Detailed Action
 	Claims 1-21 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 19 is objected to because it contains a typographical error in the following sentence “the indication to install a digital identity app is in received”. Correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of copending Application No. 16/365396. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the copending application anticipate or render obvious the claims in the instant application.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-16, 18, 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Eberwine et al (US Pub.No.2015/0350913).

Re Claim 1. High discloses a system for credential authentication, comprising: an interface configured to: receive a create indication to create a badge credential (i.e. controlling access to a locked space may begin at step 301 wherein an access code and a private key are generated by the computing system 120. Step 302 hashes the access code so that a size of the data can be uniform, or a fixed size. Step 303 encrypts the hashes access code with a public key to create a digital signature. The digital signature may be stored on the blockchain, to ensure that the hashed access code is not modified) [High, para.0045] representing an employee badge (i.e. For example, a previously authenticated receiving device possessed by a repairman may approach a locked space, such as a front door of a home. A camera positioned proximate the front door of the home may capture an image of a badge or other credentials of the repairman to verify that the authenticated receiving device 112 is possessed by the actual repairman) [High, para.0036]; and receive a claim indication from an authentication device to claim the badge credential (i.e.  Authentication may include accessing the authentication database 113 and/or accessing the publicly distributable transactions ledger 113 i.e. blockchain. Step 305 transmits the private key and digital signature to authenticated receiving device 112) [High, para.0045]; and a processor configured to: provide the badge credential to the authentication device in response to the claim indication (i.e. step 306 instructs the authenticated receiving device 112 to decrypt the digital signature the authenticated using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system 120) [High, para.0046]; receive a proof response from the authentication device comprising the badge credential (i.e. The receiving device 112 may then obtain the hashed access code, and then transmit the hashed access code to the computing system 120) [High, para.0046] and a lock identifier (i.e. the receiving device 112 may be required to scan a unique identifier of the locked space or locked device before requesting access) [High, para.0026]; validate the proof response using a distributed ledger (i.e. Prior to communicating with the locking mechanism 111 to unlock the locked space, the computing system 120 may access the blockchain to confirm that the hashed access code received from the receiving device matches the hashed access code stored on the blockchain ) [High, para.0046]; and provide a token for unlocking a lock associated with the lock identifier (i.e. transmitting the hashed access code to the computing system, so that the computing system 120 sends a signal to the locking mechanism 111 to actuate a locking device to provide access to the locked space) [High, para.0028].
High does not explicitly disclose whereas Eberwine does: to the authentication device (i.e. At step 206, the access control system 106 will communicate a control system payload to the administrative mobile device 102a. The control system payload may contain a variety of different types of information such as, for example, one or more unique credential identifiers, access permissions, and/or a configuration permission……………. At step 212, with the lock device 104 in the enrollment mode, and a connection between the lock device 104 and the administrative mobile device 102a is established, the administrative mobile device 102a may be used in the communication of the encrypted control system payload from the administrative mobile device 102a to the lock device  ) [Eberwine, para.0025-0026].
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High with Eberwine because in Eberwine different levels of permissions are provided so that an administrative mobile device 102a may be granted authority or a permission level in connection with administrative tasks relating to managing and/or configuring the lock devices 104 of the system 100, while user mobile devices 102b may be configured for general use of the lock devices 104 such as, for example, at least day-to-day routine operation or use of the lock device [Eberwine, para.0020].

Re Claim 2. High in view of Eberwine discloses the system of claim 1, Eberwine further discloses: wherein the create indication to create a badge credential is associated with an email address (i.e.  the access control system 106 may be provided with identification information relating to the user mobile device 102b and/or the associated user such as, for example, contact information such as a phone number or email address associated with the user) [Eberwine, para.0031].
 The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claim 3. High in view of Eberwine discloses the system of claim 1, Eberwine further discloses: wherein the claim indication from the authentication device to claim the badge credential is associated with an email address (i.e. an invitation to join the system 100 from the access control system 106 and/or the administrative mobile device 102a may be communicated to the user mobile device 102b. According to certain embodiments, the invitation may be communicated to a phone number or email address associated with the user and/or the user mobile device) [Eberwine, para.0032].
The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claim 4. High in view of Eberwine discloses the system of claim 1, High further discloses: wherein the processor is further configured to verify the badge credential is associated with the authentication device (i.e. Prior to communicating with the locking mechanism 111 to unlock the locked space, the computing system 120 may access the blockchain to confirm that the hashed access code received from the receiving device matches the hashed access code stored on the blockchain) [High, para.0046].

Re Claim 6. High in view of Eberwine discloses the system of claim 1, High further discloses: wherein the proof response is received in response to a token request provided to the authentication device by the lock system associated with the lock (i.e. While the receiving device 112 may need to be authenticated by the computing system 120 prior to unlocking the locked space, authentication alone may not be sufficient for accessing the locked space. Embodiments of the computing system 120 may include a decryption module 133, which may include one or more components of hardware and/or software program code for transmitting a private key (or public key) and a digital signature to an authenticated receiving device 112. For instance, embodiments of the decryption module 133 may transmit the private key and the digital signature to the receiving device 112 so that the receiving device 112 can decrypt the digital signature using the private key to obtain the hashed access code or access code. Because the digital signature represents an encrypted hashed access code or encrypted access code that was encrypted using the public key (or alternatively the private key), the private key (or alternatively the public key) may be used to decrypt the digital signature to obtain the hashed access code or access code. In an exemplary embodiment, the decryption module 133 may instruct the receiving device 112, upon transmission of the private key and the digital signature, to decrypt the digital signature and obtain the hashed access code) [High, para.0037].

Re Claim 7. High in view of Eberwine discloses the system of claim 6, Eberwine further discloses: wherein the token request is provided in response to an authentication device request to unlock the lock (i.e. the locking mechanism 111 may receive a signal from the computing device 120 to lock or unlock the locked space,) [Eberwine, para.0019].
The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claim 8.  High in view of Eberwine discloses the system of claim 1, Eberwine further discloses: wherein the authentication device and the lock system associated with the lock communicate using a wireless protocol (i.e. For example, according to certain embodiments, the lock device 104 may have a transceiver 118 that allows for Bluetooth low energy communication between the mobile device 102 and the lock device 104. Further, according to certain embodiments, the mobile device 102 and the lock device 104 may communication via NFC and/or WiFi (such as WiFi Direct)) [Eberwine, para.0021].
The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claim 9.  High in view of Eberwine discloses the system of claim 8, Eberwine further discloses: wherein the wireless protocol comprises Bluetooth, NFC, or Zigbee (i.e. For example, according to certain embodiments, the lock device 104 may have a transceiver 118 that allows for Bluetooth low energy communication between the mobile device 102 and the lock device 104. Further, according to certain embodiments, the mobile device 102 and the lock device 104 may communication via NFC and/or WiFi (such as WiFi Direct)) [Eberwine, para.0021].
The same motivation to modify with Eberwine, as in claim 1, applies.
 
Re Claim 10.  High in view of Eberwine discloses the system of claim 1, High further discloses: wherein validating the proof response comprises determining that the badge credential is satisfactory to unlock the lock associated with the lock identifier (i.e. the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037].

Re Claim 11.  High in view of Eberwine discloses the system of claim 1, High further discloses: wherein validating the proof response comprises determining that the badge credential comprises a valid signature (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037].

Re Claim 12. High in view of Eberwine discloses the system of claim 11, High further discloses: wherein determining that the badge credential comprises a valid signature comprises querying a distributed ledger (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037].

Re Claim 13.  High in view of Eberwine discloses the system of claim 1, High further discloses: wherein validating the proof response comprises determining that the badge credential is not expired (i.e. wherein the locked space is accessible for a limited time, and when the limited time passes, the private key is no longer valid to gain access to locked space) [High, claim 3].

Re Claim 14.  High in view of Eberwine discloses the system of claim 1, High further discloses: wherein validating the proof response comprises determining that the badge credential is not revoked by looking in the distributed ledger (i.e. The computing system 120 can treat the hashed access code as one cryptocurrency unit, and when the hashed access code is sent to the computing system 120, the lone cryptocurrency unit is spent. Any attempt to resend the hashed access code will not be successful in gaining access because the computing system 120 will access the blockchain, which by virtue of the distributed ledger, will not issue a consensus that the receiving device 112 has a remaining cryptocurrency to spend on gaining access to a particular locked space) [High, para.0033]. 

Re Claim 15. High in view of Eberwine discloses the system of claim 1, Eberwine further discloses: wherein the authentication device provides the token to the lock system associated with the lock (i.e. the administrative mobile device 102a may be used in the communication of the encrypted control system payload from the administrative mobile device 102a to the lock device) [Eberwine, para.0025-0026].
The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claim 16. High in view of Eberwine discloses the system of claim 15, Eberwine further discloses: wherein the lock system associated with the lock unlocks the lock in response to receiving the token (i.e. If, however, the comparison(s) performed at step 322 indicates that the compared information or data is the same, similar, and/or related, then at step 330 the lock device 104 may evaluate the permission level of the user mobile device 102b that was contained in the encrypted user mobile device payload and validate that the user mobile device 102b has the permission or authority to complete the action that the user mobile device 102b is attempting to complete. If the user mobile device 102b does not have permission or authority to complete the action, then at step 332 the lock device 104 may terminate communications with the user mobile device 102b and/or deny the user mobile device 102b access to the lock device 104. If, however, the lock device 104 determines that the user mobile device 102b is authorized to complete the action, then at step 334 communication between the lock device 104 and the user mobile device 102b may continue as needed to complete the authorized action) [Eberwine, para.0038].
The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claim 18.  High in view of Eberwine discloses the system of claim 1, Eberwine further discloses: wherein the claim indication from an authentication device to claim the badge credential is provided in response to an indication to install a digital identity app (i.e. The invitation may include a variety of information including, for example, an invitation to download an application 136 onto the user mobile device 102b and/or to register with the access control system 106. If the user elects to join the system 100, then at step 308, the application 136 may be downloaded to the user mobile device 102b, and the user may enroll in the access control system 106……………………. the access control system 106 may encrypt the user mobile device payload using the master key and a user mobile device identifier. Moreover, according to certain embodiments, the access control system 106 may encrypt the user mobile device payload using the master key, a user mobile device identifier, and the diversification algorithm to generate the user diversification key. The encrypted user mobile device payload may include a variety of information including, for example, one or more user mobile device identifiers and other information needed for the user mobile device 102b to work with the lock device 104 including, for example, information indicating the permission level assigned to the user mobile device 102b, credential identifiers, a lock identifier) [Eberwine, para.0032-0033].
The same motivation to modify with Eberwine, as in claim 1, applies.

Re Claims 20 and 21. These claims recite features similar to those recited in claim 1, therefore they are rejected in a similar manner.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Eberwine et al (US Pub.No.2015/0350913), as applied to claim 4, and further in view of Burch et al (US Pub.No.2015/0278500).

Re Claim 5.  High in view of Eberwine discloses the system of claim 4, High in view of Eberwine does not explicitly disclose whereas Burch does: wherein verifying the badge credential is associated with the authentication device comprises comparing a badge credential email address with an authentication device email address (i.e.  In an embodiment, at 313, the proxy compares an email address associated with the principal that is received with the request to information included with the access token as part of the validating) [Burch, para.0075].
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Eberwine with Burch because in Burch, Once the PSAO is created and stored, it can be delivered to the external principal in a variety of customized manners, such as via an email to the external principal (external principal being a different user from the user that created the PSAO) [Burch, para.0034].

Claims 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Eberwine et al (US Pub.No.2015/0350913), as applied to claims 1 and 18, and further in view of Liebl et al (US Pub.No.2015/0288694).

Re Claim 17.  High in view of Eberwine discloses the system of claim 1, High in view of Eberwine does not explicitly disclose whereas Liebl does: wherein the indication to create a badge credential is provided by a human resources system employee startup process (i.e. consider a scenario in which Technology Company (604) has hired a new employee (614). The new employee requires access to several laboratories in order to perform the new job. The laboratories may be accessed via a lab access door (616). Technology Company (604) acts as the resource control entity, controlling access to the resource which, in the present example, is a laboratory……………………………. In order to enroll the new employee in the user authentication process, Technology Company (604) sends an enrollment request, corresponding to the new employee (614), to a ledger (612) of a transaction authentication system (610). The enrollment request includes a user identifier and a user email address. The user identifier and user email address are stored in the ledger repository (not shown) as user metadata. In response to the enrollment request, the ledger (612) generates an enrollment invitation, which is transmitted to the new employee (614) via email. At this time, the ledger also generates a partial credential and twenty UTK-LTK pairs, each of which are associated with the user metadata and stored in the ledger repository. Once the new employee (614) receives the enrollment invitation, the new employee follows instructions therein to obtain a credential application (602) from an app store (not shown) that provides apps for the new employee's smartphone (600). Once the new employee (614) obtains the credential application (602) and installs it on the new employee's smartphone (600), the new employee sends an indication (e.g., to the ledger via the credential application) that the new employee would like to accept the invitation) [Liebl, para0100-0102].
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Eberwine with Liebl because it facilitates authentication of an employee to allow access to an employer’s resource: After the partial credential and UTKs are received by the credential application (602), the new employee (614) interacts with the credential application executing on the smartphone (600) to provide signatures corresponding to the various aforementioned factors of authentication associated with lab access [Liebl, para.0103].

Re Claim 19. High in view of Eberwine discloses the system of claim 18, High in view of Eberwine does not explicitly disclose whereas Liebl does: wherein the indication to install a digital identity app is in received as part of a human resources system employee startup process (i.e. consider a scenario in which Technology Company (604) has hired a new employee (614). The new employee requires access to several laboratories in order to perform the new job. The laboratories may be accessed via a lab access door (616). Technology Company (604) acts as the resource control entity, controlling access to the resource which, in the present example, is a laboratory……………………………. Once the new employee (614) receives the enrollment invitation, the new employee follows instructions therein to obtain a credential application (602) from an app store (not shown) that provides apps for the new employee's smartphone (600). Once the new employee (614) obtains the credential application (602) and installs it on the new employee's smartphone (600), the new employee sends an indication (e.g., to the ledger via the credential application) that the new employee would like to accept the invitation) [Liebl, para0100-0102].
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Eberwine with Liebl because it facilitates authentication of an employee to allow access to an employer’s resource: After the partial credential and UTKs are received by the credential application (602), the new employee (614) interacts with the credential application executing on the smartphone (600) to provide signatures corresponding to the various aforementioned factors of authentication associated with lab access [Liebl, para.0103].

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285. The examiner can normally be reached Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434