Detailed Action
Claims 1-21 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-23 of copending Application No. 16/365374. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the copending application anticipate or render obvious the claims in the instant application.
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-23 of copending Application No. 16/365381. Although the claims at issue are not identical, they are not patentably 
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of copending Application No. 16/365394. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the copending application anticipate or render obvious the claims in the instant application.
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of copending Application No. 16/365396. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the copending application anticipate or render obvious the claims in the instant application.
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/365398. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the copending application anticipate or render obvious the claims in the instant application.

These are provisional nonstatutory double patenting rejections because the patentably indistinct claims have not in fact been patented.



Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-12 and 15-21 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Ebrahimi et al (US Pub.No.2017/0257358).

Re Claim 1. High discloses a system for credential authentication, comprising: an interface configured to: receive a request from an application for authorization to access (i.e. authenticating, by the processor, a receiving device in response to a request from the receiving device to gain access to the locked space) [High, para.0006], wherein access to the application is requested by a user using a user device (i.e. receiving device 112, which may be a mobile computing device or smartphone of a user, may transmit a request to computing system 120 to access to a locked space at a particular time……. The delivery person charged with delivering the parcel may carry a handheld device (e.g. a receiving device 112), and may approach the locked delivery box to deliver the parcel) [High, para.0034]; and a processor configured to: provide a login request to the user; validate a login response; determine a user authentication device based on the login response (i.e. A camera positioned proximate the ) [High, para.0036]; provide a proof request to the user authentication device (i.e. step 306 instructs the authenticated receiving device 112 to decrypt the digital signature the authenticated using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system 120) [High, para.0046]; receive a proof response; determine that the proof response is valid using a distributed ledger (i.e. Prior to communicating with the locking mechanism 111 to unlock the locked space, the computing system 120 may access the blockchain to confirm that the hashed access code received from the receiving device matches the hashed access code stored on the blockchain ) [High, para.0046]; 
 	High does not explicitly disclose whereas Ebrahimi does: generate a token; and provide the token to the application authorizing access for the user (i.e. a session ID is generated by web server 320, which may be generated in response to the request for the login web page, or may be generated in anticipation of a login request (e.g., such as at a login kiosk). As shown, a factor in the authentication and login process is the use of the session ID, such that the session ID is used throughout the authentication and login process, thereby 320 to include one or more of the session ID, a timeout for the session ID, URL web address for the web server…………… web server 320 generates a scannable code (e.g., QR code), which includes at least one of the envelope ID, URL of the web server 320, and a login challenge asking whether a login process is further requested. The scannable code is included in the login page……………… the web server delivers the login web page to the first device 310 of the user 5. At operation 420, the first device 310 of user 5 displays the login web page that includes the scannable code, ………………… if the scannable code is able to include the entire data identified in block 405, it may not be necessary to create an envelope and an envelope ID—the scannable code in this case would have the entire data) [Ebrahimi, para.0067-0071].   
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High with Ebrahimi because It would be advantageous to have a more secure system and method for managing the identity of users and of identifying users to third parties, such as when performing login or user authentication [Ebrahimi, para.0004].

Re Claims 20 and 21. These claims recite features similar to those recited in claim 1 and therefore they are rejected in a similar manner.

Re Claim 2. High in view of Ebrahimi discloses the system of claim 1, Ebrahimi further discloses: wherein the login request comprises a username and password request (i.e. FIGS. 7B-7C may or may not display username and password fields 751 and 752, respectively, for purposes of login) [Ebrahimi, para.0103, Fig. 7B].  
	The same motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 3. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein the login request comprises a biometric request (i.e. The camera or other sensor or input mechanism 110 may instead perform a retinal scan of the visitor (or generally obtain a biometric signature of the visitor) to ensure that the identity of the repairman matches records retrieved from the authentication database) [High, para.0036].  
	
Re Claim 4. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein the processor is further configured to receive the login response (i.e. the computing system 120 may utilize one or more input mechanisms 110 for authentication purposes. For example, if input mechanism 110 detects a presence of a receiving device 112 ) [High, para.0036].  

Re Claim 7 High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein the processor is further configured to determine a set of credentials that can enable authorization to access using rules (i.e. The access code may be valid forever or may be valid for a limited time, and may be regenerated after each time the space is accessed. Embodiments of the access code may be text, a song or clip thereof, a book or excerpt thereof, a movie clip, digits, bytes, binary digits, bits, characters, an image, a noise, a biological signature (e.g. biometric of owner of the locked space), DNA sequence, a famous quote, a unique identifier, or any indicia or password or ) [High, para.0030].  
  
Re Claim 8. High in view of Ebrahimi discloses the system of claim 7, High further discloses: wherein the processor is further configured to generate a proof request challenge requesting a credential of the set of credentials (i.e. step 306 instructs the authenticated receiving device 112 to decrypt the digital signature the authenticated using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system 120) [High, para.0046].  

Re Claim 9. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein the proof response comprises a credential (i.e. Embodiments of the access code may be text, a song or clip thereof, a book or excerpt thereof, a movie clip, digits, bytes, binary digits, bits, characters, an image, a noise, a biological signature (e.g. biometric of owner of the locked space), DNA sequence, a famous quote, a unique identifier, or any indicia or password or code that is computer readable) [High, para.0030].  
  
Re Claim 10. High in view of Ebrahimi discloses the system of claim 9, High further discloses: wherein the credential comprises a user selected credential (i.e. The .) [High, para.0030].    

Re Claim 11. High in view of Ebrahimi discloses the system of claim 9, High further discloses: wherein the credential comprises a stored credential stored by the user authentication device (i.e. After using the private key to obtain the hashed access code or access code, the receiving device 112 may transmit the hashed access code to the decryption module 133.) [High, para.0033, Note: implies the access code is in the memory of the receiving device i.e. user authentication device]. 

Re Claim 12. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein the proof response is signed using a user authentication device private key (i.e. The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature. The private key and the public key may be generated by the encryption module 131 at the same time. The public key and the private key may be generated along with a generation of the access code, or in response to the ) [High, para.0031].  

Re Claim 15. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises determining that a credential of the proof response satisfies the proof request (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037]. 

Re Claim 16. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises determining wherein the locked space is accessible for a limited time, and when the limited time passes, the private key is no longer valid to gain access to locked space) [High, claim 3].
 
Re Claim 17. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises determining that a credential comprises a valid signature associated with the user (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037].   

Re Claim 18. High in view of Ebrahimi discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises determining that a credential is not revoked (i.e. The computing system 120 can treat the hashed access code as one cryptocurrency unit, and when the hashed access code is sent to the computing system 120, the lone cryptocurrency unit is spent. Any attempt to resend the hashed ) [High, para.0033].  

Re Claim 19. High in view of Ebrahimi discloses the system of claim 18, High further discloses: wherein determining that the credential of the proof response is not revoked comprises querying a revocation registry of a distributed ledger (i.e. a new transaction may be generated on the blockchain that the receiving device gained access to the locked space on the blockchain using the private key. This may prevent the receiving device 112 from using the same hashed code than once in situations where access may be granted for a single time only. The computing system 120 can treat the hashed access code as one cryptocurrency unit, and when the hashed access code is sent to the computing system 120, the lone cryptocurrency unit is spent. Any attempt to resend the hashed access code will not be successful in gaining access because the computing system 120 will access the blockchain, which by virtue of the distributed ledger, will not issue a consensus that the receiving device 112 has a remaining cryptocurrency to spend on gaining access to a particular locked space) [High, para.0033].      
  
Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Ebrahimi et al (US Pub.No.2017/0257358) and further in view of Roth et al (US Patent No.9,374,368).

Re Claim 5. High in view of Ebrahimi discloses the system of claim 1, High in view of Ebrahimi does not explicitly disclose whereas Roth discloses: wherein the login response is validated using a password hash checking (i.e. When a passcode of an identity (e.g., user) is provided for verification (i.e., when a purported passcode is provided), a reference hash (generally, “reference value”) of the passcode may be calculated based at least in part on the passcode and the hardware secret. The calculated reference hash may be compared to a stored passcode hash in the database. If the calculated reference hash matches the stored passcode hash, the received passcode may be considered to be verified and a system relying on such verification may operate accordingly) [Roth, col.2, see also col.6-7].   
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi with Roth because the hardware secret, as noted, may be secret information that is securely maintained and used for calculating password hashes. The hardware secret may be configured such that the hardware secret has a value from a set of values that has a specified size. For example, the size of the set may be configured such that the cardinality of the set is larger than the cardinality of a set of possible passcode values. Generally, the size of the set may be selected to prevent cryptographic attacks [Roth, Col.2].

Re Claim 6. High in view of Ebrahimi and Roth discloses the system of claim 5, Roth further discloses: wherein the password hash checking comprises a bcrypt algorithm or an argon2 algorithm (i.e. Other example password hashes include password based key derivation functions (PBKDFs) such as PBKDF2 and Bcrypt.) [Roth, col.6, last paragraph].  
	The same motivation to modify with Roth, as in claim 5, applies.

Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Ebrahimi et al (US Pub.No.2017/0257358) and further in view of Lu (US Pub.No.2017/0180128).

Re Claim 13. High in view of Ebrahimi discloses the system of claim 12, High in view of Ebrahimi does not explicitly disclose whereas Lu does: wherein the private key is decrypted using a mobile encryption key (i.e. the user device may comprise a request agent similar to the one described above and a ciphering agent configured to generate a secret key and to generate an encrypted identity by encrypting the received user's trusted identity with the generated secret key. The ciphering agent is also configured to generate an encrypted key e_K by encrypting the secret key K using a key encryption key) [Lu, para.0076, note: decryption is implied].  
there is a need to develop new methods and devices allowing to prevent several people from claiming a same trusted identity [Lu, para.0003].

Re Claim 14. High in view of Ebrahimi and Lu discloses the system of claim 13, Ebrahimi further discloses: wherein the mobile encryption key is accessed using a biometric or a PIN (i.e. The second device 11 is configured to sign the hash value with a private key of the user e.g., producing <signed.hash.userdata>. The signature process may be authorized by the user for example using TouchID) [Ebrahimi, para.0074, see also 0098, Note: signature with an encryption key being authorized only using a TouchID biometric discloses the claimed features].  
The motivation to modify with Ebrahimi, as in claim 1, applies.



Pertinent prior art made of record but not relied upon includes:
Eberwine et al (US Pub.No.2015/0350913) describes a method for credential management that includes inputting a master key and a mobile device identifier into a diversification algorithm to generate a diversification key, the mobile device identifier including information that identifies a mobile device. Further, a control system payload is 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285. The examiner can normally be reached Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-





/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434