DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 1 is objected to because of the following informalities:  
Claim 1, line 2, “allowing is subject to register”, should read, “allowing a subject to register”.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Sundaresan et al. (US 2020/0259656 A1), hereinafter, “Sundaresan” in view of Ebrahimi et al. (US 2019/0182042 A1), hereinafter, “Ebrahimi” and further in view of van der Rijn (US 2008/0201575 A1), hereinafter, “Rijn”.
Regarding Claim 1, Sundaresan discloses a method of storing personally identifiable information comprising: 
allowing is subject to register with an application (See, Paragraph 0025, “The first step is for the user to download and install the DIM app. Upon first use, the DIM app requires the user to register their biometrics (e.g. fingerprints) and/or a PIN code, which is required to subsequently unlock the DIM app for any use”); 
generating a private encryption key and a public encryption key for said subject (See, Paragraph 0025, “Next, the DIM app generates a Public-Key Private-Key pair (the “Credentials”) using the cryptographic processor on the device, which serve as the foundation for the user's digital identity.”); 
receiving at the application a digital identity from said registrar service (See,  Fig. 4, “Identity token” and Paragraph 0026, “digital Identity Tokens are associated with the Public Key of the user's Credentials. In one embodiment, Identity Tokens can be from any “Identity Authority”. For example, an authority such as a DMV (Department of Motor Vehicles) may generate and sign Identity Tokens that reference the Public Key of the user's Credentials and securely attest to all the information in the user's physical driver's license (e.g. first name, last name, address, date of birth, id #, photo etc.)”); 
creating a document and associating said document with said digital identity (See, Paragraph 0035, “the Blockchain is used to maintain the Credential Revocation 
storing said document in a ledger (See, Paragraph 0035, “the Blockchain is used to maintain the Credential Revocation List (CRL) and Identity Token Revocation list (ITRL)”): 
storing said private key and said public key in a key management system (Paragraph 0018, “the Digital Identity Management application creates user Credentials by utilizing a trusted execution environment (TEE) of the electronic device, preventing the private-key from being extracted from the TEE. Also, the Digital Identity Management application protects access to the Private Key of the user Credential by requiring an user biometric, and only after unlocking the digital identity application is the Private Key available for executing cryptographic operations”)
Sundaresan does not explicitly disclose allocating storage in a repository controlled by a subject of said personally identifiable information, receiving said personally identifiable information from an originating entity; validating said personally identifiable information, applying a one-directional validation hash to said personally identifiable information to produce hashed personally identifiable information and storing said personally identifiable information in said repository.
Ebrahimi discloses allocating storage in a repository controlled by a subject of said personally identifiable information (See, Fig. 1B and Paragraph 0041, “During the 
receiving said personally identifiable information from an originating entity; validating said personally identifiable information (See, Paragraph 0103, “Embodiments provide means to collect a verified email address from the user and also for validating the email address. In particular, one method of validating an email address is for the user to send an email via his/her App, in accordance with one embodiment of the present disclosure. The App invokes the email App on the device and prefills the following email fields: [0104] Subject line: identifies the request to register the user's email address [0105] Body: includes Hash (ID) and user's registered ShoCardID. [0106] Recipient “To” Email Address: service provider's listening email address”); 
applying a one-directional validation hash to said personally identifiable information to produce hashed personally identifiable information (See, Paragraph 0119, “After the validation of the user's email or the validation of the users' phone number, the server holds the clear text values of the email address or phone number, respectively. If the service provider wants to protect against hackers who may break into its data warehouse, it's critical that the server not store a clear text copy of the value on disk. Therefore, for all methods used to collect and validate the user's email address and phone number, embodiments provide means to obfuscates the user's email and 
storing said personally identifiable information in said repository (See, Paragraph 0041, “In addition to encrypted data 132, data storage 130 also stores hashed identity factors 131, encrypted handles/keys 133, and optionally an encrypted image of the corresponding user that is used during a facial recognition process”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to allocate, in the system of Sundaresan, storage in a repository controlled by a subject of said personally identifiable information, receiving said personally identifiable information from an originating entity; validating said personally identifiable information, applying a one-directional validation hash to said personally identifiable information to produce hashed personally identifiable information and storing said personally identifiable information in said repository as taught by Ebrahimi in order to “provide for the secure storage of data and for the recovery of that data after recovery of the split-key and/or other handles/keys” (See, Ebrahimi, Paragraph 0037).
Sundaresan does not explicitly disclose issuing from said application said public key to a registrar service.

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to issue, in the system of Sundaresan, a public key to a registrar service as taught by Rijn so that the identity token could be generated by including the public key since digital Identity Tokens are associated with the Public Key of the user's Credentials as already taught by Sundaresan (See, Sundaresan, Paragraph 0026).

Conclusion




Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOGESH PALIWAL whose telephone number is (571)270-1807. The examiner can normally be reached M-F 9:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/YOGESH PALIWAL/Primary Examiner, Art Unit 2435