DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/06/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. filed in EP 19170046.7 on 04/18/2019.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Oberhouser et al(US 20180234433 A1:IDS supplied).


receiving, by an identity application of a client device, personal data of a user ([0026] Additionally, or alternatively, the PDS may provide one or more application programming interfaces (API) that may be invoked by a software application such as a mobile or web application. For instance, when the user downloads an app and attempts to open an account, the app may invoke an API of the PDS to initiate an identity verification process. The app may inform the PDS which entity is requesting a verification, and/or which items of personal data are to be verified.); 
computing, via a cryptographic hash function, one or more cryptographic hashes from elements of the personal data ([0073] In some embodiments, an attribute may be retrieved from the data source 312, and a cryptographic one-way function may be applied to a value of the attribute to derive a proof of the attribute. The proof and/or relevant metadata (e.g., a timestamp indicative of when the proof is generated), but not the value itself, may be included in the attribute attestation 310. In this manner, the attribute attestation 310 may be published to the distributed ledger without exposing the value of the attribute. [0071] In some embodiments, an attribute may include an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc.); 
storing the cryptographic hashes, an internal identifier and a timestamp as an entry in a distributed database, wherein the internal identifier is unique within the distributed database ([0073] In some embodiments, an attribute may be retrieved from the data source 312, and a cryptographic one-way function may be applied to a value of the attribute to derive a proof of the attribute. The proof and/or relevant metadata (e.g., a timestamp indicative of when the proof is generated), but not the value itself, may be included in the attribute attestation 310. In this manner, the attribute attestation 310 may be published to the distributed ledger without exposing the value of the attribute.); 
receiving a user request from the user ([0137] FIG. 7 shows an illustrative process 700 for counterparty checks, in accordance with some embodiments. In this example, a user A may interact with a user B. For instance, the user A may be a buyer in a real estate transaction, and the user B may be the seller. The process 700 may be initiated by either the user A or the user B.); 
selecting one or more of the elements of personal data for verification ([0140] At act 710, the PDS of the user A and the PDS of the user B may exchange personal data (e.g., full names, home addresses, email addresses, phone numbers, etc.), and/or references to respective DIRs. If badges are used to organize attribute attestations, labels of respective badges may also be exchanged. In some embodiments, the same set of personal data may be provided from either side. However, that is not required, as the user A may request information from the user B that is not requested by the user B from the user A, and vice versa. [0141]);
 requesting verification of the selected elements of personal data ([0141] In some embodiments, the DIR of the user A may use the information received from the user B to 
determining an authorization indication in response to the verification request ([0056] In some embodiments, the user interface 202 and the personal data management component 208 may allow the user to specify and/or approve sharing of one or more items of personal data with another entity.);
when the authorization indication indicates that the verification request has been allowed, verifying the selected elements of personal data using cryptographic hashes from the entry in the distributed database ([0056]; [0141] In some embodiments, the DIR of the user A may use the information received from the user B to look up an attribute attestation from the distributed ledger and perform one or more checks. For instance, the DIR of the user A may check that an entity that verified the attribute attestation is trustworthy, the attribute attestation is in a VERIFIED state, a cryptographic proof in the attribute attestation is generated, using an algorithm specified in a badge containing the attribute attestation, from a corresponding attribute value received from the user B, and/or the attribute attestation is signed by the verifying entity. The DIR of the user B may perform similar checks). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made 

With regards to claim 2,15 Oberhouser discloses, wherein communication with the distributed database is processed via at least one distribution service, wherein the distribution service provides access to the distributed database and handles updates to the distributed database (FIG 5 , 7  and associated text; ).

With regards to claim 3, 16 Oberhouser discloses,, wherein the distributed database includes one or more of the following: a peer-to-peer network, a distributed ledger (FIG 5 , 7  and associated text;) and a distributed hash table.

With regards to claim 4,17 Oberhouser discloses, wherein the authorization indication is received from the identity application or from the distribution service ([0056] In some embodiments, the user interface 202 and the personal data management component 208 may allow the user to specify and/or approve sharing of one or more items of personal data with another entity. Additionally, or alternatively, the personal data management component 208 may apply one or more rules to manage sharing of one or more items of personal data with another entity.), when the authorization indication is received from the distribution service, basing the authorization indication on information received from the identity application by the distribution service ( FIG 4 and associated text; ).

wherein a plurality of cryptographic hashes are computed from the elements of personal data, wherein at least one of the cryptographic hashes is computed from a combination of elements of the personal data and/or at least one of the cryptographic hashes is computed from all of the elements of personal data; wherein the selected elements of personal data include the combination of elements ([0073] In some embodiments, an attribute may be retrieved from the data source 312, and a cryptographic one-way function may be applied to a value of the attribute to derive a proof of the attribute. The proof and/or relevant metadata (e.g., a timestamp indicative of when the proof is generated), but not the value itself, may be included in the attribute attestation 310. In this manner, the attribute attestation 310 may be published to the distributed ledger without exposing the value of the attribute. [0071] In some embodiments, an attribute may include an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc).

With regards to claim 6, Oberhouser discloses, storing the personal data and the internal identifier in a memory of the distributed system by encrypting the personal data and the internal identifier in an encrypted database in the memory of the distributed system (FIG 3 and associated text; ). However Oberhouser failed to store encrypted the personal data and the internal identifier in client side.  But, It would have 

With regards to claim 7, Oberhouser discloses, when the user request is received by a provider device, the verifying comprises sending one or more messages from the distribution service to the provider device via an application protocol; wherein the application protocol may have one or more of the following characteristics: asynchronous and/or non-blocking, bi-directional, full-duplex, TCP-based, HTTP-compatible (FIG 1 and associated text; [0124] In some embodiments, prior to initiating the process 500, the user may communicate with the trusted entity via one or more off-ledger interfaces in an application layer (e.g., the illustrative application layer shown in FIG. 1). For example, the user may visit the trusted entity's web site, and/or download and launch an app of the trusted entity. Such communication in the application layer may cause a PDS of the user or a PDS of the trusted entity to initiate, at act 505, a handshake in a privacy layer (e.g., the illustrative privacy layer shown in FIG. 1). Via this handshake, the PDS of the trusted entity may confirm that the trusted entity will be responsible for verifying one or more attribute values. ).

With regards to claim 8, Oberhouser discloses, when the user request is received by a provider device and the provider device includes a remote computer, authenticating, by the provider device ([0027] In some embodiments, a PDS may be  prior to requesting the verification, the user by means of the internal identifier ([0030] In some embodiments, a trust structure may be provided to allow attestations (e.g., identity attestations) to be relied upon across multiple entities, thereby reducing redundancies. For instance, if a user has completed an identity verification process with a first organization (e.g., a government agency such as a Department of Motor Vehicles, or DMV), and is attempting to open an account with a second organization (e.g., a utility company), an identity verification process for the second organization may be greatly simplified, as long as the second organization trusts the first organization. Accordingly, in some embodiments, techniques are provided for implementing a trust structure that allows an organization to simply check that an item of personal data has been verified by another organization, without having to verify that item of personal data again.).
Allowable Subject Matter
Claims 9-13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498