DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-3,9-10, 13-15 were amended, claims 1-15 are pending.
Claims rejection under 35 USC 101 and 112 second were withdrawn due to applicant amendments.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. 201841009595PS and 201841009595CS filed on 15/03/2018 and 01/11/2019 respectively.
Response to Arguments
Applicant’s arguments with respect to claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 9 -12 are rejected under 35 U.S.C. 103 as being unpatentable over COSTA FAIDELLA et al(US 20170177855 A1:IDS supplied, hereafter “Costa”) in view of Donnell et al(WO 2014165431 A1).

With regards claim 1, Costa discloses, An apparatus for managing user authentication in a blockchain network, the apparatus comprising a hardware processor configured to:
 transmit, to a server ([0049] The identity provider systems, restricted access systems, and identity user systems may interface with the integrated identity system to request, receive, or otherwise engage identity services, etc. For example, the identity provider systems 28 may generate identities for individuals, and provide identity data to the integrated identity system 24 representing the generated identities. [0066] ), a request for a snapshot identifier (ID) with user data comprising at least one of one-time password, biometric data, context data, routine data, or device metadata ([0085] At step 904, identity data associated with the identity generated by the identity provider may be received. The identity data may have been validated during an identity creation process conducted by the identity provider to generate the identity by the identity provider. The identity data may include one or more pieces of data identifying the individual, such as at least one of:…. a representation of a biometric trait of an individual, such as a picture of the individual, a representation of a fingerprint, a representation of a facial pattern, a representation of an iris pattern, a representation of a retina pattern, a representation of a voice, a representation of a deoxyribonucleic acid (DNA) pattern, etc[0087]; The call to the identity data creation function may include as an input to the function an identifier 
 receive the snapshot ID generated based on the user data ([0087]; The call to the identity data creation function may include as an input to the function an identifier representing the identity data. The identifier may include a cryptographically encoded version of the received identity data. For example, the identifier may include the received identity data cryptographically encoded using one or more cryptographic hash functions, such as one or more of variants of the secure hash algorithm 2 (SHA-2), variants of the secure hash algorithm 3 (SHA-3), etc.; FIG 7 1704 and associated text; );
initiate a transaction with the snapshot ID in the blockchain network comprising a blockchain server which authenticates the snapshot ID (FIG 9 906-908 and associated text;); and 
output blockchain transaction data associated with the transaction based on the authentication of the snapshot ID ([0090] At step 912, an identity token corresponding to the identity created within the integrated identity system 24 may be generated. The identity token may be distributed to the individual for presentation at a restricted access system 36 to invoke their identity. The identity token may include one or more components to trigger one or more identity verification functions. For example, the identity token components may include the identifier representing the received identity data stored on the blockchain, which may be used during a verification process to invoke an identity verification function, such as of the identity services contract.). 



Costa does not exclusively but Donnell teaches,  
a processor configured to transmit, to a server, a request for a snapshot identifier (ID) with user data comprising context data comprising a still picture or a moving picture and at least one of one-time password, biometric data, context data, routine data, or device metadata (page 2 first para ; create a login token in response to a user authentication request originating from a client browser; send a web address containing the login token to the relying party server; receive and authenticate a plurality of actions from the client browser regarding the picture password proof of knowledge of the image; generate and send an authentication token to the client browser responsive to the received and authenticated actions; page 7 last para; The user is prompted, at 22, to upload or select an image to use as their Picture Password image as is shown in Figure 2. The user then performs his her desired actions, at 24, and saves them. After saving, the user is prompted, at 26, to complete multiple practice rounds (e.g., without limitation, some with assistance; some without) to ensure they can repeat their sequence of actions properly. After successful practices are completed and the user is satisfied with the password he/she has created, the action sequence is hashed, at 28, and sent to the PPS 6. Note: client send login token request to server, server create token by hashing  actions with the picture  )
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Costa’s device/method with teaching of Donnell in order to improve authentication technique providing a picture password proof of knowledge (Donnell Page 1)

With regards to claim 3, Costa further discloses, wherein the authenticating of the snapshot ID comprises authenticating the transaction ID with a new snapshot ID announced by the server ([0111] At step 1710, the determined physical trait may be verified against the individual presenting the identity token to invoke the identity. The physical trait may be verified against the individual presenting the identity token to provide a second factor of the multifactor identity verification. The physical trait may be verified against the individual using a variety of methods, including one or more of visual comparison by personnel of the third party operating the restricted access system, automated comparison by a biometric feature scanning and comparison apparatus, etc. Note: Server compare new scanned id with stored id).

With regards to claim 4, Costa further discloses, wherein the processor is further configured to broadcast the transaction with the snapshot ID in the blockchain network (FIG 12 1208  and associated text;).

With regards to claim 5, Costa further discloses, wherein the biometric data comprises at least one of user's fingerprint data, user's veins data, user's face recognition data, user's palm printing data, user' iris data, or user's voice data ([0085]; The identity data may include one or more pieces of data identifying the individual, such as at least one of: a name of the individual, such as an actual name of the individual, a user name of the individual, etc.; an identification number of the identity of the individual, such as a social security number, a driver's license number, a passport number, etc.; an 

With regards to claim 9 Costa discloses, An apparatus for authentication in a blockchain network, the apparatus comprising a hardware processor configured to: 
receive, from a user device, a request for a snapshot identifier(ID) and user data ([0049] The identity provider systems, restricted access systems, and identity user systems may interface with the integrated identity system to request, receive, or otherwise engage identity services, etc. For example, the identity provider systems 28 may generate identities for individuals, and provide identity data to the integrated identity system 24 representing the generated identities. [0066]) comprising at least one of one-time password, biometric data, IoT routine data, or device metadata ([0085] At step 904, identity data associated with the identity generated by the identity provider may be received. The identity data may have been validated during an identity creation process conducted by the identity provider to generate the identity by the identity provider. The identity data may include one or more pieces of data identifying the individual, such as at least one of:…. a representation of a biometric trait of an individual, such as a picture of the individual, a representation of a fingerprint, a representation of a facial pattern, a representation of an iris pattern, a representation of a retina pattern, a representation of 
generate the snapshot ID based on the received user data ([0087]; The call to the identity data creation function may include as an input to the function an identifier representing the identity data. The identifier may include a cryptographically encoded version of the received identity data. For example, the identifier may include the received identity data cryptographically encoded using one or more cryptographic hash functions, such as one or more of variants of the secure hash algorithm 2 (SHA-2), variants of the secure hash algorithm 3 (SHA-3), etc.); 
transmit the generated snapshot ID to the user device (FIG 7 1704 and associated text;); and 
broadcast the snapshot ID to a blockchain server for authentication (FIG 9 906-908 and associated text;). 
Costa does not exclusively but Donnell teaches,  
Receive from a user, a request for a snapshot identifier (ID) with user data comprising context data comprising a still picture or a moving picture and at least one of one-time password, biometric data,  routine data, or device metadata (page 2 first para ; create a login token in response to a user authentication request originating from a client browser; send a web address containing the login token to the relying party server; receive and authenticate a plurality of actions from the client browser regarding the picture password proof of knowledge of the image; generate and send an authentication token to the client browser responsive to the received and authenticated actions; page 7 last para; The user is prompted, at 22, to upload or select an image to use as their Picture Password image as is shown in Figure 2. The user then performs his her desired actions, at 24, and saves them. After saving, the user is prompted, at 26, to complete multiple practice rounds (e.g., without limitation, some with assistance; some without) to ensure they can repeat their sequence of actions properly. After successful practices are completed and the user is satisfied with the password he/she has created, the action sequence is hashed, at 28, and sent to the PPS 6. Note: client send login token request to server, server create token by hashing  actions with the picture  )
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Costa’s device/method with teaching of Donnell in order to improve authentication technique providing a picture password proof of knowledge (Donnell Page 1)

With regards to claim 10, Costa further discloses, wherein the processor is further configured to verify the user data based on the request (FIG 17 1704-1706 and associated text; ), and wherein the generating of the snapshot ID comprises generating the snapshot ID based on the verifying the user data ([0085] At step 904, identity data associated with the identity generated by the identity provider may be received. The identity data may have been validated during an identity creation process conducted by the identity provider to generate the identity by the identity provider. The identity data may include one or more pieces of data identifying the individual, such as at least one of:…. a representation of a biometric trait of an individual, such as a picture of 

With regards to claim 11, Costa further discloses, wherein the verifying of the user data comprises checking an identity of the user device based on the user data (FIG 17 1712 and associated text; ).

With regards to claim 12, Costa further discloses, wherein the broadcasting of the snapshot ID comprises broadcasting the snapshot ID with the user data to the blockchain server for the authentication (FIG 12 1204-1208 and associated text;).


Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over COSTA FAIDELLA et al(US 20170177855 A1:IDS supplied, hereafter “Costa”).

With regards to claim 13, Costa discloses, An apparatus for authentication in a blockchain network, the apparatus comprising a hardware processor configured to: 
receive a first snapshot ID included a blockchain transaction data from a user device ([0108] At step 1704 presentation of an identity token may be received by the restricted access system 36 from an individual seeking to invoke the identity to access the restricted access system 36.; ); 
transmit a request for a second snapshot ID to a ledger in the blockchain network ([0119] At step 1910, it may be determined whether a blockchain of the identity element repository contains a data structure having the identifier of the identity, such as by searching the data structures of the blockchain, invoking an identity verification function 112 of the identity services contract, or generating one or more transactions to invoke the identity verification function of the identity services contract. Alternatively, in embodiments invoking the identity verification function may require a transaction to the blockchain. In such embodiments, to invoke the identity data verification function, a transaction including a call to invoke the function may be generated. The call to the identity verification function may include as an input to the function the representation of the validated identity data of the identity stored on the blockchain, such as the validated identity data cryptographically encoded using one or more hash functions [0117] At step 1906, one or more components of the identity token may be extracted. The extracted components may include one or more of the identifier of the identity, the digital signature of the identity provider, the indication of the identity of the identity provider,); 
receive the second snapshot ID from the ledger ([0121] At step 1914, a verification and/or status of the identity in the distributed identity element repository may be received. A result of step 1910 may include whether the identifier representing the identity data input to the function call exists on the blockchain. If the identifier representing the identity data does not exist on the blockchain, the function may return that identity is invalid. If the identifier does exist on the blockchain, the function may return an indication of the validity of the identity.); and 
determine whether the first snapshot ID corresponds to the second snapshot ID ([0121] At step 1914, a verification and/or status of the identity in the distributed identity element repository may be received. A result of step 1910 may include whether the identifier representing the identity data input to the function call exists on the blockchain. If the identifier representing the identity data does not exist on the blockchain, the function may return that identity is invalid. If the identifier does exist on the blockchain, the function may return an indication of the validity of the identity.); and authenticate the first snapshot ID based on the determination (FIG 17 step 1712 and associated text; ). 
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify a particular embodiment of Costa with teaching of other embodiments in order to increase security and efficiency (Costa [0008])

With regards to claim 14, Costa further discloses, wherein the processor is further configured to check whether the second snapshot ID is available due to a previous broadcasting of the second snapshot ID by the ledger ([0109] The identity associated with the identity token may be verified to provide a first factor of the multifactor identity verification. The identity verification may include determining whether the identifier associated with the identity is stored on the blockchain, such as by searching the blockchain for the identifier or invoking an identity data verification function of the identity services contract, e.g., as discussed further below in regard to FIG. 19.)

wherein the processor is further configured to transmit an approval notification of a blockchain transaction based on the authentication (FIG 19 1914  and associated text; ).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over COSTA FAIDELLA et al(US 20170177855 A1:IDS supplied, hereafter “Costa”) in view of Donnell et al(WO 2014165431 A1) and further  in view of Liu(US 10116649 B2).

With regards to claim 2 Costa discloses, generation of Snapshot ID([0087]; The call to the identity data creation function may include as an input to the function an identifier representing the identity data. The identifier may include a cryptographically encoded version of the received identity data. For example, the identifier may include the received identity data cryptographically encoded using one or more cryptographic hash functions, such as one or more of variants of the secure hash algorithm 2 (SHA-2), variants of the secure hash algorithm 3 (SHA-3), etc) 
However, Costa in view of Donnell do not but Liu teaches,  wherein the processor is further configured to check whether the token is available for the transaction, and wherein the transmitting of the request for the token comprises transmitting the request for the token based on the checking (FIG 2 S240 with NO and associated text; ) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Costa in view of Donnell’s system with teaching of Liu in order to increase security .

Claim 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over COSTA FAIDELLA et al(US 20170177855 A1:IDS supplied, hereafter “Costa”) in view of Donnell et al(WO 2014165431 A1) and further  in view of EDLELSTEIN et al(US 10116649 B2, hereafter “Edelstein”).

With regards to claim 6, Costa in view of Donnell do not but Edelstein teaches, wherein the context data comprises at least one of a still picture, a moving picture, usage pattern data of the apparatus, or applications usage pattern data of the apparatus (Edelstein [0019]; In some examples, the storage device 122 may include a metadata manager 124 that can detect metadata corresponding to a user of a mobile device, wherein the metadata comprises a call history from the mobile device. The metadata can also include additional information such as a browsing history for a user of a mobile device, location history for a mobile device, sensor data from the mobile device, data from communications initiated from other programs or applications on the mobile device, and the like).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Costa in view of Donnell’s system with teaching of Edelstein in order to  authenticating transactions based on metadata from a mobile device ([0001]).

With regards to claim 7, Costa in view of Donnell and Edelstein teaches, wherein the routine data comprises at least one of user's life routine information regarding a route of the user in a predetermined area , patterns of operating user device in a predetermined sequence (Edelstein [0019]; In some examples, the storage device 122 may include a metadata manager 124 that can detect metadata corresponding to a user of a mobile  location history for a mobile device, sensor data from the mobile device, data from communications initiated from other programs or applications on the mobile device, and the like. ). Motivation would be same as stated in claim 6. 

With regards to claim 8, Costa in view of Donnell and Edelstein teaches, wherein the device metadata comprises at least one of call history data, history data of emails, subscription to service history data, online shopping pattern data, or an unlock pattern data of the apparatus (Edelstein [0013] The embodiments described herein include techniques for authenticating transactions. In some examples, a device can detect metadata corresponding to a user of a mobile device, wherein the metadata comprises a call history from the mobile device. ). Motivation would be same as stated in claim 6.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498