Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant's submission filed on 12/14/2021 has been entered.   Claims 21-40 are pending.
Terminal Disclaimer
The terminal disclaimer filed on 12/14/21 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Application No. 16/197,797 and U.S. Patent No. 10,142,338 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
 Response to Arguments
Applicant's arguments filed 12/14/2021 have been fully considered but they are not persuasive. 
On pages 9-11 of the Remarks, the Applicants argue that Guccione, Vanczak, and Balazs fail to disclose or suggest "receiving, at the server over the electronic network, authentication data associated with the user, wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user, wherein the status identifier is pending, active, suspended, and/or revoked," as recited in independent claim 21.
In response, the Examiner respectfully submits that Guccione discloses a system and/or method to authenticate a user or device using multi-factor authentication based on a predetermined assurance level.  Guccione discloses a service provider or a master (FIG. 1 & 3, ¶ [0038]-[0039], [0050], [0068]-[0069], [0145]).  As such the combination of Guccione and Vanczak discloses the claimed limitation “receiving, at the server over the electronic network, authentication data associated with the user, wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user, wherein the status identifier is pending, active, suspended, and/or revoked" and Balazs is not relied on to disclose the claimed “assurance level”.
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-24, 28-31 and 35-38 are rejected under 35 U.S.C. 103 as being unpatentable over Guccione et al. (US 2015/0319156 hereinafter Guccione) in view of Vanczak (US 2016/0189147).
Regarding claim 21, Guccione discloses computer-implemented method for online authentication of online attributes, the method including: 
receiving, at a server over an electronic network, an authentication request from a relying party, the authentication request including identity information to be authenticated and credential information to be authenticated (FIG 4 & 11, ¶ [0023]-[0024], [0052], [0069]; i.e. receiving at the master Idp from the service provider an user authentication request including user identity and association key, 2-factor required, assurance level or user proof of presence); 
determining, by the server, whether a user account is associated with the received identity information by accessing an internal database (FIG. 4 & 11, ¶ [0037], [0052]; i.e. mapping the user identity with the use identity known by other Idp server(s) and/or mapping user identity to other identities correspond to other identity providers); 
transmitting, by the server over the electronic network to a user associated with the user account, a request for authentication data (FIG. 2, 4  & 11, ¶ [0024], [0053]-[0054]; i.e. requesting or redirecting user for multi-factor authentication); 
receiving, at the server over the electronic network, authentication data associated with the user (FIG. 2, 4-5 & 11, ¶ [0024], [0053]-[0054]; i.e. receiving user multi-factor authentication or login credentials), wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user, wherein the status identifier is pending, active, suspended, and/or revoked; 
transmitting, by the server over the electronic network to a verification data source server, authentication data associated with the user (FIG. 2, 4-5 & 11, ¶ [0024], [0053]-[0054]; i.e. requesting other identity providers perform designated user multi-factor authentication or login credentials); and 
receiving, at the server over the electronic network, an authentication result from the verification data source server for the user associated with authentication data (FIG. 2, 4-5 & 11, ¶ [0024], [0053]-[0054]; i.e. receiving authentication assertions from the identity providers).
Guccione does not explicitly disclose wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user, wherein the status identifier is pending, active, suspended, and/or revoked.
However, Vanczak discloses wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user,  (FIG. 1 & 3, ¶ [0038]-[0039],  [0050], [0068]-[0069], [0145]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to incorporate Vanczak’s teaching of verifying user’s certification in addition to user login name/password based authentication into Guccione in order to increase security and efficiency of authentication process (Vanczak, ¶ [0015]-[0016]).
Regarding claim 22, Guccione in view of Vanczak discloses the method of claim 21, further comprising: storing, by the server, the authentication data in the user data of the user account associated with the user Guccione, FIG. 12B, ¶ [0052]).
Regarding claim 23, Guccione in view of Vanczak discloses the method of claim 21, further comprising: encrypting, by the server, the authentication data in the user data of the user account associated with the user (Guccione, ¶ [0038]).
Regarding claim 24, Guccione in view of Vanczak discloses the method of claim 21, further comprising: transmitting, by the server, the authentication result of the authentication request to the relying party (Guccione, FIG. 4, ¶ [0052]).
Regarding claim 28, Guccione discloses a system for online authentication of online attributes, the system including: 
a data storage device that stores instructions system for online authentication of online attributes (FIG. 12B); and 
a processor configured to execute the instructions to perform a method including (FIG. 12B): 
(FIG 4 & 11, ¶ [0023]-[0024], [0052], [0069]; i.e. receiving at the master Idp from the service provider an user authentication request including user identity and association key, 2-factor required, assurance level or user proof of presence); 
determining whether a user account is associated with the received identity information by accessing an internal database (FIG. 4 & 11, ¶ [0037], [0052]; i.e. mapping the user identity with the use identity known by other Idp server(s) and/or mapping user identity to other identities correspond to other identity providers); 
transmitting, over the electronic network to a user associated with the user account, a request for authentication data (FIG. 2, 4  & 11, ¶ [0024], [0053]-[0054]; i.e. requesting or redirecting user for multi-factor authentication); 
receiving, over the electronic network, authentication data associated with the user (FIG. 2, 4-5 & 11, ¶ [0024], [0053]-[0054]; i.e. receiving user multi-factor authentication or login credentials), wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user, wherein the status identifier is pending, active, suspended, and/or revoked; 
transmitting, over the electronic network to a verification data source server, authentication data associated with the user (FIG. 2, 4-5 & 11, ¶ [0024], [0053]-[0054]; i.e. requesting other identity providers perform designated user multi-factor authentication or login credentials); and 
receiving, over the electronic network, an authentication result from the verification data source server for the user associated with authentication data (FIG. 2, 4-5 & 11, ¶ [0024], [0053]-[0054]; i.e. receiving authentication assertions from the identity providers).
Guccione does not explicitly disclose wherein the authentication data includes a status identifier indicating a current status of an online identity, a credential, and/or an assurance level associated with the user.
However, Vanczak discloses wherein the authentication data includes a status identifier indicating a current status of an assurance level associated with the user, wherein the status identifier is pending, active, suspended, and/or revoked (FIG. 1 & 3, ¶ [0038]-[0039], [0050], [0068]-[0069], [0145]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to incorporate Vanczak’s teaching of verifying user’s certification in addition to user login name/password based authentication into Guccione in order to increase security and efficiency of authentication process (Vanczak, ¶ [0015]-[0016]).
Regarding claims 29 and 36, see claim 22 above for the same reasons of rejections.
Regarding claim 30 and 37, see claim 23 above for the same reasons of rejections.

Regarding claim 35, see claim 21 above for the same reasons of rejections.
Claims 25, 32 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Guccione in view of Vanczak (US 2016/0189147) and further in view of Himawan et al. (US 2013/0036303 hereinafter Himawan).
Regarding claim 25, Guccione in view of Vanczak discloses the method of claim 21.
Guccione in view of Vanczak does not explicitly disclose wherein the authentication data further includes a lifetime value, wherein the lifetime value identifies a length of time the authentication data is valid.
Himawan discloses wherein the authentication data further includes a lifetime value, wherein the lifetime value identifies a length of time the authentication data is valid (Himawan, ¶ [0025]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to incorporate Himawan’s teaching into Guccione in view of Vanczak in order to allow an entity to verify the status of a digital certificate against a local certificate status list independent of the revocation status managed by a certification authorization (Himawan, ¶ [0008]-[0011]).
Regarding claim 32 and 39, see claim 25 above for the same reasons of rejections.
s 26-27, 33-34 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Guccione in view of Vanczak (US 2016/0189147) and further in view of Balazs et al. (US 9,444,824 hereinafter Balazs).
Regarding claim 26, Guccione in view of Vanczak discloses the method of claim 21, further comprising: transmitting, by the server, an assurance level request for [[a one-time-password ("OTP")]] additional authentication factors when the determined assurance level is greater than or equal to a predetermined threshold (Guccione, ¶ [0030]).
Guccione does not explicitly discloses a one-time password (OTP).
However, Balazs discloses a one-time password (col. 19, line 60-col. 20, line 12).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to incorporate Balazs’s teaching into Guccione in view of Vanczak in order to raise the assurance level for subsequent requests to detect and prevent fraudulent transactions (Balazs, col. 10, lines 22-33).
Regarding claim 27, Guccione in view of Vanczak and Balazs discloses the method of claim 26,  Balazs further discloses wherein the OTP request is conducted by at least one of an interactive voice response ("IVR") method and a short message service ("SMS") method (Balazs, col. 19, line 60-col. 20, line 12).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to incorporate Balazs’s teaching into Guccione in view of Vanczak in order to raise the assurance level for subsequent requests to detect and prevent fraudulent transactions (Balazs, col. 10, lines 22-33).

Regarding claim 34, see claim 27 above for the same reasons of rejections.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311.  The examiner can normally be reached on Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.D.N/Examiner, Art Unit 2435  



/EDWARD ZEE/Primary Examiner, Art Unit 2435