Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Restriction Requirement
	Applicant elected  Group II, claims 7-13, 20-26 & 33-39 (please see Response to Election/Restriction filed on 01/18/2022)  in response to restriction requirement mailed  on 11/30/2021 and has withdrawn claims 1-6, 14-19 & 27-32. Hence claims 7-13, 20-26 & 33-39 has been examined.
Examiner’s Note
Regarding claim 20, recitation of “ a computer system” and “a relying party; specification identifies computer system as  “computer system 206 is a physical hardware system and includes one or more data processing systems. (please specification paragraph 0051) and defines  “relying party “ as “ as used herein, a "relying party" is an entity that provides a business service to a person, utilizing one or more credentials obtained from an issuer. For example, a relying party may be a government agency, financial institution or prospective employer. actions performed by or directed to a "relying party" are understood to be performed by a relying party-controlled computer system or application running thereon, such as client computer 114”.(please see paragraph 0042).
	Regarding claim 33s recitation of “computer readable storage media”; specification defines “computer readable storage media as physical or tangible storage device rather than a signal (please see paragraph 00165).
Examiner’s Note

The case is now has been placed in allowable condition..
EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email from Brandon Williams (Reg. No.48844 on 3/11/2022.. 
AMENDMENTS TO THE CLAIMS:
          The following listing of claims will replace all prior versions and listings of claims in this application.
`LISTING OF CLAIMS
	
1.	(Cancelled) 
2.	(Cancelled) 
3.	(Cancelled) 
4.	(Cancelled) 
(Cancelled) 
6.	(Cancelled) 
7.	(Currently amended) A method for authenticating a credential of a person, the method comprising:
receiving, by a relying party, an encrypted credential and an encrypted key from the person, wherein the encrypted key is encrypted by a public key associated with an audit engine, and wherein both the encrypted credential and the encrypted key include a digital signature of an issuer of the credential; 
identifying, by the relying party, a decentralized identifier (DID) record for the issuer from a blockchain network, wherein the DID record for the issuer includes a public key of a cryptographic key pair associated with the issuer;
verifying, by the relying party, the digital signature of the issuer based on the public key associated with the issuer;
identifying, by the relying party, the credential by decrypting the encrypted credential based on a private key of a cryptographic key pair associated with an audit engine, wherein the credential references a DID record for the person recorded in the blockchain network, wherein identifying the credential further comprises:
sending, by the relying party, the encrypted key to the audit engine, wherein the audit engine resolves a credential key by decrypting, with the private key associated with the audit engine, the encrypted key, wherein the audit engine is unaware of the person and the credential, and wherein the audit engine generates a record of decrypting the credential key, wherein the record identifies the issuer and the relying party but not the person;
receiving, by the relying party, the credential key from the audit engine; and
resolving, by the relying party, the credential by decrypting, with the credential key, the encrypted credential; and
authenticating, by the relying party, the person based on the DID record for the person, wherein the issuer is unaware of the relying party, and wherein the issuer is unaware of [[a]] the public key of the cryptographic key pair associated with the audit engine that was used to generate the encrypted credential. 

8.	(Original) The method of claim 7, further comprising:
in response to authenticating the person, providing, by the relying party, a business service according to the credential that were identified.
9.	(Canceled).
10.	(Currently amended) The method of claim [[9]] 7, further comprising:
prior to sending the encrypted key to the audit engine, digitally signing, by the relying party with a private key of a cryptographic key pair associated with the relying party, the encrypted key.

11.	(Currently amended) The method of claim [[9]] 7, wherein receiving the encrypted key further comprises:
receiving, by the relying party, a manifest, wherein the manifest includes the encrypted key, an identity of the issuer, and a category for the credential;
and wherein sending the encrypted key further comprises:
sending, by the relying party, the manifest to the audit engine.

12.	(Original) The method of claim 11, further comprising:
receiving, by the relying party, an invoice from the issuer, wherein the invoice is for information provided by the issuer in authenticating the person, wherein the invoice is generated by the issuer based on an audit log received from the audit engine, wherein the audit log provides a record of the manifest received by the audit engine from a relying party.

13.	(Original) The method of claim 7, wherein authenticating the person based on the public key associated with the person further comprises:
identifying, by the relying party, a DID record for the person in the blockchain network, wherein the DID record for the person includes a public key of a cryptographic key pair associated with the person;
sending, by the relying party, a challenge request to the person, wherein the challenge request is generated based on the public key associated with the person; and
receiving, by the relying party, a challenge response from the person, wherein the challenge response successfully authenticates the person, wherein the challenge response is generated based on a private key associated with the person.
14.	(Cancelled)  
15.	(Cancelled) 
16.	(Cancelled) 
17.	(Cancelled) 
18.	(Cancelled)
(Cancelled) 
20.	(Currently amended) A credential management system comprising:
a computer system; and
a relying party in the computer system, wherein the relying party operates to:
receive an encrypted credential and an encrypted key from a person, wherein the encrypted key is encrypted by a public key associated with an audit engine, and wherein both the encrypted credential and the encrypted key include a digital signature of an issuer of credential; 
identify a decentralized identifier (DID) record for the issuer from a blockchain network, wherein the DID record for the issuer includes a public key of a cryptographic key pair associated with the issuer;
verify the digital signature of the issuer based on the public key associated with the issuer;
identify the credential by decrypting the encrypted credential based on a private key of a cryptographic key pair associated with an audit engine, wherein the credential reference a DID record for the person recorded in the blockchain network wherein the credential references a DID record for the person recorded in the blockchain network, wherein identifying the credential further comprises:
sending the encrypted key to the audit engine, wherein the audit engine resolves a credential key by decrypting, with the private key associated with the audit engine, the encrypted key, wherein the audit engine is unaware of the person and the credential, and wherein the audit engine generates a record of decrypting the credential key, wherein the record identifies the issuer and the relying party but not the person;
receiving the credential key from the audit engine; and
resolving the credential by decrypting, with the credential key, the encrypted credential; and
authenticate the person based on the DID record for the person, wherein the issuer is unaware of the relying party, and wherein the issuer is unaware of [[a]] the public key of the cryptographic key pair associated with the audit engine that was used to generate the encrypted credential. 

21.	(Original) The credential management system of claim 20, wherein the relying party further operates to:
in response to authenticating the person, provide a business service according to the credential that were identified.
22.	(Canceled)
23.	(Original) The credential management system of claim 22, further comprising:
prior to sending the encrypted key to the audit engine, digitally signing, with a private key of a cryptographic key pair associated with the relying party, the encrypted key.

24.	(Original) The credential management system of claim 22, wherein receiving the encrypted key further comprises:
receiving a manifest, wherein the manifest includes the encrypted key, an identity of the issuer, and a category for the credential;
and wherein sending the encrypted key further comprises:


25.	(Original) The credential management system of claim 24, wherein the relying party further operates to:
receive an invoice from the issuer, wherein the invoice is for information provided by the issuer in authenticating the person, wherein the invoice is generated by the issuer based on an audit log received from the audit engine, wherein the audit log provides a record of the manifest received by the audit engine from a relying party.

26.	(Original) The credential management system of claim 20, wherein authenticating the person based on the public key associated with the person further comprises:
identifying a DID record for the person in the blockchain network, wherein the DID record for the person includes a public key of a cryptographic key pair associated with the person;
sending a challenge request to the person, wherein the challenge request is generated based on the public key associated with the person; and
receiving a challenge response from the person, wherein the challenge response successfully authenticates the person, wherein the challenge response is generated based on a private key associated with the person.
27.	(Cancelled) 
28.	(Cancelled) 
29.	(Cancelled) 
30.	(Cancelled) 
(Cancelled)   
32     . (Cancelled)  . 
33.	(Currently amended) A computer program product for authenticating a credential of a person, the computer program product comprising:
a computer readable storage media;
program code, stored on the computer readable storage media, for receiving an encrypted credential and an encrypted key from a person, wherein the encrypted key is encrypted by a public key associated with an audit engine, and wherein both the encrypted credential and the encrypted key include a digital signature of an issuer of the credential; 
program code, stored on the computer readable storage media, for identifying a decentralized identifier (DID) record for the issuer from a blockchain network, wherein the DID record for the issuer includes a public key of a cryptographic key pair associated with the issuer;
program code, stored on the computer readable storage media, for verifying digital signature of the issuer based on the public key associated with the issuer;
program code, stored on the computer readable storage media, for identifying credential by decrypting the encrypted credential based on a private key of a cryptographic key pair associated with an audit engine wherein the credential references a DID record for the person recorded in the blockchain network, wherein identifying the credential further comprises:
sending the encrypted key to the audit engine, wherein the audit engine resolves a credential key by decrypting, with the private key associated with the audit engine, the encrypted key, wherein the audit engine is unaware of the person and the credential, and wherein the audit engine generates a record of decrypting the credential key, wherein the record identifies the issuer and the relying party but not the person;
receiving the credential key from the audit engine; and
resolving the credential by decrypting, with the credential key, the encrypted credential; and
program code, stored on the computer readable storage media, for authenticating the person based on the DID record for the person, wherein the issuer is unaware of a relying party, and wherein the issuer is unaware of [[a]] the public key of the cryptographic key pair associated with the audit engine that was used to generate the encrypted credential. 

34.	(Original) The computer program product of claim 33, further comprising:
program code, stored on the computer readable storage media, for providing, in response to authenticating the person, a business service according to the credential that were identified.
35.	(Canceled)
36.	(Original) The computer program product of claim 35, further comprising:
program code, stored on the computer readable storage media, for digitally signing, by the relying party with a private key of a cryptographic key pair associated with the relying party, the encrypted key prior to sending the encrypted key to the audit engine.


program code for receiving a manifest, wherein the manifest includes the encrypted key, an identity of the issuer, and a category for the credential;
and wherein the program code for sending the encrypted key further comprises:
program code for sending the manifest to the audit engine.

38.	(Original) The computer program product of claim 37, further comprising:
program code, stored on the computer readable storage media, for receiving an invoice from the issuer, wherein the invoice is for information provided by the issuer in authenticating the person, wherein the invoice is generated by the issuer based on an audit log received from the audit engine, wherein the audit log provides a record of the manifest received by the audit engine from a relying party.

39.	(Original) The computer program product of claim 33, wherein the program code for authenticating the person based on the public key associated with the person further comprises:
program code for identifying a DID record for the person in the blockchain network, wherein the DID record for the person includes a public key of a cryptographic key pair associated with the person;
program code for sending a challenge request to the person, wherein the challenge request is generated based on the public key associated with the person; and


Allowable Subject Matter
Claims 7-8, 10-13, 20-21, 23-26, 33-34 & 36-39 are allowed.
	  The following is an examiner’s statement of reasons for allowance:
Regarding claims 7 & 20, although the prior art of record teaches receiving, by a relying party, an encrypted credential and an encrypted key from the person, wherein the encrypted key is encrypted by a public key associated with an audit engine,  none of the prior art, alone or in combination teaches  identifying, by the relying party, a decentralized identifier (DID) record for the issuer from a blockchain network, wherein the DID record for the issuer includes a public key of a cryptographic key pair associated with the issuer; verifying, by the relying party, the digital signature of the issuer based on the public key associated with the issuer; identifying, by the relying party, the credential by decrypting the encrypted credential based on a private key of a cryptographic key pair associated with an audit engine, wherein the credential reference references a DID record for the person recorded in the blockchain network, wherein identifying the credential further comprises: sending, by the relying party, the encrypted key to the audit engine, wherein the audit engine resolves a credential key by decrypting, with the private key associated with the audit engine, the encrypted key, wherein the audit engine is unaware of the person and the credential, and wherein the audit engine generates a record of decrypting the credential key, wherein the record  in view of other limitations of claims 7 & 20.
Regarding claim 33, although the prior art of record teaches program code, stored on the computer readable storage media, for receiving an encrypted credential and an encrypted key from a person, wherein the encrypted key is encrypted by a public key associated with an audit engine, none of the prior art, alone or in combination teaches program code, stored on the computer readable storage media, for identifying a decentralized identifier (DID) record for the issuer from a blockchain network, wherein the DID record for the issuer includes a public key of a cryptographic key pair associated with the issuer; program code, stored on the computer readable storage media, for verifying digital signature of the issuer based on the public key associated with the issuer; program code, stored on the computer readable storage media, for identifying credential by decrypting the encrypted credential based on a private key of a cryptographic key pair associated with an audit engine wherein the credential reference references a DID record for the person recorded in the blockchain network, wherein identifying the credential further comprises: sending the encrypted key to the audit engine, wherein the audit engine resolves a credential key by decrypting, with the private key associated with the audit engine, the encrypted key, wherein the audit engine is unaware of the person and the credential, and wherein the audit engine generates a record of decrypting the credential key, wherein the record identifies the issuer and the relying party but not the person; receiving the credential key from the  in view of other limitations of claim 33.
	The closest prior art (patent publications) made of records are: 
Doane (US9087187)  teaches  systems and methods for receiving a session and establishing authentication credentials associated with a user by verifying the uniqueness of requested authentication credentials among one or more entities by one or more credential verification servers. Once the authentication credentials associated with the user are established, the session may be transferred back.
Caceres (US20200259815) discloses a provider receives a message from a user device requesting that the provider share user credentials associated with a user of the user device with a second provider when the user is attempting to enroll with or access goods or services associated with the second provider via an application on the user device. The message requests that the provider send the user credentials to the user device. The provider determines whether the user has been authenticated by the provider and whether a trust relationship exists between the provider and the second provider. The provider sends the user credentials to the user device when the user has been authenticated by the provider and when the trust relationship exists between the provider and the second provider. The user device forwards the user credentials to the second provider and the second provider authenticates the user based on the user credentials. 
Feng (US20200257780) teaches an applet-based account security protection method and system are disclosed. The method may comprise: receiving, from an applet, a processing request for a target service related to a target account, wherein the target 
Juels  (US 9374221) teaches  a user device is configured for communication with a distributed verification system over a network. The user device generates first and second keys from a master key for a password vault or other credential store, provides the first key to the distributed verification system, encrypts the credential store based at least in part on the second key, and provides the encrypted credential store to the distributed verification system. The credential store is encrypted utilizing the second key and information that is stored in a distributed manner over a plurality of servers of the distributed verification system. For example, encrypting the credential store illustratively comprises generating a ciphertext by encrypting the credential store utilizing the second key, obtaining a third key stored in the distributed manner over the servers, and encrypting the ciphertext utilizing the third key to generate the encrypted credential store that is provided to the distributed verification system.
Zhou (CA3068090 A1- copy attached) discuses identity authentication method and terminal device. In one embodiment, in response to a user identity authentication operation, a client on a terminal device acquires a user identifier and password to be authenticated (100); according to the user identifier, the client acquires an additional 
Neafsey (CA2864535 A1-copy attached) discloses a server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like.
Gaddam (WO2020222777A1- copy attached) teaches a method includes generating, by a user device, an initial authorization request message for an interaction to obtain a resource from a resource provider. The user device transmits the initial authorization request message to a first node in a proxy network, wherein the first node processes the initial authorization request message and transmits a routing message to a second node in the proxy network based on the processing of the initial authorization request message, the second node being previously associated with the resource provider. The user device then receives from the second node and stores a pre-authorization approval indicator (PAAI). Upon delivery of the resource by an agent of the resource provider, the user device transmits an authorization request message including the pre-authorization approval indicator, wherein the agent device further processes and transmits the authorization request message to the proxy network for authorization by an authorizing entity.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on 571-270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497