DETAILED ACTION
Notice to Applicant
The amendment filed 11/15/2021 has been entered. The following has occurred: Claims 1, 2, 14, and 20 have been amended; No new claims have been added; Claims 6-13 have been withdrawn due to restriction requirement. 
Claims 1-5 and 14-20 are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Effective Filling Date: 11/27/2017.
Response to Amendment
35 U.S.C. 112(a) rejection is maintained. 
35 U.S.C. 103 rejection is maintained in light of the amended claim limitations, new rationale is added.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 19 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not Specifically, the examiner asserts that the Specification, as originally filled fails to disclose with enough specificity, the following limitations:
Claim 19, recites “wherein the verification key is generated using a randomized key-generation algorithm and without feedback from the customer device, and wherein the service provider device provides the verification key to the review server directly” (underline emphasis included), which the Specification fails to provide support for the newly amended limitation. That is, in paragraph [0023] of the Specification recites “redactable signature scheme includes: key generation (KeyGen), signing (Sign), redaction (Redact), and verification (Verify). In FIG. 1, during KeyGen, the service provider device utilizes a randomized key-generation algorithm that outputs a pair of keys, a signing key and its corresponding verification key.” The Specification discloses the verification key is generated using a randomized key-generation algorithm, however, the Specification does not describe the negative limitation for the verification key to be generated using a randomized key-generation algorithm and without feedback from the customer device. Further, contrary to Fig. 1 illustration of verification key only has one arrow to the service provider, in para. [0027] indicating the customer device does uses the verification key generated during KeyGen, which shows feedback from the customer device and the verification key is not provided to the review server directly.
In accordance to MPEP 2173.05(i) Negative limitations: Any negative limitation or exclusionary proviso must have basis in the original disclosure. If alternative elements are positively recited in the specification, they may be explicitly excluded in the claims. See In re Johnson, 558 F.2d 1008, 1019, 194 USPQ 187, 196 (CCPA 1977) ("[the] specification, having described the whole, necessarily described the part remaining."). See also Ex parte Grasselli, 231 USPQ 393 (Bd. App. 1983), aff’d mem., 738 F.2d 453 (Fed. Cir. 1984). The mere absence of a positive recitation is not basis for an exclusion. Any claim 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement. Note that a lack of literal basis in the specification for a negative limitation may not be sufficient to establish a prima facie case for lack of descriptive support. Ex parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 1993). 
To be clear, according to MPEP 2173.05(i), the negative limitation does not have to be recited verbatim in the Specification: “Note that a lack of literal basis in the specification for a negative limitation may not be sufficient to establish a prima facie case for lack of descriptive support. Ex parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 1993).” Otherwise, applicants may be unduly burdened in having to describe every known piece of prior art so as to expressly recite what is not included in their invention. The following are examples of sufficient basis for negative limitations: 
Specification describes a reason to exclude the relevant limitation (Inphi Corp. v. Netlist, Inc.) 
Specification describes alternatives (Santarus, Inc. v. Par Pharm., Inc.) 
Description of prior art in the specification discusses shortcomings of certain features 
Drawings that show the presence of certain features which necessitates the absence of opposite features specification explicitly describes the lack of a particular feature.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 4, 5, 14-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Montano (US 20140114877 A1) in view of Bilzhause et al. “Position Paper: The Past, Present, and Future of Sanitizable and Redactable Signature”, Pages 1-10, August 29-September 1, 2017, hereinafter “Bilzhause,” and further in view of NPL Content Extraction Signatures by Steinfeld, Bull, and Zheng, published in Feb 20, 2002 < https://www.cs.fsu.edu/~burmeste/zheng1.pdf>” hereinafter “CES.” 
Claim 1, Montano discloses a method for checking legitimacy of a customer review (Abstract, Claims 1-18, and para. [0007] disclosing systems and methods for authenticating online customer service reviews using unique customer identifiers such as payment data and location data), the method comprising:
receiving, via a service provider device, a verification key (Claim 1, “receiving payment information from a customer for a service by a service provider;” disclosing receiving from the service provider (which is employee device used by a service provider, see para. [0025]), payment information, 
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Claim 1 disclosing receiving a customer service review from the customer in response to the prompt; the redacted message is interpreted to be the customer review prior to publish, which is hidden or censored from public, as motivated in para. [0019], “credibility of the customer service review is therefore significantly higher than a review posted by an anonymous reviewer, and malicious false negative reviews can be prevented by requiring authentication prior to a review being posted.”  Para. [0023], “Another type of unique customer identifier is a location-based identifier which uses location services on the customer's mobile device to determine if the customer is in the same location as the service that was performed, or if the customer is in the same vicinity as the mobile device of the employee that performed the service. In addition to location-based services, the employee could use their mobile device to interact with the customer's mobile device to verify their vicinity with each other and confirm that the customer is the person that the employee is interacting with. The mobile device interactions could be through any wired or wireless communication protocol, such as Bluetooth®, 802.11, near-field communications, RFID, etc. or through an optical recognition procedure such as having the customer take a picture of a QR code displayed on the employee's mobile device.” Disclosing the customer mobile device taking a picture of QR code displayed on employee’s mobile device for verification of service. The receiving of picture of QR code is representative of receiving via a customer device of a redacted signature. This is supported in Applicant’s Drawing, Fig. 1 that redacted signature can be QR code); and
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Para. [0025]-[0031] disclosing the verification of unique customer identifier with customer service provided by employee with unique code (i.e. redacted signature) entered, once the review has been authenticated (i.e. legitimate), the review can be published), 
wherein the verification key is bound to the service provider device and is sent to the review server from the service provider device (Para. [0023], “addition to location-based services, the employee could use their mobile device to interact with the customer's mobile device to verify their vicinity with each other and confirm that the customer is the person that the employee is interacting with. The mobile device interactions could be through any wired or wireless communication protocol, such as Bluetooth®, 802.11, near-field communications, RFID, etc. or through an optical recognition procedure such as having the customer take a picture of a QR code displayed on the employee's mobile device.” The QR code displayed on the employee’s mobile device discloses the verification key is bound to the service provider device to confirm the communication and presence of employee at service. The service provider or employee device can also receive other examples of verification key such as payment identifier, location-based identifier of the customer’s mobile device, biometric, gesture recognition or passwords associated with the customer to be transmitted to confirm the identity of the customer, see para. [0022]-[0024]. Para. [0030]-[0032] disclosing the verification key (e.g., customer identifier, unique identifier) is transmitted to the review authentication server to match with unique customer identifier with data stored in a connected authentication database to authenticate the customer, then the customer servicer review can be authenticated in the review website, see Fig. 1).
Bilzhause (cited by the Applicant in the IDS of 2/26/2018 and the Specification paragraph [0004]), to specifically teach the well-known feature of redactable digital signature can mark specific parts of a signed message as redactable or censored, while still retaining verifiability of the signature (App. Specification para. [0004]). 
Specifically, Bilzhause teaches:
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Page 1, RSSs allow to remove, i.e., redact, parts of a signed message, while SSSs allow a designated third party, named the sanitizer, to change, i.e., sanitize, signer-chosen parts of a signed message to different bitstrings), wherein the redacted signature provides a privacy-preserving proof (Bilzhause page 3, under Unforgeability. “If one does not hold any secret keys, one should not be able to come up with a verifying signature σ∗ for a message m∗ which has neither been authorized by the signer nor the sanitizer.”  Privacy. “An outsider not holding any private keys should not be able to derive any information about sanitized parts of a message.” Accountability. “If it comes to a dispute, the signer must be able to generate a proof which points to the accountable party. Accountability requires that neither the signer nor the sanitizer can generate “false” proofs pointing to the wrong party for a adversarially generated message/signature pair (m∗, σ∗).” Which teaches the redacted signature provides a privacy-preserving proof); 
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Page 1, Abstract, Page 2, 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the systems and methods for authentication online customer service review to include the authentication or verification process of sanitiable and redactable signatures schemes of Bilzhause for the motivation of providing an improved system and methods of privacy protection and stronger security, see Bilzhause page 4 “Unlinkability”, “Stronger Security Definition”, “Receipts” and “Data loss Prevention.” 
While in Bilzhause page 3, under Unforgeability. “If one does not hold any secret keys, one should not be able to come up with a verifying signature σ∗ for a message m∗ which has neither been authorized by the signer nor the sanitizer.”  Privacy. “An outsider not holding any private keys should not be able to derive any information about sanitized parts of a message.” Accountability. “If it comes to a dispute, the signer must be able to generate a proof which points to the accountable party. Accountability requires that neither the signer nor the sanitizer can generate “false” proofs pointing to the wrong party for a adversarially generated message/signature pair (m∗, σ∗).” Which teaches the redacted signature provides a privacy-preserving proof. Further in page 4, under New Application Scenarios: Receipts. “Assume that you buy two items at a store, e.g., a TV and a toaster. However, at home it turns out that the wrong TV was bought. Normally, one returns to the store, and exchanges the TV for a different one. Then, however, the receipt needs to be changed to prevent fraud. SSSs can help wherein the redacted signature provides a privacy-preserving proof of purchase of a list of goods and services that a customer has purchased (Pages 6-8 teaching the user/signer have full control to determine/select which subdocuments signature can be extracted for which is indicating the other portions to be redacted. The document can be intended for any document that can be subdocumented which include receipts with list of goods and service that the customer has purchased).  
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano and Bilzhause with the feature of key pair of public and private keys as taught in CES, for the motivation and benefit for providing the user/signer the ability to specify allowed extraction of document content and achieving provable security. 
Claim 2, the combination of Montano, Bilzhause, and CES makes obvious of the method of claim 1. The combination further teaches wherein the redacted message includes the list of purchased goods and services and/or a serial number (Montano: Abstract, “Once the authentication process verifies that the customer creating the review, the resulting online customer service review can be identified as an authentic customer review of the service provider, employee and the service.” Bilzhause: in page 4, under New Application Scenarios: Receipts. “Assume that you buy two items at a store, e.g., a TV and a 
Claim 4, the combination of Montano, Bilzhause, and CES makes obvious of the method of claim 1. Montano further discloses further comprising uploading the legitimate customer review to a review website (Para. [0031], “Once the review has been authenticated, the review can be published (step 212) by transmitting the review to the business server 112 or a review website 116 operated by the business, a third party reviewing service or by the system's own review website or application running on a computing device such as a smartphone or tablet”).
Claim 5, the combination of Montano, Bilzhause, and CES makes obvious of the method of claim 1. Montano further discloses further comprising storing the customer review in a review database based on the checking determining that the redacted signature is legitimate and not storing the customer review in the database based on the checking determining that the redacted signature is not legitimate (Para. [0031], “the review has been authenticated, the review can be published (step 212) by transmitting the review to the business server 112 or a review website 116 operated by the business, a third party reviewing service or by the system's own review website or application running on a computing device such as a smartphone or tablet. In one example, the review maybe published to the employee's personal profile on a social media service where they advertise their services in addition to 
Claim 14, Montano discloses a trustworthy review system for verifying that a customer review is legitimate, the system comprising a review server having one or more processors (Para. [0049] disclosing processor) which, alone or in combination are configured to provide for performance of the following steps (Abstract, Claims 1-18, and para. [0007] disclosing systems and methods for authenticating online customer service reviews using unique customer identifiers such as payment data and location data):
receiving, via a service provider device, a verification key (Claim 1, “receiving payment information from a customer for a service by a service provider;” disclosing receiving from the service provider (which is employee device used by a service provider, see para. [0025]), payment information, which is interpreted to be verification key. Additionally, in para [0022]-[0030] disclosing the use of unique customer identifier which may be payment identifier, e-wallet, name, credit card number, billing address, location-based identifier, RFID, QR code, unique code, and more can be used to verify the customer in the process of authenticating the customer review. The list above can all be interpreted to be verification key);
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Claim 1 disclosing receiving a customer service review from the customer in response to the prompt; the redacted message is interpreted to be the customer review prior to publish, which is hidden or censored from public, as motivated in para. [0019], “credibility of the customer service review is therefore significantly higher than a review posted by an anonymous reviewer, and malicious false and
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Para. [0025]-[0031] disclosing the verification of unique customer identifier with customer service provided by employee with unique code (i.e. redacted signature) entered, once the review has been authenticated (i.e. legitimate), the review can be published), 
wherein the verification key is bound to the service provider device and is sent to the review server from the service provider device (Para. [0023], “addition to location-based services, the employee 
Under the broadest reasonable interpretation, Montano discloses the above-mentioned limitations. However, for the purpose of compact prosecution, the Examiner will introduce Bilzhause (cited by the Applicant in the IDS of 2/26/2018 and the Specification paragraph [0004]), to specifically teach the well-known feature of redactable digital signature can mark specific parts of a signed message as redactable or censored, while still retaining verificaility of the signature (App. Specification para. [0004]). 
Specifically, Bilzhause teaches:
receiving, via a customer device, a customer review, a redacted message, and a redacted signature (Page 1, RSSs allow to remove, i.e., redact, parts of a signed message, while SSSs allow a designated third party, named the sanitizer, to change, i.e., sanitize, signer-chosen parts of a signed wherein the redacted signature provides a privacy-preserving proof (Bilzhause page 3, under Unforgeability. “If one does not hold any secret keys, one should not be able to come up with a verifying signature σ∗ for a message m∗ which has neither been authorized by the signer nor the sanitizer.”  Privacy. “An outsider not holding any private keys should not be able to derive any information about sanitized parts of a message.” Accountability. “If it comes to a dispute, the signer must be able to generate a proof which points to the accountable party. Accountability requires that neither the signer nor the sanitizer can generate “false” proofs pointing to the wrong party for a adversarially generated message/signature pair (m∗, σ∗).” Which teaches the redacted signature provides a privacy-preserving proof);  
at least one of:
publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate (Page 1, Abstract, Page 2, “Attribute-based signatures [99] allow users to sign messages which are bound to specific attributes. This type of signature scheme requires that the signer holds the corresponding attributes. More precisely, a signature verification only reveals that the signer has a signing key which fulfills the predicate on the claimed attributes. Page 2, under “III. Santizable signature Schemes” teaching sanitizer holds his own public key, the sanitization process requires the corresponding private key, which verifies under the given public keys. Additionally see Framework of Sanitizable Signature Schemes using algorithms. Page 3, teaches verification takes input of signature for a message w.r.t. the public keys). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the systems and methods for authentication online customer service review to include the authentication or verification process of sanitiable and redactable signatures 
While in Bilzhause page 3, under Unforgeability. “If one does not hold any secret keys, one should not be able to come up with a verifying signature σ∗ for a message m∗ which has neither been authorized by the signer nor the sanitizer.”  Privacy. “An outsider not holding any private keys should not be able to derive any information about sanitized parts of a message.” Accountability. “If it comes to a dispute, the signer must be able to generate a proof which points to the accountable party. Accountability requires that neither the signer nor the sanitizer can generate “false” proofs pointing to the wrong party for a adversarially generated message/signature pair (m∗, σ∗).” Which teaches the redacted signature provides a privacy-preserving proof. Further in page 4, under New Application Scenarios: Receipts. “Assume that you buy two items at a store, e.g., a TV and a toaster. However, at home it turns out that the wrong TV was bought. Normally, one returns to the store, and exchanges the TV for a different one. Then, however, the receipt needs to be changed to prevent fraud. SSSs can help here: if an item is exchanged, the receipt can simply be altered for the new item, without the need to give the customer two different receipts. This kind of idea may be useful in other contexts as well, e.g., supply-chain management” which is suggestion for the redacted signature to be used with receipts, which is purchase of a list of goods and services that a customer has purchased. While is suggested in the application, the Examiner would like to introduce Non-patent literature, CES (which is reference [121] of Bilzhause), directed to digital signature for producing an extracted signature on selected extracted portions of the original documents, which can be verified by third party while hiding unextracted (removed) document portions, to specifically teach, wherein the redacted signature provides a privacy-preserving proof of purchase of a list of goods and services that a customer has purchased (Pages 6-8 teaching the user/signer have full control to determine/select which 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano and Bilzhause with the feature of key pair of public and private keys as taught in CES, for the motivation and benefit for providing the user/signer the ability to specify allowed extraction of document content and achieving provable security. 
Claim 15, the combination of Montano, Bilzhause, and CES makes obvious of the system of claim 15. Montano further discloses further configured to store the customer review in a review database based on the checking determining that the redacted signature is legitimate and to not store the customer review in the database based on the checking determining that the redacted signature is not legitimate (Para. [0031], “the review has been authenticated, the review can be published (step 212) by transmitting the review to the business server 112 or a review website 116 operated by the business, a third party reviewing service or by the system's own review website or application running on a computing device such as a smartphone or tablet.
Claim 16, the combination of Montano, Bilzhause, and CES makes obvious of the method as in claim 1. CES further teaches:
wherein the verification key is from a key-pair, and wherein the key-pair comprises the verification key and a signing key (Pages 8-9, “KeyGen — Takes a security parameter k and generates a secret/public key pair (SK, PK).” teaching a key generation algorithm for generating a secret/public key pair. Wherein the secret key is representative of private and signing key and public key is representative of verification key).
Claim 17, the combination of Montano, Bilzhause, and CES make obvious of the method as in claim 16. CES further teaches:
wherein the redacted signature is generated based on redacting at least a portion of a signature, and wherein the signature is generated using the signing key (Page 8, under section 3.4 Definition of a Content Extraction Signature, “The Extract algorithm allows the user to extract (from a ‘full’ content extraction signature σFull) a signature for the subdocument consisting of the submessages whose indexes are specified by the extraction subset X. The extracted signature σExt can then be forwarded to the verifier along with the extracted subdocument M . The ‘Content Extraction Access Structure’ (CEAS) is an encoding of the subsets of submessage indexes in the original document which the signer can use to specify which extracted subdocuments the user is “allowed” to extract valid signatures for. Therefore the CEAS is an encoding of a collections of subsets of [n], where n = length(M) and M is the signed document. We assume these subsets are encoded as bit strings in {0, 1}n so that if Cl(M ) ∈ CEAS for some document M then length(M ) = n = length(M). Also disclosed in the Abstract in page 1, “we define a new type of digital signature called a ‘Content Extraction Signature’ (CES).A CES allows the owner, Bob, of a document signed by Alice, to produce an ‘extracted signature’ on selected extracted portions of the original document, which can be verified to originate from Alice by any third party Cathy, while hiding the unextracted (removed) document portions.” The content of document only produce a selected 
Claim 18, the combination of Montano, Bilzhause, and CES make obvious of the method as in claim 16. CES further teaches:
wherein the verification key is a public key of the key-pair and the signing key is a private key of the key-pair (Pages 8-9, “KeyGen — Takes a security parameter k and generates a secret/public key pair (SK, PK).” teaching a key generation algorithm for generating a secret/public key pair. Wherein the secret key is representative of private and signing key and public key is representative of verification key).
Claim 20, the combination of Montano and Bilzhause makes obvious of the method as in claim 1. CES further teaches:
wherein the redacted message is generated based on customer feedback, from the customer, indicating for at least one good or service, from a list of goods and services that the customer has purchased, to be redacted (Pages 6-8 teaching the user/signer have full control to determine/select which subdocuments signature can be extracted for which is indicating the other portions to be redacted. The document can be intended for any document that can be subdocumented which can include receipts with list of goods and service that the customer has purchased).  
Claims 3 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Montano (US 20140114877 A1), in view of Bilzhause et al. “Position Paper: The Past, Present, and Future of Sanitizable and Redactable Signature”, Pages 1-10, August 29-September 1, 2017, hereinafter “Bilzhause,” in view of NPL Content Extraction Signatures by Steinfeld, Bull, and Zheng, published in Feb 20, 2002 < https://www.cs.fsu.edu/~burmeste/zheng1.pdf>” hereinafter “CES,” and further in view of Wilson et al. (US 20180204191 A1), hereinafter “Wilson.”
Claim 3, the combination of Montano, Bilzhause, and CES makes obvious of the method of claim 2. However, the combination does not expressly teach:
wherein the redacted message includes the serial number, the method further comprising a second check that the customer review is legitimate by checking a database of previously-encountered serial numbers to determine whether the serial number is present.
	Nonetheless, Wilson is directed to system and method for storing and endorsing data describing an entity more efficiently and in particular data describing a person or company, which specifically teaches,
wherein the redacted message includes the serial number, the method further comprising a second check that the customer review is legitimate by checking a database of previously-encountered serial numbers to determine whether the serial number is present (Para. [0188],“key block data may further comprise at least one of: a block number; a time stamp; and/or a hash of the previous block in the block chain.” which is teaching the redacted message can be a block number, time stamp or hash of the previous block in the block chain, are all example of serial number. Also described in para. [0401], “block header 310 comprises a block number 311, a hash of the most recent previous block that appeared in the digital currency ledger 312, a time stamp 314, and optionally an identifier of the oldest active block in the digital currency ledger 313. The block header 310 may optionally also comprise a merkle root for a merkle tree of hashes of sets of operation data and/or the number of sets of operation data contained in the block 300. The block number 311 will uniquely identify the new block 300 and may be set to a value that is one greater than most recent previous block in the digital currency ledger. The hash of the most recent previous block in the digital currency ledger 312 is used to tie the new block 300 to the most recent previous block (i.e., chain them together). The time stamp 314 indicates when the new block 300 was created. The optional identifier of the oldest active block in the digital currency ledger 313 is described in more detail below.” Para. [0407], “verification entity 20 may recognise the checking a database of previously-encountered serial numbers to determine whether the serial number is present).
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filling of the invention to modify the method of checking legitimacy of a customer review using verification key and redacted signature in Montano, Bilzhause, and CES with the feature of second check 
Claim 19, the combination of Montano, Bilzhause, and CES makes obvious of the method of claim 1.
Montano further discloses, wherein the service provider device provides the verification key to the review server directly (Fig. 1 and Para. [0023], [0025], and [0030] disclosing the unique identifier is transmitted to the review authentication server). 
 	However, the combination does not expressly teach:
wherein the verification key is generated using a randomized key-generation algorithm and without feedback from the customer device.
	Nonetheless, Wilson is directed to system and method for storing and endorsing data describing an entity more efficiently and in particular data describing a person or company, which specifically teaches,
wherein the verification key is generated using a randomized key-generation algorithm and without feedback from the customer device (Para. [0064], “the identifier of the data may be further generated from a random factor generated by the first entity. This may provide privacy of the first entity as the information may be made public or at least distributed in a limited way but it may only be possible to identify the first entity when provided with the random factor. This random factor may be a number or series of symbols, for example.” Teaching the identifier (i.e. verification key) is generated by the first entity and without the need for feedback from the customer device. Abstract, teaching the first entity can be the payer or the recipient.).

Response
35 U.S.C. 112 Rejections:
	Applicant’s remarks are fully considered, however, is found to be unpersuasive. 
	On pages 7-8, the Applicant refers to paragraph [0026] of the Published Application (para. [0023] of the original filed Specification) and Fig. 1, asserts “Yet, FIG. 1 does not show any interaction between the customer device and the service provider to generate the verification keys and signing keys. Additionally, paragraph [0026] of the Present Published Application also states that a randomized key-generation algorithm is used by the service provider device to generate the pair of keys, but does not mention that the randomized key-generation algorithm used by the service provider device also uses feedback from the customer device. As such, in light of paragraph [0026] and FIG. 1, it is respectfully submitted that a person skilled in the art would have understood that the verification key is generated without feedback from the customer device.” Applicant further assets: “Additionally, the Office first states that any negative limitation must have basis in the original disclosure. See Detailed Action, p. 4. The Office acknowledges, however, that according to MIPEP 2 173.05(i), "the negative limitation does not have to be recited verbatim in the Specification". Detailed Action, p. 4. In the present case, paragraph [0026] describes a key generation algorithm and not mentioning that this uses feedback from a customer device and FIG. 1 shows the generated verification key, again without any arrows or information coming from the customer to the service provider. In view of these disclosures, it is respectfully submitted that a person skilled in the art would have understood that there is a basis in the 
The Examiner respectfully disagrees. According to MPEP 2173.05(i) Negative limitations: Any negative limitation or exclusionary proviso must have basis in the original disclosure. If alternative elements are positively recited in the specification, they may be explicitly excluded in the claims. See In re Johnson, 558 F.2d 1008, 1019, 194 USPQ 187, 196 (CCPA 1977) ("[the] specification, having described the whole, necessarily described the part remaining."). See also Ex parte Grasselli, 231 USPQ 393 (Bd. App. 1983), aff’d mem., 738 F.2d 453 (Fed. Cir. 1984). The mere absence of a positive recitation is not basis for an exclusion. Any claim containing a negative limitation which does not have basis in the original disclosure should be rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement. Note that a lack of literal basis in the specification for a negative limitation may not be sufficient to establish a prima facie case for lack of descriptive support. Ex parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 1993). However, in contrary to Applicant’s argument in reference to Fig. 1, the Specification in paragraph [0027] indicates the customer device does uses the verification key generated during KeyGen, which shows feedback from the customer device and the verification key is not provided to the review server directly. Therefore, the 112(a) rejection is maintained. 

35 U.S.C. 103 Rejections:
Applicant’s arguments are fully considered, however, found to be unpersuasive. 
Regarding to the assertion on page 9 of the remark, the Applicant provides conclusory statement that “Montano fails to disclose or suggest a verification key much less that the verification key is bound to the service provider device, as required by claims 1 and 14. However, the Applicant fails to specifically point out how Montano may differ from the claim invention and how the claimed limitation is interpreted in light of the Specification. Therefore, the assertion is unpersuasive. 
Regarding to the remarks on top of page 9 and bottom half of page 10, the Applicant asserts the amended claim limitation, “the redacted signature provides a privacy-preserving proof of purchase of a list of goods and services that a customer has purchased” is not taught or suggested in Montano, Bilzhause, Wilson, and CES. However, the Examiner respectfully disagrees. In Bilzhause page 2, under portions of Unforgeability, Privacy, and Accountability describes the benefits for the use of redacted signature in privacy preserving proof. Further in Bilzhause, page 4, under New Application Scenarios, describing the use of the application with receipts which is proof purchase of a list of goods and services that a customer has purchased. Furthermore in CES pages 6-8 specifically teaches the application of redacted signature used in subdocumented which include receipts with list of goods and service that the customer has purchased. 
Regarding to the remarks on bottom of page 9 to top of page 10, the Applicant provides conclusory statement regarding what is taught by Montano, however does not describe the claimed limitation with respect to the Specification on how the claim limitation should be interpreted. Therefore, the assertion is unpersuasive. With regard to the applicant’s assertion, “it is respectfully submitted that the cited section of Montano fails to disclose or suggest that the alleged redacted signature (e.g., the QR code) has any type of privacy-preserving feature as the customer and the employee's location is identified.” The QR code is an example of redacted signature provided by the customer, similar to the 
Therefore, the 103 rejection is maintained.  
Relevant Prior Art Not Relied Upon
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure. The additional cited art, including but not limited to the excerpts below, further establishes the state of the art at the time of Applicant’s invention and shows the following was known:
Chen (CN 104376252 B) is directed to a content verification method based on digital signature code, comprises: One endorses step, is endorsed using one first private key pair one first digital content, to produce one first digital signature corresponding with this first digital content and one first stamped signature code; One dual stamped signature step, first according to this this first digital signature of the first stamped signature code verification, one second private key is recycled to be endorsed again according to this first stamped signature code, to produce one second corresponding digital signature and one second stamped signature code, between this first stamped signature code and this second stamped signature code, there is a connection, and form a stamped signature code-group, and this first digital signature and this second digital signature form a digital signature group and a verification step, according in this stamped signature code-group at least one, verify at least one in this digital signature group. The present invention can easily confirm the true and false of digital content endorsed.
Bhargav-Spantzel, A. (2007). Protocols and systems for privacy preserving protection of digital identity (Order No. 3307439). . (304838014). Retrieved from 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WENREN CHEN whose telephone number is (571)272-5208. The examiner can normally be reached Monday - Friday 10AM - 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah M. Monfeldt can be reached on (571) 270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To 





/W.C./Examiner, Art Unit 3689                        

                                                                                                                                                                                /RICHARD W. CRANDALL/Examiner, Art Unit 3689