DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 07/26/2021.
Claims 1, 4, 5, 11-13, 15, and 19 are amended.
Claim 14 is cancelled. 
Claim 22 is new.
Claims 1-13, and 15-22 are pending.
Claims 1-13, and 15-22 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant's arguments filed 07/26/2021 have been fully considered but they are not persuasive. 
The claims were reviewed by the art unit TQAS for both 101 and 103. The conclusion was a maintenance of the 101 and 103 rejections. 
101
The claim does currently recite a potential additional element, but the element does not integrate the judicial exception into a practical application. 
The limitation “linking the source web site for obtaining a value for the first attribute to the new receiving web site to receive the value as a new consuming entity for the first attribute in the attribute map record for the person” has been identified as an additional element. 
According to the specification(¶ 60, 98, 99, 141, 185), “For example, the person may consent to the PHI system to provide the 5 identity attributes, such as first name, last name, date of birth, gender and zip code to OneStop, PHI system may also provide the LOA based on its record of the user's identity proofing in the PHI system… At step 530, the OneStop identity center 142 may send a credential request to the credential exchange 146. The credential request includes, for example, the GUID of the end user 110, and the LOA that the trusted application 110 requires. At step 540, upon receipt of the GUID and the credential request, the credential exchange 146 look up available qualifying credentials for the end user 110 based on the GUID and the LOA…. With the present teaching, the user may simply consent the sharing of these attributes from Rcopia to EPCS through OneStop.” The proposed limitation of “linking” the websites is the sending of information between the two websites and OneStop acting as the middleman. This element amounts to the sending of information and there is no integration of the abstract idea into a practical application, additionally, there appears  to  not be an actual step of “linking” the websites, just the transfer of information. 
Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 134 S.Ct. at 2356 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)). 
112
Due to Applicant’s amendments, previous claim interpretation and rejections have been withdrawn.
103
The combination of prior art teaches the newly amended claims. 
In particular, Bakshi discloses storing an attribute map, the attribute map having a plurality of attribute map records, each attribute map record identifying a respective person, a plurality of attributes that are verified to be associated with the respective person, a name for each of the plurality of attributes, a source web site for obtaining a value for each of the plurality of attributes for the respective person, and a list of one or more receiving web sites linked to the source web site as consuming entities for receiving the value(Table 1-3; ¶ 13, 25-31, 52, 96, 110-117, 120-128, 147)
Bakshi - In step 1006, the enroll object stores the policy and credentials (or templates) in the database of authentication server 202. The flowchart in FIG. 10 ends at this point….  It is the function of user management component 207 to maintain a central data center that stores and manages (and thus reuses) user credentials for authentication to potentially unrelated online accounts provided by web/application servers 214…. Finally, the filter interacts with a server containing the requested information (e.g., a web or application server that hosts the application that the user is requesting information from) once the user is authenticated by the authentication server….  The server side components include an authentication server, wherein said authentication server stores therein data related to a plurality of users and at least one policy that the user is associated with, said policy defining an authentication level, said authentication level defining a probability that the user is authorized to access the requested information…The present invention assigns an ID to each user that uniquely identifies the user. In an embodiment of the present invention, this ID is a Globally Unique ID (or GUID) which uniquely identifies the user to the present invention. For example, assume a user “John Smith' has an account with several different web applications including tradeonline.com for his day trading, drugonline.com for filling his medical prescriptions, and bankonline.com for his banking needs… A server, when returning an HTTP object to a user, may also send a piece of state information which the user will store. Included in that state object is a description of the range of URLs for which that state is valid. Any future HTTP requests made by the user which fall in that range will include a transmittal of the current value of the state object from the user back to the server….  Filter 206 may also be used with application servers including, but not limited to, BEA WebLogic, SilverStream Application Server, Oracle AppServer, Sun NetDynamics, Microsoft Site Server, etc., to provide authentication services for web applications including online banking, online stock trading, and so forth... The user's online accounts may be provided by the same web/application server 214 or different web/application servers 214… In step 1506, user management component 207 stores the received user credentials and desired polices in a central location. The database of authentication server 202 may act as the central location or data center for the user management function of the present invention. How the present invention may organize data in a central data center so as to tie a single user to multiple unrelated web applications… In step 1308, the user management component 207 indicates to authentication server 202 which policy to use when attempting to authenticate the user to the online account or web application.  (¶ 13, 25, 26, 96, 110, 115, 117, 119, 120, 125, 128)

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-13, and 15-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. As described below, the claim(s) are/is directed to abstract idea(s), but there are no additional elements of the claim(s) that add sufficiently more to the abstract idea(s) to be permissible under 35 U.S.C. 101.

Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (101 Analysis: Step 1). Even if the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (101 Analysis: Step 2a(Prong 1), and if so, Identify whether there are any additional elements recited in the claim beyond the judicial exception(s), and evaluate those additional elements to determine whether they integrate the exception into a practical application of the exception. (101 Analysis: Step 2a (Prong 2). If additional element does not integrate the exception into a practical application of the exception, claim still requires an evaluation of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. If the claim as a whole amounts to significantly more than the exception itself (there is an inventive concept in the claim), the claim is eligible. If the claim as a whole does not amount to significantly more (there is no inventive concept in the claim), the claim is ineligible. (101 Analysis: Step 2b). 
The 2019 PEG explains that the abstract idea exception includes the following groupings of subject matter: a) Mathematical concepts b) Certain methods of organizing human activity and c) Mental processes.

Analysis
In the instant case, claim 1 is directed to a method and claim 15 is directed to an article of manufacture.

101 Analysis: Step 2a (Prong 1) – Identifying an Abstract Idea
The claims recite the steps of “storing an attribute map… receiving, via a user interface, a selection …; receiving, via the user interface, a new receiving website …; authenticating an identity…; linking the source website… to the new receiving website… obtaining the value…; verifying the value … and propagating the value …” The claim is directed towards the abstract idea of organizing human activity, in this case, managing interactions in authenticating a user in order to share information.  

101 Analysis: Step 2a (Prong 2) – Identifying a Practical Application
The claim does currently recite a potential additional element, but the element does not integrate the judicial exception into a practical application. 
The limitation “linking the source web site for obtaining a value for the first attribute to the new receiving web site to receive the value as a new consuming entity for the first attribute in the attribute map record for the person” has been identified as an additional element. 
According to the specification(¶ 60, 98, 99, 141, 185), “For example, the person may consent to the PHI system to provide the 5 identity attributes, such as first name, last name, date of birth, gender and zip code to OneStop, PHI system may also provide the LOA based on its record of the user's identity proofing in the PHI system… At step 530, the OneStop identity center 142 may send a credential request to the credential exchange 146. The credential request includes, for example, the GUID of the end user 110, and the LOA that the trusted application 110 requires. At step 540, upon receipt of the GUID and the credential request, the credential exchange 146 look up available qualifying credentials for the end user 110 based on the GUID and the LOA…. With the present teaching, the user may simply consent the sharing of these attributes from Rcopia to EPCS through OneStop.” The proposed limitation of “linking” the websites is the sending of information between the two websites and OneStop acting as the middleman. This element amounts to the sending of information and there is no integration of the abstract idea into a practical application, additionally, there appears  to  not be an actual step of “linking” the websites, just the transfer of information. 
Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 134 S.Ct. at 2356 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)). 

101 Analysis - Step 2b
Viewed as a whole, instructions/method claims simply recite the concept of organizing human activity as performed by a generic computer. 
The dependent claims are also drawn to the abstract idea of the independent claims.
Claims 2, 3, 5, 6, 9, 10, 16 and 21 are directed towards the authentication limitation and described attribute table of the independent claims.
Claims 4 and 22 are directed towards the propagating limitation of the independent claims.
Claims 7, 8, 11, 12, 13, 17-19 and 18 are directed at managing the user’s account and interaction with the websites, for example authenticating the user and their account
Claim 20 is directed at the receipt of information in an interface

The claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Instead, the claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer.  See Alice Corp. Pty. Ltd., 134 S.Ct. at 2360. Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.

Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment. 
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. 
Dependent claims do not resolve the deficiency of independent claims and accordingly stand rejected under 35 USC 101 based on the same rationale.
Dependent claims 2-13 and 16-22 are also rejected.
 
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-13, and 15-22 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1 and 15 recite “a list of one or more receiving web sites linked to the source web site as consuming entities for receiving the value…linking the source web site for obtaining a value for the first attribute to the new receiving web site to receive the value as a new consuming entity for the first attribute in the attribute map record for the person”. The disclosure (¶ 60, 98, 99, 141, 185) states “The present teaching provides security because it does not expose links or look up mechanism for identity attributes… In this embodiment, the link between the person and the person's identity is managed by an internal ID (GUID) of OneStop, which cannot be used nor understood by any other entity or system… The credential exchange 146 in this embodiment provides no link to the person, or the person's identity information/attributes. Such implementation separates identity proofing process from the identity binding process… In one embodiment of the present teaching, the credential exchange 146 may provide a link through the OneStop user interface to an xFA client application so that the end user 110 may be enabled to establish a secure channel with the xFA credential service provider…  The doctor has provided Rcopia with information/attributes relate to his medical training upon registering to the Rcopia application. The same list of attributes will be needed for a new EPCS application, where the doctor may prescribe controlled substances. With the present teaching, the user may simply consent the sharing of these attributes from Rcopia to EPCS through OneStop.” There is no explanation of “linking” websites.” The disclosure explicitly teaches away from linking for  credential exchange of user’s information; “the credential exchange 146 in this embodiment provides no link to the person, or the person's identity information/attributes… The present teaching provides security because it does not expose links or look up mechanism for identity attributes”. The source entity and receiving entity never have a link as the disclosure states information is transmitted through OneStop. The websites are never linked. Therefore, the disclosure does not provide support for  linked websites or linking the source web site for obtaining a value for the first attribute to the new receiving web site to receive the value as a new consuming entity for the first attribute in the attribute map record for the person. Dependent claims 2-13 and 16-22 are rejected.
Claim 9 recites “wherein enabling the online user to login to the first user account at the source web site comprises: creating a login request based on information related to the authenticated online user; submitting the login request to the source web site; and receiving a login response from the source web site”. According to the specification (¶ 110-112, 119, 189, 190), “An existing user of the ABC application may login normally through its conventional user interface, such as, for example, the user interface 210. In other examples of the present teaching, the user interface 210 may include any other login or authentication interfaces that the subject application provides…. the new application may also provide a user interface for the user to login to OneStop at the desired LOA, such as, for example, user interface 220 or 230 as shown in FIG. 2 a and FIG. 2 b. If the user successfully logins to OneStop at the desired LOA at step 920, the OneStop service provider may provide a positive authentication response to the new site at step 950.” The disclosure discusses a user login at OneStop or an application interface. The disclosure does not provide support for a created login request, submitting the request to a source website and receiving a login response from the source website. 
Claim 11 recites “wherein the new receiving web site uses the new value of the first attribute to generate a second user account, the second user account being at the new receiving web site and belonging to the person.” According to the specification (¶ 188-193), “a new trusted application may provide an option for a new user to register to the new trusted application through OneStop. Upon user selection of this option, the new trusted application may send to OneStop its registration requirement, including for example, the overall LOA that the new application requires, a list of attributes with respect to the user that the new application would like to receive from OneStop, …. the new application may enable the user to select a list of new attributes elect to the new application be the source/owner of these attributes at step 960. The new application may also enable the user to provide a list of attribute consumer applications/sites for each new attribute, so that these new attributes or their updates can be shared to the attribute consumer applications/sites, … Finally, if the verification is successful, OneStop may update the attribute map to include the attribute management settings with respect to the new application, ” The disclosure provides for updating the user’s information across entities, there is no discussion of a generated second account. The disclosure does not provide support for the new receiving web site uses the new value of the first attribute to generate a second user account, the second user account being at the new receiving web site and belonging to the person. 

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13, and 15-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1 and 15 recite “a list of one or more receiving web sites linked to the source web site as consuming entities for receiving the value…linking the source web site for obtaining a value for the first attribute to the new receiving web site to receive the value as a new consuming entity for the first attribute in the attribute map record for the person”. Where applicant acts as his or her own lexicographer to specifically define a term of a claim contrary to its ordinary meaning, the written description must clearly redefine the claim term and set forth the uncommon definition so as to put one reasonably skilled in the art on notice that the applicant intended to so redefine that claim term. Process Control Corp. v. HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). The term “link” in the claims is used by the claim to mean two different links. The first appears to refer to an association of information, the “link” being that there is a list that has the source entity and a list of receiving entities associated with the same information. The second appears to refer to a direct channel of information flow between the two different entities. The term is indefinite because the specification does not clearly redefine the term and applicant use of it is inconsistent and makes the claim unclear and indefinite. Dependent claims 2-13 and 16-22 are also rejected.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-13, and 15-22 are rejected under 35 U.S.C. 103 as being unpatentable over Bakshi et al. (2009/0019534) (“Bakshi”), and in view of Obasanjo et al. (2012/0227098) (“Obasanjo”), and further in view of Brickell et al. (2003/0115142) (“Brickell”).
Regarding claims 1 and 15, Bakshi discloses storing an attribute map, the attribute map having a plurality of attribute map records, each attribute map record identifying a respective person, a plurality of attributes that are verified to be associated with the respective person, a name for each of the plurality of attributes, a source web site for obtaining a value for each of the plurality of attributes for the respective person, and a list of one or more receiving web sites linked to the source web site as consuming entities for receiving the value(Table 1-3; ¶ 13, 25-31, 52, 96, 110-117, 120-128, 147)
Bakshi - In step 1006, the enroll object stores the policy and credentials (or templates) in the database of authentication server 202. The flowchart in FIG. 10 ends at this point….  It is the function of user management component 207 to maintain a central data center that stores and manages (and thus reuses) user credentials for authentication to potentially unrelated online accounts provided by web/application servers 214…. Finally, the filter interacts with a server containing the requested information (e.g., a web or application server that hosts the application that the user is requesting information from) once the user is authenticated by the authentication server….  The server side components include an authentication server, wherein said authentication server stores therein data related to a plurality of users and at least one policy that the user is associated with, said policy defining an authentication level, said authentication level defining a probability that the user is authorized to access the requested information…The present invention assigns an ID to each user that uniquely identifies the user. In an embodiment of the present invention, this ID is a Globally Unique ID (or GUID) which uniquely identifies the user to the present invention. For example, assume a user “John Smith' has an account with several different web applications including tradeonline.com for his day trading, drugonline.com for filling his medical prescriptions, and bankonline.com for his banking needs… A server, when returning an HTTP object to a user, may also send a piece of state information which the user will store. Included in that state object is a description of the range of URLs for which that state is valid. Any future HTTP requests made by the user which fall in that range will include a transmittal of the current value of the state object from the user back to the server….  Filter 206 may also be used with application servers including, but not limited to, BEA WebLogic, SilverStream Application Server, Oracle AppServer, Sun NetDynamics, Microsoft Site Server, etc., to provide authentication services for web applications including online banking, online stock trading, and so forth... The user's online accounts may be provided by the same web/application server 214 or different web/application servers 214… In step 1506, user management component 207 stores the received user credentials and desired polices in a central location. The database of authentication server 202 may act as the central location or data center for the user management function of the present invention. How the present invention may organize data in a central data center so as to tie a single user to multiple unrelated web applications… In step 1308, the user management component 207 indicates to authentication server 202 which policy to use when attempting to authenticate the user to the online account or web application.  (¶ 13, 25, 26, 96, 110, 115, 117, 119, 120, 125, 128)


    PNG
    media_image1.png
    272
    681
    media_image1.png
    Greyscale
 
receiving, via a user interface, a selection of a first attribute in the plurality of attributes,  the plurality of attributes being obtained from an attribute map record associated with the person from the attribute map (Figure 10, 15; ¶ 52, 99, 109-119)
Bakshi - In step 1004, based on the created policy, the enroll object requests the necessary credentials from the user to be stored as a template. ..The enroll object is the counterpart of the authentication object described above, in that it implements the logic for and drives the message exchange with authentication control component 208 (through the enroll application). A new instance of the enroll object is also instantiated for each new client session. .. In step 1004, based on the created policy, the enroll object requests the necessary credentials from the user to be stored as a template … In step 1006, the enroll object stores the policy and credentials (or templates) in the database of authentication server 202. (¶ 108, 109)

receiving, via the user interface, a new receiving web site for the first attribute 
(Figure 10, 15; ¶ 52, 99, 109-119,)
Bakshi -  if the user is looking for an online banking application/provider and is concerned with protecting his or her confidential account information, the user may actually choose his or her online banking provider based on whether the online banking provider utilizes the present invention…. The present invention allows a user to register his or her credentials once with the present invention. The present invention then reuses the user's credentials to authenticate the user to access one or more potentially unrelated online accounts provided by web/application servers 214. The present invention also allows the user to determine which policy and types of identification devices should be used to authenticate the user to a particular user online account provided by web/application server 214… the user management component 207 receives the user's desired polices for each of the user's online accounts and user credentials from authentication control component 208… In step 1302, the user management component 207 receives the username for the web application or online account the user is attempting to access. Again, this username is unique to the user with regard to the particular web application  (¶ 113, 114, 118)

authenticating an identity of the person using level of protection for authentication to enable sharing of the first attribute with the new receiving web site (Figure 11; ¶ 115-120):
Bakshi -The present invention allows users to define the level of protection of access to their online accounts. The present invention then reuses those credentials to authenticate the user to one or more potentially unrelated online accounts. (¶ 115)

responsive to authenticating the identity of the person, linking the source web site for obtaining a value for the first attribute to the new receiving web site to receive the value as a new consuming entity for the first attribute in the attribute map record for the person(Figure 10; ¶ 95, 99, 109, 110-124); Page 3Application Number: 14/638,553Docket No.: 0130-008001
Claim Interpretation- The specification(¶ 81, 130, 148) states “The present teaching provides security because it does not expose links or look up mechanism for identity attributes… In this embodiment, the link between the person and the person's identity is managed by an internal ID (GUID) of OneStop, which cannot be used nor understood by any other entity or system… The credential exchange 146 in this embodiment provides no link to the person, or the person's identity information/attributes. Such implementation separates identity proofing process from the identity binding process… In one embodiment of the present teaching, the credential exchange 146 may provide a link through the OneStop user interface to an xFA client application so that the end user 110 may be enabled to establish a secure channel with the xFA credential service provider.” There is no explanation of “linking” websites. For the purpose of claim interpretation, this will be understood to mean the “server” acts as a link or central database for source and receiving entities. 
Bakshi - user management component 207 stores the received user credentials and desired polices in a central location. The database of authentication server 202 may act as the central location or data center for the user management function of the present invention. ( ¶ 119)

obtaining the value for the first attribute from the source web site(Figure 11, 14; ¶ 120-125, 154-156, 171)
Bakshi -Once filter 206 receives the “username filter 206 then sends a request to authentication server 202 (via communication components 204) to retrieve the “username’ policy and templates (or credentials) stored in its database, as shown by flow line 1104. (¶ 155)

verifying the value for the first attribute; and (Figure 11, 14; ¶ 120-129, 154-156, 171)
Bakshi -  the user management component 207 maps the username to the user's GUID of the present invention. Again, this may be done by utilizing a table such as Table 1 above…  the user management component 207 maps the user's GUID to the user's policy (or policy object) of the present invention.   (¶ 126, 127)

responsive to a successful verification of the value, propagating the value for the first attribute from the source web site to the new consuming entity linked in the attribute map record(Figure 11, 14; ¶ 117, 120-129, 154-171)
Bakshi -  Once authentication server is able to execute the user's policy and determines whether the user has been authenticated, communication components 204 forwards the result to filter 206, as shown by flow line 1114. Here, if the user has been authenticated, then filter 206 interacts with web/application server 214 to allow the user access to its requested information… The user can use the web application or web site for the duration of that session (i.e., until the user closes web browser 212). Thus, filter 206 either allows or denies the user access to the requested information, as shown by flow line 1116. (¶ 160, 161)

Bakshi does not disclose the user interface configured to display the plurality of attributes that are verified to be associated with a person.
Obasanjo teaches the user interface configured to display the plurality of attributes that are verified to be associated with a person (Figure 1; ¶ 17, 19, 45)
Obasanjo states - a login dialog user interface (UI) may be provided for the user to log in (e.g., with a username and password associated with their online ID). In this example, the user log-in component 614 can retrieve the log in information (e.g., and may provide the login UI) and pass it to the user authentication component 504. .. For example, the user may have an online association with a first web-based service. Such as “fabrikam.com'. In this example, the association with the online service 112 can comprise providing an authentication identity 114 when registering with the service 112. Such as by creating a username and associated secret key (e.g., password). Further, the online service 112 may ask the user to include additional security with their online ID. Such as one or more security questions, images, or other forms of security (e.g., encrypted keys). Typically, when the user chooses another online identity 108, 110 to log into a website 102, the website may communicate 116 with the other identity provider, such as the service 112. In this example, contoso.com displays buttons (e.g., 108, 110) that allow the user to select another online identity with which to log in to the site 102. The user can select the fabrikam.com online identity 108, and the website 102 will communicate 116 with fabrikam.com to provide login credentials,  (Figure 1; ¶ 17, 19, 45)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to combine Bakshi (¶ 3-5, 18), which teaches “an Internet provider of information needs to balance adequate confidential information protection with the ease of information access and exchange over the Internet” and Obasanjo (¶ 1-5), which teaches “When connecting to an online service and/or application, a user may be asked to register an identity, which can include user-related information and/or security information used to authenticate the user with the service…one or more techniques and/or systems are disclosed where a user can sign-in to their device (e.g., handheld computer, Smartphone, portable device, lap top, desktop computer, etc.) using a cloud based identity, which may also be used to sign into multiple websites or apps” in order to provide security measures that decrease the chances of a user’s confidential information being accessible over the internet  (Obasanjo; ¶ 1-7).  

Bakshi does not disclose a level of assurance (LOA). Brickell teaches a level of assurance (LOA) (¶ 19, 21-37, 42-44, 52-71)
Brickell -  In another embodiment, the method 600 further comprises storing the portfolio on an authentication server capable of providing the authentication service to the at least one relying party….authenticating, by the authentication system, the at least one user to the at least one relying party. In another embodiment, the at least one relying party is an online pharmacy and the at least one user is a doctor….One aspect of the present invention is a method of syndication 700, comprising: offering an authentication service, the authentication service being capable of authenticating a user identity with a plurality of authentication mechanisms, rendering authentication information to at least one relying party, and dynamically making an authorization decision 702, and distributing the authentication service to at least one authentication system 704….Authentication is the process of authenticating a user 102 and associating a level of assurance with the authentication of the user 102. Authorization is the process of deciding whether to grant a request to a user 102 based on the request of the user 102, the permissions of the user 102, and the level of assurance provided by the authentication…  For example, there might be four levels of identity confirmation associated with the AMA web site as follows: level 1 (a student Internet ID), level 2 (a professional Internet ID), level 3 (a confirmed Internet ID), and level 4 (a notarized Internet ID).  (¶ 19, 52, 58, 59, 65)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to combine Bakshi (¶ 3-5, 18), which teaches “an Internet provider of information needs to balance adequate confidential information protection with the ease of information access and exchange over the Internet”, Obasanjo (¶ 1-5), which teaches “When connecting to an online service and/or application, a user may be asked to register an identity, which can include user-related information and/or security information used to authenticate the user with the service…one or more techniques and/or systems are disclosed where a user can sign-in to their device (e.g., handheld computer, Smartphone, portable device, lap top, desktop computer, etc.) using a cloud based identity, which may also be used to sign into multiple websites or apps” and Brickell(¶ 19), which teaches “authentication is the process of authenticating a user 102 and associating a level of assurance with the authentication of the user 102. Authorization is the process of deciding whether to grant a request to a user 102 based on the request of the user 102, the permissions of the user 102, and the level of assurance provided by the authentication” in order to provide authentication mechanism for information access (Brickell; ¶ 2-6).  
Regarding claims 2 and 16, Obasanjo teaches associating the person with one or more credentials that are verified to be associated with the person, wherein the one or more credentials are used to authenticate whether an online user is the person (¶ 17, 38-40).  
Regarding claim 3, Obasanjo teaches further comprising using  at least one of the one or more credentials to authenticate an online user as the person associated with a user account at the source web site (¶ 17, 27-30, 34, 40).
Regarding claims 4 and 22, Obasanjo teaches wherein propagating the value for the first attribute comprises propagating a new value for the first attribute to both the new receiving web site and a list of previously linked web sites as consuming entities (Figure 1; ¶ 19, 22-26, 32, 35).
Regarding claim 5, Brickell teaches wherein the LOA level is 3 or above (¶ 37, 71).  
Regarding claim 6, Obasanjo teaches wherein the plurality of attributes are identity attributes that include at least: a first name; a last name; a gender; and a postal code (¶ 27-29, 39, 45).  
Regarding claims 7 and 17, Obasanjo teaches linking the person with a user account at a second web site by
Regarding claims 8 and 18, Obasanjo discloses linking the person with a first user account at the source web site by: authenticating an online user to be the person (¶ 17, 19, 23, 28-30, 38-40); enabling the online user, upon the online user being authenticated with success to be the person, to login to the first user account at the source web site (¶ 28, 38); and linking the person with the first user account at the source entity when the login to the first user account at the source web site is successful (¶ 28-31, 38).  
Regarding claim 9, Obasanjo teaches wherein enabling the online user to login to the first user account at the source web site comprises: creating a login request based on information related to the authenticated online user (¶ 32, 38); submitting the login request to the source web site (¶ 32, 38); and receiving a login response from the source web site (¶ 32, 38).  
Regarding claim 10, Obasanjo teaches wherein the information related to the authenticated online user includes information received from the authenticated online user or information provided by an identity center as associated with the person that the online user is authenticated as (¶ 27-30, 38-41). 42 
Regarding claim 11, Obasanjo teaches wherein the new receiving web site uses the new value of the first attribute to generate  a second user account, the second user account being at the new receiving web site and belonging to  the person  (¶ 17-19, 35, 36).
Regarding claims 12 and 19, Obasanjo teaches creating an access token for accessing the first attribute from the source web site (Abstract; ¶ 17- 36); and providing the access token to the new receiving web site (Abstract; ¶ 18, 19, 24, 36, 43). 
Regarding claim 13, Obasanjo teaches receiving, a request from the new receiving web site for the access token (¶ 20-46).    
Regarding claim 20, Obasanjo teaches wherein the user interface is further configured to receive selection of one or more providing the value of the plurality of attributes as a default attribute includes: to be shared with new web sites (¶ 27-30, 45).
Regarding claim 21, Bakshi discloses wherein a second attribute of the plurality of attributes identifies, in an attribute map record, a website hosted by the server as the source web site and wherein the information further causes the server to perform operations including (Table 1-3; ¶ 52, 113, 116-120, 125, 147): receiving an update for a value of the second attribute (Figure 10, 15; ¶ 52, 99, 109-119); determining that a second web site is a receiving web site for the second attribute in the attribute map record; and providing the update for the value to the second web site (¶ 114, 117, 124, 154-156, 171).  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Shinoda (9,183,376) teaches access tokens in request for secure information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094.  The examiner can normally be reached on Monday-Friday 9:00 am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA PATEL can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ILSE I IMMANUEL/Primary Examiner, Art Unit 3685