6.

Claims 17, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 20160365984, hereinafter Lee) in view of Smith et al. (US 10956932, hereinafter Smith), and in further view of Khalil et al. (US 20190044940, hereinafter Khalil).

Re. claim 17, Lee discloses a computer program product comprising code stored in a tangible computer- readable storage medium (Lee discloses computer readable medium [0067]), the code comprising: code to send, to a service provider, a request for a service provided by the service provider (The user device sends a request for service to the service module 88. The request for service preferably includes the SP-signed certificate received from the sign-up server 30 corresponding to the service provider server 32, i.e., that is part of the same service provider system 18 as the service provider server 32 to which the request is sent [0062]); 
code to receive, from the service provider and in response to the sending, a request for a verified claim (At stage 186, the sign-up module 84 sends the SP-signed certificate (or an indication of the denial of such a certificate) to the user device 12 [0060] (SP-signed certificate interpreted as verified claim) Please see 112 rejection), the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with the device (The module 84 is preferably configured to use at least some of the user information to produce the SP certificate. The module 84 may produce the SP certificate to include content and/or formatting that is server specific, user specific, subscription specific, service -provider specific, and/or device specific. User-specific content is information pertaining to (e.g., identifying, associated with, provided by) the user of the user device 12. Device-specific content is information in addition to the device ID and the device public key that is associated with the user device 12 that is used to subscribe to the service (e.g., device manufacturer, device model, one or more device capabilities (e.g., quantity of display pixels), etc.) [0037]. The SP-signed certificate module 86 is configured to receive the signing request from the module 84, with the signing request including the SP certificate, sign the SP certificate to produce an SP-signed certificate, and send the SP-signed certificate to the sign-up module 84 [0038]).
Although Lee discloses verified claim to the service provider, Lee does not explicitly disclose but Smith discloses code to, in response to the receiving, determine a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on a device (Smith teaches a data repository can include one or more local computing devices or remote computing devices, each accessible to the server 110 directly or indirectly via network 120 [Col 5 lines 24-52]. The claim verification system can access data repositories having digital information stored thereon. the data in each data repository can be searched to identify and retrieve relevant pieces of information about a target entity (e.g., an advertising target) based on a received request to verify a claim about the target entity [Col 4 lines 1-12]. an associated set of keywords that can describe an entity associated with the data repository or the type or context of data stored in the data repository. The keywords associated with a data repository can be searched by accessing the data repository, or can be stored locally in a memory of the server 110. scores, ranks, or numbers of matching terms, are some non-limiting examples of values that can be compared relative to one another, or to predefined thresholds, to determine that a data repository is relevant to the received request [Col 9 lines 18-36]), and send the confidence assessment and the verified claim to the service provide r(Smith teaches notification that verifies claims about entities with a calculated and reliable level of certainty. The claim verification system can access data repositories having digital information stored thereon. The claim verification system can determine if any of the results at least partially correspond to, or in other words, verify any portion of the claim about the entity or subject. The claim verification system can also calculate a veracity score for the claim based on a determined likelihood that the results support the veracity (e.g., factual accuracy) of the claim. The claim verification system can also generate an attestation notification, which can include or be associated with the calculated veracity score. The attestation notification can indicate whether the claim is true (e.g., by reciting the claim or a corresponding claim), and in some aspects, provide a calculated level of certainty that the claim is in fact true. The generated attestation notification can then be communicated back to the requesting device [Col 1 line 49 – Col 2 line 20].
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee to include in response to the receiving, determining a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on the device, and sending the confidence assessment and the verified claim to the service provider as disclosed by Smith. One of ordinary skill in the art would have been motivated for the purpose of trusting the accuracy of digital information and the sources from which the digital information is obtained (Smith [Col 1 lines 7-25]).
Although Lee-Smith discloses that digital certificate is signed by a server, Lee-Smith do not explicitly teach but Khalil teaches being a digital certificate signed by a server that is independent of the service provider (Khalil teaches signing the authentication challenge and the digital certificate to the identity management service device [0019] Figs 1a and 1b, Fig. 1b shows a separate server and service provider).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee-Smith to include being a digital certificate signed by a server that is independent of the service provider as disclosed by Khalil. One of ordinary skill in the art would have been motivated for the purpose of to authenticate the identity of the user of the user device (Khalil [0019] [0021]).

Re. claim 18, rejection of claim 17 is included and claim 18 is rejected with the same rationale as applied in claim 2.

Re. claim 20, rejection of claim 17 is included and claim 20 is rejected with the same rationale as applied in claim 4.
Claims 3 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 20160365984 hereinafter Lee) in view of Smith et al. (US 10956932 hereinafter Smith), and in further view of Kragh (US 9805213).

Re. claim 3, Lee-Smith teach the method of claim 1, Although Lee-Smith discloses locally-stored data and content, Lee-Smith do not explicitly teach but Kragh teaches wherein the locally-stored data comprises at least one of email content, message content, social networking content or third party application content corresponding to the plural data fields in the verified claim (Kragh teaches a unique secure email extension and address are generated (block 139) that function separately, for identity protection, and are separate and distinct from the current "user name," which is the email address used in the identity proofing process [Col 16-4-11]. Once a person has been authenticated with a credentialed identity, the teachings of the present invention fine tune an email feature, by way of example, with additional authenticated micro object attribute features, such as presented with an electronic time-date stamped post mark which is an embedded email-authenticated object attribute, issued by the United States Post Office, by way of example. A second attribute feature reinforces the validation of a user's demographic information using an "elink authentication" process by creating a unique email address incorporating USPS.Gov as text along with the user's address [Col 27 lines 50-65]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee-Smith to include wherein the locally-stored data comprises at least one of email content, message content, social networking content or third party application content corresponding to the plural data fields in the verified claim as disclosed by Kragh. One of ordinary skill in the art would have been motivated for the purpose of further enhancing the security of accessing data (Kragh [Col 4 lines 20-25]).
Re. claim 11, rejection of claim 9 is included and claim 11 is rejected with the same rationale as applied in claim 3.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 20160365984 hereinafter Lee) in view of Smith et al. (US 10956932 hereinafter Smith), Khalil et al. (US 2019044940, hereinafter Khalil), and in further view of Kragh (US 9805213).

Re. claim 19, Lee-Smith-Khalil teach the computer program product of claim 17, Lee-Smith-Khalil discloses locally-stored data and content, Lee-Smith-Khalil do not explicitly teach but Kragh teaches wherein the locally-stored data comprises at least one of email content, message content, social networking content or third party application content corresponding to the plural data fields in the verified claim (Kragh teaches a unique secure email extension and address are generated (block 139) that function separately, for identity protection, and are separate and distinct from the current "user name," which is the email address used in the identity proofing process [Col 16-4-11]. Once a person has been authenticated with a credentialed identity, the teachings of the present invention fine tune an email feature, by way of example, with additional authenticated micro object attribute features, such as presented with an electronic time-date stamped post mark which is an embedded email-authenticated object attribute, issued by the United States Post Office, by way of example. A second attribute feature reinforces the validation of a user's demographic information using an "elink authentication" process by creating a unique email address incorporating USPS.Gov as text along with the user's address [Col 27 lines 50-65]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee-Smith-Khalil to include wherein the locally-stored data comprises at least one of email content, message content, social networking content or third party application content corresponding to the plural data fields in the verified claim as disclosed by Kragh. One of ordinary skill in the art would have been motivated for the purpose of further enhancing the security of accessing data (Kragh [Col 4 lines 20-25]).

Claims 7-8 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 20160365984, hereinafter Lee) in view of Smith et al. (US 10956932, hereinafter Smith), and in further view of Uhr et al. (US 20180294977, hereinafter Uhr).

Re. claim 7, Lee-Smith teach the method of claim 1, Lee-Smith do not explicitly teach but Uhr teach wherein the verified claim corresponds to a Merkle tree with nodes storing the plural data fields to identify the user (Uhr teaches the DB part 310 may store sequentially and cumulatively, the personal information for each user, the public key, and the node hash information by user acquired by hashing the personal information and the public key, may include the DB 311 for registration information that stores identification information of the specific root hash value for registration which is a root hash value of a Merkle tree containing the stored node hash information [0126]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee-Smith to include wherein the verified claim corresponds to a Merkle tree with nodes storing the plural data fields to identify the user as disclosed by Uhr. One of ordinary skill in the art would have been motivated for the purpose of search the specific transaction information for monitoring forgery, and sending the specific transaction information for monitoring forgery to the blockchain (Uhr [0002]).

Re. claim 8, Lee-Smith-Uhr teach the method of claim 7, Lee-Smith do not explicitly teach but Uhr teach wherein the Merkle tree is configured for selective sharing of the plural data fields based on the nodes (Uhr teaches thereby acquire the node hash information, and may allow the node hash information of the specific user, who requested the revocation, to be included in the Merkle tree corresponding to the root hash value for registration which is also included in the transaction information for monitoring forgery transmitted to and registered in the distributed DB, i.e., the blockchain nodes [0198]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Lee-Smith to include wherein the Merkle tree is configured for selective sharing of the plural data fields based on the nodes as disclosed by Uhr. One of ordinary skill in the art would have been motivated for the purpose of search the specific transaction information for monitoring forgery, and sending the specific transaction information for monitoring forgery to the blockchain (Uhr [0002]).

Re. claim 15, rejection of claim 9 is included and claim 15 is rejected with the same rationale as applied in claim 7.

Re. claim 16, rejection of claim 15 is included and claim 16 is rejected with the same rationale as applied in claim 8.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Wang (US 20200084211) discloses devices for an authentication of an identity of a user. The client device determines an authentication proxy associated with the service provider, and sends, to the associated authentication proxy, the identifier and a first request for an authentication of an identity of a user associated with the client device.
Shah et al. (US 20170374070) discloses MFAS is authenticated by a server side self-signed certificate by the MFAP.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496        
                                                                                                                                                                                                /ABU S SHOLEMAN/Primary Examiner, Art Unit 2496