Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 11/08/2021; Claims 1, 14, and 20 have been amended; and claims 1, 14, and 20 are independent claims.  Claims 1-20 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
The rejections of claims 1-13 and 20 under 35 U.S.C. § 101 are withdrawn as the claims have been amended.
Applicants’ arguments in the instant amendment, filed on 11/08/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicants argue: The cited references, taken singly or in any combination, fail to disclose, inter alia, 
“provide a decentralized identity hub configured to provide storage service to users associated with decentralized identifiers (DIDs), the decentralized identity hub configured to authorize or authenticate users associated with DIDs via a distributed ledger;

generate an access token that is configured to provide access to the verifiable claim;
provide the access token to an entity that is given access to the verifiable claim;
receive a request from the entity for access to the verifiable claim, the request containing an access token;
validate whether the received access token corresponds to the generated access token; and 
provide the entity with access to the verifiable claim upon validation of the access token” recited in the amended independent claim 1, and similarly recited in the amended independent claims 14 and 20 (Applicant Remarks/Arguments, page 9-15, filed 11/08/2021).
         The Examiner disagrees with the Applicants. The Examiner respectfully submits that Lagutin does disclose some portions of the aforementioned limitations as the following:
Lagutin discloses
“generate an access token that is configured to provide access to the verifiable claim” (Lagutin: figures 1, 2: page 2, Col. 1, paragraph 1; page 2 section “A. OAuth 2.0”, generating an access token that is used by the client to prove the Resource server (RS) that is allowed to access the protected resource within the scope of the access token …”);
(Lagutin: figures 1, 2; page 2 section “A. OAuth 2.0”; page 4  Col. 2 step  “5) The AS … send back a proof-of-possession (PoP) access token”);
“receive a request from the entity for access to the verifiable claim, the request containing an access token” (Lagutin: figures 1, 2; page 4, Col. 2, step “6) Lecturer proceeds to communication with the printer using the access token”);
“validate whether the received access token corresponds to the generated access token” (Lagutin: figures 1, 2; page 4, Col. 2, step “6) Lecturer proceeds to communication with the printer using the access token”; page 4 Col. 2, paragraph 2); and
“provide the entity with access to the verifiable claim upon validation of the access token” (Lagutin: figures 1, 2; page 4, Col. 2, step “6) Lecturer proceeds to communication with the printer using the access token”; page 4 Col. 2, paragraph 2). 
Applicants’ arguments with respect to limitations “provide a decentralized identity hub configured to provide storage service to users associated with decentralized identifiers (DIDs), the decentralized identity hub configured to authorize or authenticate users associated with DIDs via a distributed ledger; store the verifiable claim in a storage associated with a decentralized identifier (DID) in the decentralized identity hub, the DID is associated with the subject of the verifiable claim;” have been fully considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 7, 11, 14, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6).
Regarding claim 1, Yang’284 discloses a computing system for authorizing access to a verifiable claim so that a user, who is a subject of the verifiable claim, is not required to be present to actively authorize the access, the computing system comprising:
 one or more hardware processors (Yang’284: fig. 18, Col. 3, lines 44 -50); and
one or more computer-readable hardware devices (Yang’284: fig. 18, Col. 3 , lines 51-55) having thereon computer-executable instructions that are structured such that, when executed by the one or more processors, configure the one or more processors to:
provide a decentralized identity hub configured to provide storage service to users associated with decentralized identifiers (DIDs) (Yang’284: fig. 5, decentralized identifier (DID) hubs 522; Col. 15, lines 45-53,  In some embodiments, the user agent 411 is configured to create one or more DIDs, authenticate one or more DIDs, interact with one or more verifiable data registry 521 or one or more DID hubs 522, send notifications to an owner of a DID, perform other suitable functionalities, or any combination thereof. Here, a DID hub 522 comprises a system in which an owner of a DID stores its sensitive data. The owner may grant certain other entities (e.g., institutions issuing verifiable claims) access to data stored in the DID hub 522), the decentralized identity hub configured to authorize or authenticate users associated with DIDs via a distributed ledger (Yang’284: fig. 5, decentralized identifier (DID) hubs 522; Col. 15, lines 49-53, ... Here, a DID hub 522 comprises a system in which an owner of a DID stores its sensitive data. The owner grants certain other entities (e.g., institutions issuing verifiable claims) access to data stored in the DID hub 522; Col. 12, lines 47-52, ..depending on the context, the blockchain 330 refers to a blockchain system that comprises a decentralized network of nodes that store a ledger of records and participate in a consensus process for adding data to the ledger of records or the ledger of records stored, maintained, or updated by the decentralized network of nodes);
store the verifiable claim in a storage associated with a decentralized identifier (DID) in the decentralized identity hub (Yang’284: fig. 4, Col. 14, lines 43-45, verifiable claim repository 414 for storing one more VCs), the DID is associated with the subject of the verifiable claim (Yang’284: fig. 4, decentralized (DID) and Verifiable claims; Col. 14, line 25 to Col. 15, line 12);
Yang’284 does not explicitly disclose “generate an access token that is configured to provide access to the verifiable; provide the access token to an entity that is given access to the verifiable claim; receive a request from the entity for access to the verifiable claim, the request containing an access token; validate whether the received access token 
However, in an analogous art, Lagutin discloses
generating an access token that is configured to provide access to the verifiable claim (Lagutin: figures 1, 2: page 2, Col. 1, paragraph 1; page 2 section “A. OAuth 2.0”, generating an access token that is used by the client to prove the Resource server (RS) that is allowed to access the protected resource within the scope of the access token …”);
providing the access token to an entity that is to be given access to the verifiable claim (Lagutin: figures 1, 2; page 2 section “A. OAuth 2.0”; page 4  Col. 2 step  “5) The AS … send back a proof-of-possession (PoP) access token”);
receiving a request from the entity for access to the verifiable claim, the request containing an access token (Lagutin: figures 1, 2; page 4, Col. 2, step “6) Lecturer proceeds to communication with the printer using the access token”);
validating whether the received access token corresponds to the generated access token (Lagutin: figures 1, 2; page 4, Col. 2, step “6) Lecturer proceeds to communication with the printer using the access token”; page 4 Col. 2, paragraph 2); and
providing the entity with access to the verifiable claim upon validation of the access token (Lagutin: figures 1, 2; page 4, Col. 2, step “6) Lecturer proceeds to communication with the printer using the access token”; page 4 Col. 2, paragraph 2). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lagutin with the method and system of Yang’284 to include generating an access token …; providing the access token to an entity …; receiving a request from the entity …; validating whether the (Lagutin: abstract).
Regarding claim 2, the combination of Yang’284 and Mullins the combination of Lagutin and Yang teaches the computing system of claim 1. Mullins further teaches comprising: 
attaching the access token to the verifiable claim  (Lagutin: page. 4, Col. 2, step “5) The AS verifies Lecturer’s proof and sends back a proof-of- possession (PoP) access token”); and 
providing the verifiable claim to the entity (Lagutin: page. 4, Col. 2, step “5) The AS verifies Lecturer’s proof and sends back a proof-of- possession (PoP) access token).
Regarding claim 3, the combination of Yang’284 and Lagutin teaches the computing system of claim 1. Lagutin further teaches, wherein the entity is an issuing entity that issued the verifiable claim on behalf of the user (Lagutin: figures 1, 2; the printing services).
Regarding claim 7, the combination of Yang’284 and Lagutin teaches the computing system of claim 1. Lagutin further teaches, wherein providing the entity with to access to the verifiable claim comprises: 
allowing the entity to use the verifiable claim when providing a service to the user (Lagutin: page 4, Col. 2, step “6) Lecturer proceeds to communicate with the printer using the access token”)
Regarding claim 11, the combination of Yang’284 and Lagutin teaches the computing system of claim 1. Yang’284 further teaches, wherein the computing system is associated with a management module controlled by the user (Yang’284: Col. 5, lines 55 to Col. 6, line 6; Col. 30, lines 30-31; user agent 411 allow the user to take control over the decentralized identifier (DID) using the recovery key).
Regarding claim 14, claim 14 is directed to a method for authorizing access to a verifiable claim so that a user, who is a subject of the verifiable claim, is not required to be present to actively authorize the access associated with a computing system claimed in claim 1; claim 14 is similar in scope to claim 1, and is therefore rejected under similar rationale.1
Regarding claim 15, claim 15 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Regarding claim 20
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6) further in view of Hoyer et al. (“Hoyer,” US 2019/0377860, published Dec. 12, 2019).
Regarding claim 4, the combination of Yang’284 and Lagutin teaches the computing system of claim 1. Lagutin does not explicitly disclose wherein the entity is a relying party that uses the verifiable claim when providing a service to the user.
However, in an analogous art, Hoyer teaches wherein the entity is a relying party that uses the verifiable claim when providing a service to the user (Hoyer: par. 0005, a license/credential that is verifiable under different conditions, including a relying party device not communicating with a centralized verification system). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hoyer with the method and system of Yang’284 and Lagutin, wherein the entity is a relying party that uses the verifiable claim when providing a service to the user. One would have been motivated to provide a license/credential that is verifiable under different conditions, including a relying party device not communicating with a centralized verification system (Hoyer: par. 0005).
Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6) further in view of Lin et al. (“Lin,” US 2020/0145196, filed Jan. 6, 2020). 
Regarding claim 5, the combination of Yang’284 and Lagutin teaches the computing system of claim 1.  The combination of Yang’284 and Lagutin further teaches wherein providing the entity with access to the verifiable claim but not explicitly disclose allowing the entity to update one or more properties of the verifiable claim.
However, in an analogous art, Lin discloses wherein allowing the entity to update one or more properties of the verifiable claim (Lin: par. 0009, the event data further comprises a plurality of updates associated with a plurality of verifiable claims (VCs). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lin with the method and system of Yang’284 and Lagutin, wherein allowing the entity to update one or more properties of the verifiable claim. One would have been motivated to allow flexible control of operations related to decentralized identity management and convenient access to information associated with decentralized identities using programming languages or protocols other than those required by the blockchain (Lin: par. 0026).
Regarding claim 16, claim 16 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6), further in view of Lin et al. (“Lin,” US 2020/0145196, filed Jan. 6, 2020), and Alexander Muhle (“Muhle,” A survey on essential components of a self-sovereign identity, Computer Science Review, 2018, pages 80-86).
Regarding claim 6, the combination of Yang’284, Lagutin, and Lin teaches the computing system of claim 5, wherein updating the one or more properties of the verifiable claim but does not explicitly disclose updating duration information metadata that specifies a time period that the verifiable claim is valid or a predetermined number of times the verifiable is valid for use.
However, in an analogous art, Muhle discloses wherein a verifiable claim includes a valid period (Muhle: page 84, Col. 1, section 5. Verifiable claims).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Muhle with the method and system of Yang’284, Lagutin, and Lin, wherein updating the one or more properties of the verifiable claim but does not explicitly disclose updating duration information metadata that specifies a time period that the verifiable claim is valid or a predetermined number of times the verifiable is valid for use. One would have been motivated to protect against tampering by the claim issuer or anyone in control of the signing key (Muhle: page 84, 2nd Column, 3rd paragraph).
Regarding claim 17.
Claims 8 is rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6), further in view of Zamir et al. (“Zamir,” US 2021/0034778, filed Aug. 1, 2019).
Regarding claim 8, the combination of Yang’284 and Lagutin teaches the computing system of claim 1.  The combination of Yang’284 and Lagutin teaches, wherein the verifiable claim comprises at least (1) a Decentralized Identifier (DID) ( Yang’284: Co. 11, lines 42-46; Lagutin: abstract (DID)), (2) a property of the subject entity (Lagutin: fig. 2, Lecturer (User)), (3) a value corresponding to the property (Lagutin: fig. 2, Printer (IoT device)), and (5) one or more conditions for accessing the verifiable claim (Lagutin: page 4, Col. 2,  step “5) The Authentication server (AS) verifies Lecturer’s proof and send back a proof-of possession (PoP) access token” ; page 4, Col. 2,step “ 6) Lecturer proceeds to communicate with the printer using the access token”).
Yang’284 further discloses decentralized identity management provide unique and verifiable identities to entities and DID is a unique identifier indicating a mapping relationship between real-work entity and an online identity (Yang’284:  Col. 5, line 63 to Col. 9) but does not explicitly disclose wherein the verifiable claim comprises a unique identifier identifying the corresponding verifiable claim.
However, in an analogous art, Zamir teaches wherein the verifiable claim comprises a unique identifier identifying the corresponding verifiable claim (Zamir: par. 0027, a verifiable claim may bind a unique identifier to an identifier from the decentralized identify system).
(Zamir: abstract).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6) further in view of Zamir et al. (“Zamir,” US 2021/0034778, filed Aug. 1, 2019), and Gonzales, Jr. (“Gonzales,” US 2019/0207995, published Jul. 4, 2019).
Regarding claim 9, the combination of Yang’284, Lagutin, and Zamir teaches the computing system of claim 8. The combination of Yang’284, Lagutin, and Zamir further teaches, the one or more conditions but does not explicitly disclose comprising at least one of the following: (1) requiring a relying entity to pay a predetermined amount of value, (2) requiring a relying entity to provide identification information, (3) requiring a relying entity to provide one or more verifiable claim(s), (4) requiring a relying entity to grant permission for accessing a portion of data, or (5) requiring a relying entity to provide a particular service.
However, in an analogous art, Gonzales discloses wherein the one or more conditions comprising at least one of the following: (1) requiring a relying entity to pay a (Gonzales: fig. 3B,  pars. 0070-0073, the record of metadata, one or more conditions  to access or provide service), or (5) requiring a relying entity to provide a particular service to provide users with means for (Gonzales: fig. 3B,  pars. 0070-0073, the record of metadata, one or more conditions  to access or provide service).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gonzales with the method and system of Yang’284, Lagutin, and Zamir, wherein the one or more conditions comprising at least one of the following: (1) requiring a relying entity to pay a predetermined amount of value, (2) requiring a relying entity to provide identification information, (3) requiring a relying entity to provide one or more verifiable claim(s), (4) requiring a relying entity to grant permission for accessing a portion of data (5) requiring a relying entity to provide a particular service.  One would have been motivated to securely maintain the digital content on a blockchain that can be widely accessed through the internet. The disclosed content distribution data technology is the distributed nature of the blockchain, which prevents an unauthorized entity from modifying or corrupting the digital content at any single point (Gonzales: pars. 0005, 0034).
Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6) further in view of Birgisson et al. (“Birgisson,” US 2017/0220793, published Aug. 3, 2017).
Regarding claim 10, the combination of Yang’284 and Lagutin teaches the computing system of claim 1.  The combination of Yang’284 and Lagutin discloses the access verifiable claim but does not explicitly disclose, further comprising:
generating revocation data that is configured to revoke the access token; 
providing the revocation data to the entity; and 
revoking the access to the verifiable claim. 
However, in an analogous art, Birgisson discloses, wherein
generating revocation data that is configured to revoke the access token (Birgisson: pasr. 0038-0039, the revocation of access has been initiated by the owner device 110.  For instance, the revocation data includes user identifiers that represent values indicative of a user identity, such as a hash value or other types of derivatives of data associated with the user. The access control blacklist 132 also specifies information related to the limited token 126a for a user whose access has been revoked); 
providing the revocation data to the entity (Birgisson: pars. 0038, 0039, the revocation of access has been initiated by the owner device 110.  For instance, the revocation data includes user identifiers that represent values indicative of a user identity, such as a hash value or other types of derivatives of data associated with the user); and 
revoking the access to the verifiable claim (Birgisson: pars. 0038-0039, … The access control blacklist 132 also specifies information related to the limited token 126a for a user whose access has been revoked). 
(Birgisson: par. 0004).
Regarding claim 19, claim 19 is similar in scope to claim 10, and is therefore rejected under similar rationale.
Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. (“Yang’284,” US 10,924,284, filed Jan. 6, 2020) in view of Dmitrij Lagutin (“Lagutin,” Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation”, 24 Feb. 2019, pages 1-6) further in view of Callahan et al. (“Callahan,” US 2020/0036707, published Jan. 30, 2020).
Regarding claim 12, the combination of Yang’284 and Lagutin teaches the computing system of claim 1.  Yang’284 discloses DID hub comprise a system in which an owner of a DID stored it sensitive data. The owner grant certain other entities access to data stored in the DID hub (Yang’284, Col. 15, lines 49-53) but does not explicitly disclose wherein the computing system is associated with an identity hub controlled by the user.
However, in an analogous art, Callahan discloses wherein the computing system is associated with an identity hub controlled by the user (Callahan: pars. 0195. In one or more implementations, the identity hubs 2208 are configured as a database or storage system, flat file system, relational database, or bulk storage facility; par. 0195; verifiable claim is stored in one or more identity hubs and repositories 2208)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Callahan with the method and system of Yang’284 and Lagutin, wherein the computing system is associated with an identity hub controlled by the user.  One would have been motivated to provide secure communication between a user computing device and a server computing device (Callahan: abstract).
Regarding claim 13, the combination of Yang’284 and Lagutin teaches the computing system of claim 1.  Yang’284 discloses DID hub comprise a system in which an owner of a DID stored it sensitive data. The owner grant certain other entities (e.g., institutions issuing verifiable claims) access to data stored in the DID hub (Yang’284, Col. 15, lines 49-53) but does not explicitly disclose wherein the verifiable claim is stored in an identity hub controlled by the user.
However, in an analogous art, Callahan discloses wherein the verifiable claim is stored in an identity hub controlled by the user (Callahan: pars. 0195. par. 0195; verifiable claim is stored in one or more identity hubs and repositories 2208).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Callahan with the method and system of Yang’284 and Lagutin, wherein the verifiable claim is stored in an identity hub controlled by the user.  One would have been motivated to provide secure (Callahan: abstract).
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published 

/Canh Le/
Examiner, Art Unit 2439

February 15th, 2022 


/JAHANGIR KABIR/Primary Examiner, Art Unit 2439