DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the application regards as the invention. 

	Regarding claim 1, the claim is rejected due to the lack of antecedent basis for “the token issuer.” The Examiner suggests amending the limitation to read “a token issuer.”


The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
	The specification shall contain a written description of the invention, and of the manner and 	process of making and using it, in such full, clear, concise, and exact terms as to enable any 	person skilled in the art to which it pertains, or with which it is most nearly connected, to make 	and use the same, and shall set forth the best mode contemplated by the inventor of carrying 	out his invention. 

The following is a quotation of 35 U.S.C. 112(f):
	(f) Element in Claim for a Combination. – An element in a claim for a combination may be 	expressed as a means or step for performing a specified function without the recital of 	structure, material, or acts in support thereof, and such claim shall be construed to cover the 	corresponding structure, material, or acts described in the specification and equivalents 	thereof. 
	
	The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
	An element in a claim for a combination may be expressed as a means or step for performing 	a specified function without the recital of structure, material, or acts in support thereof, and 	such claim shall be construed to cover the corresponding structure, material, or acts 	described in the specification and equivalents thereof. 

Use of the word “means” (or “step for”) in a claim with functional language creates a rebuttable presumption that the claim element is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that 35 U.S.C. 112(f), or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked is rebutted when the function is recited with sufficient structure, material, or acts within the claim itself to entirely perform the recited function.

	Absence of the word “means” (or “step for”) in a claim creates a rebuttable presumption that the claim element is not to be treated in accordance with 35 U.S.C. 112(f), or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that 35 U.S.C. 112(f), or pre-AIA  35 U.S.C. 112, sixth paragraph, is not invoked is rebutted when the claim element recites function but fails to recite sufficiently definite structure, material or acts to perform that function.
	Claim elements in this application that use the word “means” (or “step for”) are presumed to invoke 35 U.S.C. 112(f) except as otherwise indicated in an Office Action. Similarly, claim elements that do not use the word “means” (or “step for”) are presumed not to invoke 35 U.S.C. 112(f) except as otherwise indicated in an Office Action. 



Claims 1-10 limitation of “token retriever unit” and “service access unit” have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because they use a generic placeholder without reciting sufficient structure to achieve the function. Furthermore, the generic placeholder is not preceded by a structural modifier.

	Since the claims limitations invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 1-10 limitations have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.
	A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: “there is provided a user device comprising a storage, a token retriever unit, and a service access unit (the token retriever unit and the service access unit may be the same device or different devices)”, Page 1. 
	If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office Action.
	If applicant does not intend to have the claim limitations treated under 35 U.S.C. 112(f) ore pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may amend the claims so they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.





 Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1, 4-9 and 11-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by SHEAR et al. (U.S. PGPub. 2015/0033305), hereinafter Shear. 

	Regarding claim 1, Shear teaches A user device comprising:
	a storage (Shear, Paragraph [0671], see “Such identity information arrangements and identity evaluation capabilities may involve storing Participant and/or the like biometric, environmental, behavioral, and/or other human resource Participant and/or the like Stakeholder certifying party information…in local user computing arrangement nodes (e.g., smartphone, tablet…and/or other user device arrangements)”), to store:
		a persistent identity of the user device (Shear, Paragraph [0111], see “Various PERCos embodiments involve a variety of capability sets that may be employed in securely creating and/or managing reliable resource identity information…”) (Shear, Paragraph [0112], see “secure and reliable resource identity instances, including, for example, employing assiduous identity capabilities involving existential Stakeholder biometric information (for example, pattern information) acquisition and validation capabilities…”, where “Stakeholder biometric information” is being read as comprising a persistent identity of the user device);
		a plurality of ephemeral identities (Shear, Paragraph [0101], see “PERCos embodiments may depend, in part, on standardized, interoperable capabilities for humans to express—and computing arrangements to process and, as applicable, store—computing arrangement user and/or Stakeholder contextual purpose related information elements and combinations”, where “purpose related information elements” is being read as comprising a plurality of ephemeral identities and where “computing arrangement” is being read as comprising a user device) (Shear, Paragraph [0186], see “Tamper resistant storage structure arrangements for storing identity-related information sets and/or methods including Identity Firewall memory arrangements. Such arrangements can support secure ephemeral identity processing related information and for maintaining local and/or administrative and/or cloud service based identity related information storage…”) (Shear, Paragraph [0319], see “…PERCos resources may be provided in the form, for example, of Formal Resources, Implied Resources, Ephemeral Resources, and Compound Resources, where all Resources except Ephemeral Resources have persistent, operatively unique identifiers…”, where “PERCos resources” are stored in the user device);
		a plurality of tokens for accessing a service provider (Shear, Paragraph [0642], see “…the relationships between resources that have interacted may be retained by information arrangements of one or more of the resources involved in such interactions such as in PIDMX arrangements (and/or through other resource information store arrangements, including, for example, resource delegates and/or proxies). Such a retention may take the form of processes that operate to create, retain, and/or augment one or more tokens, which may be cryptographically protected and support integrity of one or more persisted resource relationships. The utilization of such retained relationship representations may provide users and Stakeholders with the means to ascertain whether they (or their delegates) have previously interacted with a resource, and consequently to evaluate that resource based, in part, on this representation, for example represented as a token, and any associated further information sets”, where “a retention may take the form of processes that operate to create, retain, and/or augment one or more tokens” is being read as storing a plurality of tokens for accessing a service provider);
	a token retriever unit (Shear, Paragraph [0235], see “…Such Identity Firewall at least in part securely managed communications capabilities may allow only minimal, firewall supervised information communications from such user set other “local” computing arrangement meeting specifically identity assessment and reporting related instructions, for example, instructions to activate or deactivate any sensor and/or emitter set, and may alternatively or in addition allow secure remote identity services from network based administrative and/or cloud identity service arrangements to communicate software and/or driver and/or security, auditing, information transfer, Participant information (such as biometric pattern) and/or the like information, using a secure communications arrangement”, where “information transfer, Participant information, and/or the like information” is being read as the computing arrangement (i.e. user device) comprising a token retriever unit), to:
		generate a plurality of token requests, each being a blinded version of an ephemeral identity selected among the plurality of ephemeral identities (Shear, Paragraph [0232], see “…PERCos based operations may perform similarity matching within local user computing arrangements, at administrative network locations, and/or at cloud services, and/or the like, to determine that the user set using a computing arrangement set is, is like to be, and/or may be, required or requested to be further tested to assess, identify, securely validate, and/or the like”, where “required or requested to be further tested to assess, identify, securely validate, and/or the like” is being read as before granting access to the user to access a service with a token, requiring the user to request for the token through an assessment of their resource set (i.e., including an obfuscated ephemeral identity) (Shear, Paragraph [0445], see “Situational identities may be ephemeral or persistent…a PERCos Identity Matrix (PIDMX), an organizational structure used, for example, for managing identities, identity attributes and/or other identity-related information sets associated with a resource set, may have a control specification set expressing storage locations for storing the situational identities of the resource set”) (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources…These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or the persistently retained (e.g., audit log) input (e.g., from emitter distributing, biometric sensing, location sensing, and/or the like) where such assessing and/or managing may include analysis of one or more qualities related to hardened arrangement information and/or process set authenticity, security, efficiency…”, where “PERCos hardened capability sets” and “awareness management capabilities” involve obfuscating the ephemeral identities in the token requests of the user); 
		sign the selected token request with a signature associated to the persistent identity of the user device (Shear, Paragraph [0234], see “…users and/or Stakeholders may register their respective Participant identities by publishing them with one or more third parties (such as, for example, identity management services such as cloud service identity utilities) by providing information sets sufficient for subsequent, rigorous authentication by, or support by, said third parties…Such participant information may then be employed in ensuring the reliability and integrity of resource set information through, at least in part, matching Participant biometric and/or environmental pattern information…signing of information comprising, and/or otherwise establishing the identity of, user relevant signed resources”, where “signing of information, comprising, and/or otherwise establishing the identity of, user relevant signed resources” is being read as the token request provided by the user being signed with a signature associated to the persistent identity of the user device);
		send the signed token request associated to the selected ephemeral identity (Shear, Paragraph [0205], see “Communications capabilities, such as integrating and/or otherwise resolving encryption methodologies, transmission capabilities, secure handshaking protocols, signing capabilities, and/or the like, into communications frameworks employed in identity related communications between DIM, Coherence, and/or other PERCos service arrangements in support of identification, identity processing, authentication, and/or related analysis related to PERCos and/or other system users, Stakeholders, resources, and/or the like”); and
		receive, from the token issuer, a token associated to the token request and signed with a signature associated to the persistent identity of the token issuer (Shear, Paragraph [0237], see “…a third party, such as a cloud identity service, may issue a token certifying the authenticity of the binding between the Participant identities and associated users of Stakeholders. For example, support a Stakeholder, registers a Participant identity, with a trusted identity manager by securely acquiring and communicating an existential biometric information set. The trusted identity manager may issue a token that in some cases may use to perform PERCos activities for which the authentication is deemed to have been sufficiently assiduous. Users interested in using the resource set can evaluate and/or validate provenance of the resource set by validating the issued token”) (Shear, Paragraph [0252], see “Based at least in part on an evaluation of one or more of the above, the third party may authenticate and issue one or more certificates, other tokens, and/or the like, expressing the reliability of, and/or one or more other qualities regarding the binding between Participant 1 and Participant sub 1”, where “Based at least in part on an evaluation of one or more of the above” is being read as based on the token request transmitted by the user/Stakeholder) (Shear, Paragraph [0377], see “Providing sufficient assurance of assiduous authentication of direct Stakeholders, where in cases where Stakeholders are organizations rather than humans, there may be chain of authority that includes one or more individual authenticating humans. One or more direct Stakeholders may provide assurance by, for example…providing one or more cryptographic tokens signed by a trusted third party certifying the assiduous authentication of one or more direct Stakeholders…”, where “cryptographic tokens signed by a trusted third party certifying the assiduous authentication of one or more direct Stakeholders” is being read as receiving a token associated to the token request and signed with a signature associated to the persistent identity of the token issuer, where “trusted third party” is being read as comprising a token issuer, and where “signed by a trusted third party certifying…” is being read as a signature associated to the persistent identity of the token issuer); 
		store the token in the storage (Shear, Paragraph [0642], see “…the relationships between resources that have interacted may be retained by information arrangements of one or more of the resources involved in such interactions such as in PIDMX arrangements…Such a retention may take the form of processes that operate to create, retain, and/or augment one or more tokens, which may be cryptographically protected and support integrity of one or more persisted resource relationships. The utilization of such retained relationship representations may provide users and Stakeholders with the means to ascertain whether they (or their delegates) have previously interacted with a resource, and consequently to evaluate that resource based, in part, on this representation, for example represented as a token, and any associated further information sets”, where “retain…one or more tokens” is being read as storing the token in storage once it is received);
	a service access unit, to:
		select one token among the plurality of stored tokens (Shear, Paragraph [0642], see “…the relationships between resources that have interacted may be retained by information arrangements of one or more of the resources involved in such interactions such as in PIDMX arrangements…Such a retention may take the form of processes that operate to create, retain, and/or augment one or more tokens, which may be cryptographically protected and support integrity of one or more persisted resource relationships. The utilization of such retained relationship representations may provide users and Stakeholders with the means to ascertain whether they (or their delegates) have previously interacted with a resource, and consequently to evaluate that resource based, in part, on this representation, for example represented as a token, and any associated further information sets. In some embodiments, such tokens may include, for example”, where “utilization of such retained relationship representations may provide users and Stakeholders with the means to ascertain whether they (or their delegates) have previously interacted with a resource, and consequently to evaluate that resource…” is being read as selecting one or more tokens among the plurality of stored tokens, which are consequently evaluated based on previous interactions with the resources) (Shear, Paragraphs [0643 – 0645], see “Previously interacted with resources, where such interactions were positive…Previously interacted with resources, where such interactions were negative…Previously interacted with resources, where such interactions were neither positive nor negative, but have an associated level”);
		generate a service access request to a service provider, the service access request including the selected token (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources. As the interactions require at least two parties, such tokens may form a symmetric pair, such that both parties in their future interactions may recognize the legitimate counter party. These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”, where “these tokenized representations may, for example, be instantiated as parts of one or more communication protocols” is being read as generating a service access request, where the service access request includes the selected token) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or persistently retained (e.g., audit log) input…and/or process set authenticity, security, efficiency, reliability, and/or the like, for example, by evaluating biometric input using biometric signal timing anomaly and/or other liveness techniques, evaluation of security integrity of one or more such device nodes internal information and/or processes, evaluating correspondence relationships between, for example, emitter emissions (such as challenge and response) and acquired biometric signal information, and/or evaluating security integrity of communication activities between any set of such nodes, for example, by evaluation of PKI and/or related certificate types, existential biometric certificates, and/or the like”). 

	Regarding claim 4, Shear teaches The user device of claim 1, 
	wherein the service access unit is to sign the token using the corresponding ephemeral identity (Shear, Paragraph [0186], see “…Such arrangements can support secure ephemeral identity processing related information and for maintaining local and/or administrative and/or cloud service based identity related information storage such as Identity Firewall processing, input, communications, and/or other related information storage”) (Shear, Paragraph [0205], see “Communications capabilities, such as integrating and/or otherwise resolving encryption methodologies, transmission capabilities, secure handshaking protocols, signing capabilities, and/or the like, into communications frameworks employed in identity related communications between DIM, Coherence, and/or other PERCos service arrangements in support of identification, identity processing, authentication, and/or related analysis related to PERCos and/or other system users, Stakeholders, resources, and/or the like”, where “signing capabilities” is being read as the service access unit comprised within the user device signing the token using a corresponding ephemeral identity, due to the arrangements supporting secure ephemeral identity processing related information) 

	Regarding claim 5, Shear teaches The user device of claim 1,
	wherein the service access unit is to randomly select the token among the plurality of stored tokens and/or to select the tokens with an order different from the order with which tokens are stored (Shear, Paragraph [0202], see “…Sensor information sets may be encrypted and/or bound to and/or otherwise securely associated with user set computing arrangement and/or Identity Firewall (and/or the like) unique identifier information, time stamped emitter descriptive information, and/or such computing arrangement and/or Identity Firewall arrangement information. Further, since administrative and/or cloud service identity service arrangements may share unique secrets with corresponding user computing arrangements, such computing arrangements (including Identity Firewall sets and/or Awareness Manager arrangements), may share, for example, unique pseudo-random generation secrets (keys) with corresponding instances of their remote service arrangement sets, which may have, or may be able to therefore produce, the pseudo-randomly generated emitter instance set specific emitter descriptive information so as to facilitate analysis of corresponding sensor information associated with such identifiers…”, where “such computing arrangements…may share, for example, unique pseudo-random generation secrets (keys) with corresponding instances of their remote service arrangement sets” is being read as the service access unit comprised within the user computing arrangement randomly selecting the token among the plurality of stored tokens). 

	Regarding claim 6, Shear teaches A system (Shear, Paragraph [0148], see “Situationally relevant attribute sets may at least in part be catalogued in identity systems associated with one or more classic category domains. With PERCos, in some embodiments, attributes can represent situationally relevant attribute aggregations associated with contextual purpose specifications…Such subsets may be stored explicitly associated with, and/or dynamically generated in response to, purpose specification instances) comprising at least one user device according to claim 1, the token issuer and/or the service provider (See Rejection of Claim 1). 

	Regarding claim 7, Shear teaches The system of claim 6, 
	wherein the service provider is a printer or a device controlling a printer (Shear, Paragraph [0230], see “…when working on a proprietary corporate document, if an individual’s voice is heard in the user set’s computing arrangement room and the detected individual isn’t identified by voice recognition protocols as matching a name on both contextual purpose and computing environment lists, then the computer may automatically hide or otherwise event manage content, such as not displaying a document, hiding a webpage, playing a video and/or audio, halting output (on a printer), and/or the like”, where “halting output (on a printer)” is being read as the service provider being a printer or a device controlling a printer) (Shear, Paragraph [0233], see “…Such techniques can also be employed with other output means, such as differentially controlling content communications to different parties participating in teleconferencing and/or controlling printer output such that a person without the appropriate privileges wouldn’t be present when a given set of content is being outputted”).

	Regarding claim 8, Shear teaches The system of claim 7, 
	wherein the service is a print job requested from the user device (Shear, Paragraph [0230], see “…when working on a proprietary corporate document, if an individual’s voice is heard in the user set’s computing arrangement room and the detected individual isn’t identified by voice recognition protocols as matching a name on both contextual purpose and computing environment lists, then the computer may automatically hide or otherwise event manage content, such as not displaying a document, hiding a webpage, playing a video and/or audio, halting output (on a printer), and/or the like”, where “halting output (on a printer)” is being read as the service provider being a printer or a device controlling a printer) (Shear, Paragraph [0233], see “…Such techniques can also be employed with other output means, such as differentially controlling content communications to different parties participating in teleconferencing and/or controlling printer output such that a person without the appropriate privileges wouldn’t be present when a given set of content is being outputted”), the user device being anonymous (Shear, Paragraph [0151], see “From the standpoint of a user attempting to employ resources with which such user is substantially to entirely unfamiliar and/or otherwise unable to sufficiently evaluate, anonymity attributes regarding key provenance and related inferred or explicit certifications by provenance parties (Stakeholders) severely undermines the ability of users to assess any given resource’s Quality of Purpose, including effectiveness, positive to malicious one or more intents of one or more Stakeholder sets in regards to at least certain one or more user interests, and/or the like”, where “anonymity attributes” is being read as the user device being anonymous). 

	Regarding claim 9, Shear teaches The system of claim 6,
	wherein the service provider has storage space (Shear, Paragraph [0213], see “…Such declaration, regarding chain of authority authorization for one or more parties, for example, by a sensior, for example, root Participant authority, may also, in some PERCos embodiments, be embedded and/or securely referenced as a control attribute of a PERCos published resource…Participant instances corresponding to such respective Participant Z agents may have been previously published using, in part, existential biometric techniques…Where such Participant instance was previously published by such agent with, for example, a PERCos and/or the like identity cloud service as a Participant resource set, such agent Participant’s existential biometric information can be similarity matched with the agent’s existential biometric information supplied during such Company X’s Participant Z document publishing process”, where “agent’s existential biometric information…” is being read as the service provider comprising a storage space to store the existential biometric information) and the service to be provided is at least one of storing data, retrieving the data, and deleting the stored data (Shear, Paragraph [0867], see “…particularity management services may be multiply instantiated, so that some instances can be integrated into CPFF evaluation processing, whereas others may be managed separately. Such particularity management service instances may enable users to accept, add, modify, refine, resolve, cohere, and/or otherwise manipulate—single instance or iteratively—their prescriptive Purpose Statements (and/or like, purpose specification) sets that can be similarity matched to identify and select a Framework, such as, a CPFF, that can be used as a scaffolding and/or other environment to produce a situationally relevant operating specification set”, where “accept, add, modify, refine, resolve, cohere, and/or otherwise manipulate…” is being read as storing, retrieving and/or deleting stored data from the service). 

	Regarding claim 11, Shear teaches A method comprising:
	generating an ephemeral identity (Shear, Paragraph [0186], see “…Such arrangements can support secure ephemeral identity processing related information and for maintaining local and/or administrative and/or cloud service based identity related information storage such as Identity Firewall processing, input, communications, and/or other related information storage…”) (Shear, Paragraph [0346], see “Metadata information specified, and/or inferred and/or otherwise interpreted, so as to produce or declare attributes and/or ephemeral attribute information…”, where “produce or declare attributes and/or ephemeral attribute information” is being read as generating an ephemeral identity);
	requesting a token associated to the ephemeral identity (Shear, Paragraph [0232], see “…PERCos based operations may perform similarity matching within local user computing arrangements, at administrative network locations, and/or at cloud services, and/or the like, to determine that the user set using a computing arrangement set is, is like to be, and/or may be, required or requested to be further tested to assess, identify, securely validate, and/or the like”, where “required or requested to be further tested to assess, identify, securely validate, and/or the like” is being read as before granting access to the user to access a service with a token, requiring the user to request for the token through an assessment of their resource set (i.e., including an obfuscated ephemeral identity) (Shear, Paragraph [0445], see “Situational identities may be ephemeral or persistent…a PERCos Identity Matrix (PIDMX), an organizational structure used, for example, for managing identities, identity attributes and/or other identity-related information sets associated with a resource set, may have a control specification set expressing storage locations for storing the situational identities of the resource set”) (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources…These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or the persistently retained (e.g., audit log) input (e.g., from emitter distributing, biometric sensing, location sensing, and/or the like) where such assessing and/or managing may include analysis of one or more qualities related to hardened arrangement information and/or process set authenticity, security, efficiency…”, where “PERCos hardened capability sets” and “awareness management capabilities” involve obfuscating the ephemeral identities in the token requests of the user), the request having a signature based on the persistent identity (Shear, Paragraph [0234], see “…users and/or Stakeholders may register their respective Participant identities by publishing them with one or more third parties (such as, for example, identity management services such as cloud service identity utilities) by providing information sets sufficient for subsequent, rigorous authentication by, or support by, said third parties…Such participant information may then be employed in ensuring the reliability and integrity of resource set information through, at least in part, matching Participant biometric and/or environmental pattern information…signing of information comprising, and/or otherwise establishing the identity of, user relevant signed resources”, where “signing of information, comprising, and/or otherwise establishing the identity of, user relevant signed resources” is being read as the token request provided by the user being signed with a signature associated to the persistent identity of the user device);
	receiving the requested token, the token having a signature from a token issuer (Shear, Paragraph [0237], see “…a third party, such as a cloud identity service, may issue a token certifying the authenticity of the binding between the Participant identities and associated users of Stakeholders. For example, support a Stakeholder, registers a Participant identity, with a trusted identity manager by securely acquiring and communicating an existential biometric information set. The trusted identity manager may issue a token that in some cases may use to perform PERCos activities for which the authentication is deemed to have been sufficiently assiduous. Users interested in using the resource set can evaluate and/or validate provenance of the resource set by validating the issued token”) (Shear, Paragraph [0252], see “Based at least in part on an evaluation of one or more of the above, the third party may authenticate and issue one or more certificates, other tokens, and/or the like, expressing the reliability of, and/or one or more other qualities regarding the binding between Participant 1 and Participant sub 1”, where “Based at least in part on an evaluation of one or more of the above” is being read as based on the token request transmitted by the user/Stakeholder) (Shear, Paragraph [0377], see “Providing sufficient assurance of assiduous authentication of direct Stakeholders, where in cases where Stakeholders are organizations rather than humans, there may be chain of authority that includes one or more individual authenticating humans. One or more direct Stakeholders may provide assurance by, for example…providing one or more cryptographic tokens signed by a trusted third party certifying the assiduous authentication of one or more direct Stakeholders…”, where “cryptographic tokens signed by a trusted third party certifying the assiduous authentication of one or more direct Stakeholders” is being read as receiving a token associated to the token request and signed with a signature associated to the persistent identity of the token issuer, where “trusted third party” is being read as comprising a token issuer, and where “signed by a trusted third party certifying…” is being read as a signature associated to the persistent identity of the token issuer);
	in case of intention of accessing a service, submitting the received token (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources. As the interactions require at least two parties, such tokens may form a symmetric pair, such that both parties in their future interactions may recognize the legitimate counter party. These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”, where “these tokenized representations may, for example, be instantiated as parts of one or more communication protocols” is being read as generating a service access request, where the service access request includes the selected token) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or persistently retained (e.g., audit log) input…and/or process set authenticity, security, efficiency, reliability, and/or the like, for example, by evaluating biometric input using biometric signal timing anomaly and/or other liveness techniques, evaluation of security integrity of one or more such device nodes internal information and/or processes, evaluating correspondence relationships between, for example, emitter emissions (such as challenge and response) and acquired biometric signal information, and/or evaluating security integrity of communication activities between any set of such nodes, for example, by evaluation of PKI and/or related certificate types, existential biometric certificates, and/or the like”).

	Regarding claim 12, Shear teaches The method of claim 11, further comprising repeating generating, requesting and receiving in at least a plurality of iterations (Shear, Paragraph [0439], see “…PERCos capabilities can extract or redeploy framework information set along with applicable operating condition state information. Such information is evaluated, and as applicable, cohered, if in the context of receiving one or more environments’ Foundations and/or other germane user computing arrangement environment information, such resolving is practical in light of such specification and operating information. Such cohering/resolving establishes a readiness of operating state of such receiving environment or initiates such receiving state, with the foregoing in compliance with CPFF related situational specifications. If conflicts arise, or if other adaptations are desired, the initiating environment or receiving environment may interact with one or more user sets and/or authority sets…for user and/or such administrative set input selections and/or evaluations in support of, if desired, provisioning, and, in some instances, storing operable states”) (Shear, Paragraph [0867], see “…particularity management services may be multiply instantiated, so that some instances can be integrated into CPFF evaluation processing, whereas others may be managed separately. Such particularity management service instances may enable users to accept, add, modify, refine, resolve, cohere, and/or otherwise manipulate—single instance or iteratively—their prescriptive Purpose Statements (and/or like, purpose specification) sets that can be similarity matched to identify and select a Framework, such as, a CPFF, that can be used as a scaffolding and/or other environment to produce a situationally relevant operating specification set”, where “enable users to accept, add, modify, refine, resolve, cohere and/or otherwise manipulate—single instance or iteratively—their prescriptive Purpose Statements…” is being read as repeating the generating, requesting and receiving steps to help identify and select a Framework).

	Regarding claim 13, Shear teaches The method of claim 11, further comprising repeating the method for each of a plurality of user devices (Shear, Paragraph [0439], see “…PERCos capabilities can extract or redeploy framework information set along with applicable operating condition state information. Such information is evaluated, and as applicable, cohered, if in the context of receiving one or more environments’ Foundations and/or other germane user computing arrangement environment information, such resolving is practical in light of such specification and operating information. Such cohering/resolving establishes a readiness of operating state of such receiving environment or initiates such receiving state, with the foregoing in compliance with CPFF related situational specifications. If conflicts arise, or if other adaptations are desired, the initiating environment or receiving environment may interact with one or more user sets and/or authority sets (which, in some instances, may be remote administrative organization and/or cloud service arrangements) for user and/or such administrative set input selections and/or evaluations in support of, if desired, provisioning, and, in some instances, storing operable states”) (Shear, Paragraph [0665], see “Techniques for assuring the assiduous identity reliability of humans, and associated groups, as resources, for example, as Stakeholders and Participants, and/or as users. Such parties may be involved in purposeful computing sessions, for example, directly as Participants, such as in the role of user expert resource sets and/or as other user purposeful computing participants, such as family members, business parties, friends…and/or the like, and where such parties have registered published Participant identity information sets and/or the like identity resource instances that may be used to identify, reference, evaluate, authenticate, and/or the like any such parties, as they may be direct participants in purposeful computing sessions, and/or as they may be associated with such sessions as Stakeholder sets associated with computing arrangement resource sets”, where “Stakeholders or Participants” are being read as comprising a plurality of user devices that undergo the same procedure as the method of claim 11). 

	Regarding claim 14, Shear teaches A method including:
	a first user device performing the method of claim 11 (See Rejection of Claim 11), so that the submitted token is signed with the corresponding ephemeral identity (Shear, Paragraph [0232], see “…PERCos based operations may perform similarity matching within local user computing arrangements, at administrative network locations, and/or at cloud services, and/or the like, to determine that the user set using a computing arrangement set is, is like to be, and/or may be, required or requested to be further tested to assess, identify, securely validate, and/or the like”, where “required or requested to be further tested to assess, identify, securely validate, and/or the like” is being read as before granting access to the user to access a service with a token, requiring the user to request for the token through an assessment of their resource set (i.e., including an obfuscated ephemeral identity) (Shear, Paragraph [0445], see “Situational identities may be ephemeral or persistent…a PERCos Identity Matrix (PIDMX), an organizational structure used, for example, for managing identities, identity attributes and/or other identity-related information sets associated with a resource set, may have a control specification set expressing storage locations for storing the situational identities of the resource set”) (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources…These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or the persistently retained (e.g., audit log) input (e.g., from emitter distributing, biometric sensing, location sensing, and/or the like) where such assessing and/or managing may include analysis of one or more qualities related to hardened arrangement information and/or process set authenticity, security, efficiency…”, where “PERCos hardened capability sets” and “awareness management capabilities” involves the submitted token being signed with a corresponding ephemeral identity of the user), the service being storing data into a service provider (Shear, Paragraph [0671], see “Such identity information arrangements and identity evaluation capabilities may involve storing Participant and/or the like biometric, environmental, behavioral, and/or other human resource Participant and/or the like Stakeholder certifying party information, including, for example, pattern information of the foregoing, in local user computing arrangement nodes (e.g., smartphone, tablet, notebook computer, game station, and/or other user device arrangements) and/or at network locations such as corporate administrative and/or cloud service one or more locations”, where “network locations such as corporate administrative and/or cloud service one or more locations” is being read as the service being storing data into a service provider);
	the first user device storing the data on the service provider (Shear, Paragraph [0144], see “Only resource sets with identity attributes consistent with user target contextual purposes will operate in computing session instances that employ user set and/or Stakeholder set sensitive information and/or processes, assured by CPFF related arrangements, such as hardware/software CPFF implementations employing, at least in part, contextual purpose standardized and interoperable specification information”, where “resource sets with identity attributes consistent with user target contextual purposes will operate in computing session instances that employ user set and/or Stakeholder set sensitive information and/or processes” is being read as storing the data on the service provider for it to be used in computing session instances);
	a second user device accessing a service for retrieving the data provided without signing the request with the ephemeral identity corresponding to the token (Shear, Paragraph [0235], see “…Such Identity Firewall at least in part securely managed communications capabilities may allow only minimal, firewall supervised information communications from such user set other “local” computing arrangement meeting specifically identity assessment and reporting related instructions, for example, instructions to activate or deactivate any sensor and/or emitter set, and may alternatively or in addition allow secure remote identity services from network based administrative and/or cloud identity service arrangements to communicate software and/or driver and/or security, auditing, information transfer, Participant information and/or the like information, using a secure communications arrangement, such as a separate communications link”, where “user set other “local” computing arrangement” is being read as comprising a second user device that is used to access a service without having to sign the request with the ephemeral identity corresponding to the token); and
	the second user device retrieving the stored data from the service provider (Shear, Paragraph [0235], see “…Such Identity Firewall at least in part securely managed communications capabilities may allow only minimal, firewall supervised information communications from such user set other “local” computing arrangement meeting specifically identity assessment and reporting related instructions, for example, instructions to activate or deactivate any sensor and/or emitter set, and may alternatively or in addition allow secure remote identity services from network based administrative and/or cloud identity service arrangements to communicate software and/or driver and/or security, auditing, information transfer, Participant information and/or the like information, using a secure communications arrangement, such as a separate communications link”, where “auditing, information transfer” is being read as retrieving stored data from the service provider).

	Regarding claim 15, Shear teaches A non-transitory storage unit storing instructions (Shear, Paragraph [0003], see “Embodiments include systems, devices, methods and computer-readable media to facilitate reliability of identity, flexibility of identity information arrangements, and security related to resource identity and purposeful computing in computing architectures”) which, when executed by a processor, cause the processor to:
	generate and/or select a request as a blinded version of an ephemeral identity (Shear, Paragraph [0232], see “…PERCos based operations may perform similarity matching within local user computing arrangements, at administrative network locations, and/or at cloud services, and/or the like, to determine that the user set using a computing arrangement set is, is like to be, and/or may be, required or requested to be further tested to assess, identify, securely validate, and/or the like”, where “required or requested to be further tested to assess, identify, securely validate, and/or the like” is being read as before granting access to the user to access a service with a token, requiring the user to request for the token through an assessment of their resource set (i.e., including an obfuscated ephemeral identity) (Shear, Paragraph [0445], see “Situational identities may be ephemeral or persistent…a PERCos Identity Matrix (PIDMX), an organizational structure used, for example, for managing identities, identity attributes and/or other identity-related information sets associated with a resource set, may have a control specification set expressing storage locations for storing the situational identities of the resource set”) (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources…These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or the persistently retained (e.g., audit log) input (e.g., from emitter distributing, biometric sensing, location sensing, and/or the like) where such assessing and/or managing may include analysis of one or more qualities related to hardened arrangement information and/or process set authenticity, security, efficiency…”, where “PERCos hardened capability sets” and “awareness management capabilities” involve obfuscating the ephemeral identities in the token requests of the user);
	sign the generated token request with a signature associated to a persistent identity (Shear, Paragraph [0234], see “…users and/or Stakeholders may register their respective Participant identities by publishing them with one or more third parties (such as, for example, identity management services such as cloud service identity utilities) by providing information sets sufficient for subsequent, rigorous authentication by, or support by, said third parties…Such participant information may then be employed in ensuring the reliability and integrity of resource set information through, at least in part, matching Participant biometric and/or environmental pattern information…signing of information comprising, and/or otherwise establishing the identity of, user relevant signed resources”, where “signing of information, comprising, and/or otherwise establishing the identity of, user relevant signed resources” is being read as the token request provided by the user being signed with a signature associated to the persistent identity of the user device);
	send the token request to a token issuer (Shear, Paragraph [0205], see “Communications capabilities, such as integrating and/or otherwise resolving encryption methodologies, transmission capabilities, secure handshaking protocols, signing capabilities, and/or the like, into communications frameworks employed in identity related communications between DIM, Coherence, and/or other PERCos service arrangements in support of identification, identity processing, authentication, and/or related analysis related to PERCos and/or other system users, Stakeholders, resources, and/or the like”);
	receive, from the token issuer, a signed token (Shear, Paragraph [0237], see “…a third party, such as a cloud identity service, may issue a token certifying the authenticity of the binding between the Participant identities and associated users of Stakeholders. For example, support a Stakeholder, registers a Participant identity, with a trusted identity manager by securely acquiring and communicating an existential biometric information set. The trusted identity manager may issue a token that in some cases may use to perform PERCos activities for which the authentication is deemed to have been sufficiently assiduous. Users interested in using the resource set can evaluate and/or validate provenance of the resource set by validating the issued token”) (Shear, Paragraph [0252], see “Based at least in part on an evaluation of one or more of the above, the third party may authenticate and issue one or more certificates, other tokens, and/or the like, expressing the reliability of, and/or one or more other qualities regarding the binding between Participant 1 and Participant sub 1”, where “Based at least in part on an evaluation of one or more of the above” is being read as based on the token request transmitted by the user/Stakeholder) (Shear, Paragraph [0377], see “Providing sufficient assurance of assiduous authentication of direct Stakeholders, where in cases where Stakeholders are organizations rather than humans, there may be chain of authority that includes one or more individual authenticating humans. One or more direct Stakeholders may provide assurance by, for example…providing one or more cryptographic tokens signed by a trusted third party certifying the assiduous authentication of one or more direct Stakeholders…”, where “cryptographic tokens signed by a trusted third party certifying the assiduous authentication of one or more direct Stakeholders” is being read as receiving a token associated to the token request and signed with a signature associated to the persistent identity of the token issuer, where “trusted third party” is being read as comprising a token issuer, and where “signed by a trusted third party certifying…” is being read as a signature associated to the persistent identity of the token issuer);
	store the token in the storage (Shear, Paragraph [0642], see “…the relationships between resources that have interacted may be retained by information arrangements of one or more of the resources involved in such interactions such as in PIDMX arrangements…Such a retention may take the form of processes that operate to create, retain, and/or augment one or more tokens, which may be cryptographically protected and support integrity of one or more persisted resource relationships. The utilization of such retained relationship representations may provide users and Stakeholders with the means to ascertain whether they (or their delegates) have previously interacted with a resource, and consequently to evaluate that resource based, in part, on this representation, for example represented as a token, and any associated further information sets”, where “retain…one or more tokens” is being read as storing the token in storage once it is received); and
	in case of necessity of accessing a service, generate a service access request and send it to a service provider, the service access request including the token (Shear, Paragraph [0647], see “…a resource set (including, for example, a Participant) that has had previous interactions with another resource sets (including for example other Participants) may generate one or more appropriate tokens that are associated with those resources. As the interactions require at least two parties, such tokens may form a symmetric pair, such that both parties in their future interactions may recognize the legitimate counter party. These tokens may then be combined with one or more system elements such as CPFF, IF, AM, and/or other PERCos enabled hardware and software to invoke appropriate policies and/or responses to such recognized resources. In some embodiments these tokenized representations may, for example, be instantiated as parts of one or more communication protocols”, where “these tokenized representations may, for example, be instantiated as parts of one or more communication protocols” is being read as generating a service access request, where the service access request includes the selected token) (Shear, Paragraph [0673], see “Such PERCos hardened capability sets, such as Identity Firewall embodiments, include secure communications capabilities used to transmit information between user set computing arrangement Identity Firewall plural instances, and between such computing locations and cloud and/or network cloud service(s) and/or administrative nodes…The foregoing awareness management capabilities may be employed for assessing and/or managing such hardened arrangement processes, related process instruction information, and related process results information (for example, including arrangement environment awareness of ephemeral and/or persistently retained (e.g., audit log) input…and/or process set authenticity, security, efficiency, reliability, and/or the like, for example, by evaluating biometric input using biometric signal timing anomaly and/or other liveness techniques, evaluation of security integrity of one or more such device nodes internal information and/or processes, evaluating correspondence relationships between, for example, emitter emissions (such as challenge and response) and acquired biometric signal information, and/or evaluating security integrity of communication activities between any set of such nodes, for example, by evaluation of PKI and/or related certificate types, existential biometric certificates, and/or the like”). 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Shear, in view of Resch et al. (U.S. PGPub. 2017/0289173), hereinafter Resch. 

	Regarding claim 2, Shear does not teach the following limitation(s) as taught by Resch: The user device of claim 1, 
	wherein the service access unit is to send the service access request to the token issuer anonymously (Resch, Paragraph [0051], see “The temporary credential module 94 operates to allow for an anonymous user to obtain access to an authenticated device (e.g., storage unit 36, DS client module 34, etc.). The access is controlled by providing temporary credentials and temporary access privileges to the anonymous user, after the anonymous user performs an enrollment process. The enrollment process allows an anonymous requester to request and receive a set of credentials (e.g., certificate and key, an authorization token, a username and password, etc.)”, where “anonymous user” is analogous to comprising the service access unit which sends the request to the token issuer anonymously), the service access request lacking of information regarding the persistent identity of the user device (Resch, Paragraph [0051], see “…The enrollment process also includes a minimum form of authentication by the anonymous user (e.g., a TCP connection, Turing challenge, computational challenge, etc.). Based on the enrollment process, the authenticated device assigns a status to the anonymous user”, where “The enrollment process also includes a minimum form of authentication by the anonymous user (e.g., a TCP connection, Turing challenge, computational challenge, etc.)” is analogous to the request lacking of information regarding the persistent identity of the user device, since the user is anonymous). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for secure and reliable identity-based computing, disclosed of Shear, by implementing techniques for temporary enrollment in anonymously obtained credentials, comprising of sending a service access request to the token issuer anonymously, the service access request lacking of information regarding the persistent identity of the user device, disclosed of Resch.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for requesting access to a service, comprising of sending a service access request to the token issuer anonymously, the service access request lacking of information regarding the persistent identity of the user device. This allows for better security management by hiding the identity of a user requesting access to the service, which ultimately keeps the identity of the user secure. Resch is deemed as analogous art due to the art disclosing methods of sending a request for access anonymously (Resch, Paragraph [0051]). 

	Regarding claim 3, Shear does not teach the following limitation(s) as taught by Resch: The user device of claim 1,
	wherein the service access unit is to send the service access request so as to include an ephemeral public key of the selected ephemeral identity of the user device (Resch, Paragraph [0026], see “…The user profile information includes authentication information, permissions and/or the security parameters. The security parameters may include encryption/decryption scheme, one or more encryption keys, key generation scheme, and/or data encoding/decoding scheme”) (Resch, Paragraph [0040], see “…the managing unit 18 receives a temporary enrollment request A from the accessing unit A via a transport control protocol (TCP) connection over the network 24…The temporary enrollment request A includes one or more of an identifier of the accessing unit A, a type for every access service desired, a time frame of access requested, a user name, a password, etc.”, where “temporary enrollment request” is analogous to the service access request and where “temporary enrollment request A includes one or more of an identifier of the accessing unit A, a type for every access service desired, a time frame of access requested…” is analogous to the request including an ephemeral public key of the selected ephemeral identity of the user device, due to the identifiers being temporary).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for secure and reliable identity-based computing, disclosed of Shear, by implementing techniques for temporary enrollment in anonymously obtained credentials, comprising the service access unit transmitting the request to include an ephemeral public key of the selected ephemeral identity of the user device, disclosed of Resch. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for requesting access to a service, comprising the service access unit transmitting the request to include an ephemeral public key of the selected ephemeral identity of the user device. This allows for better security management by including an ephemeral identifier for the user device in the request in cases where the communication between the device and token issuer is compromised by an unauthorized entity, the ephemeral identity is only temporary so the information contained in the request cannot be utilized after a specific period of time. Resch is deemed as analogous art due to the art disclosing the use of ephemeral (temporary) identities to maximize security in the system (Resch, Paragraph [0040]). 


Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Shear, in view of Smith et al. (U.S. Patent 10,608,943), hereinafter Smith. 

	Regarding claim 10, Shear teaches The system of claim 6,
	 (Shear, Paragraph [0291], see “…timing anomaly detection may support liveness detection by assiduously observing a user set and/or other party set in the vicinity of at least a portion of such user set computing arrangement, across one or more time intervals, in “real time” to extract relevant biometric and/or contextual features and patterns…Such information may further include employing operating session patterns to detect one or more variations in features that differ from normal and/or expected results by a degree that exceeds, for example, some specified parameter set, such as, a threshold set, deemed to be indicative of the possibility or determination that said results represent inauthentic, spoofed, or otherwise misrepresented biometric information…”) (Shear, Paragraph [0750], see “…particularity management services may employ particularity monitoring that monitors current threat levels. When, for example, a threat level goes over a certain threshold, particularity monitoring may generate an exception causing the operating session to gracefully shutdown services that are not longer viewed as necessary…”) (Shear, Paragraph [1036], see “…AM may use one or more sensor sets to monitor tangible events that may potential disrupt user fulfillment, and take corrective actions, such as block, re-route, encrypt, decrypt, initiate, and/or the like traffic in accordance with situation-specific or default specification sets”).
	Shear does not teach the following limitation(s) as taught by Smith: wherein the token issuer includes a token counter, so as to count the number of tokens provided to each user device (Smith, Column 5, Lines 61 – 64, see “…router 305 includes a set of per-client token counters 315A-N which are initialized at the beginning of each round-robin token allocation round”, where “set of per-client token counters” is analogous to the token issuer including a token counter) (Smith, Column 13, Lines 30 – 32, see “…the router defines a token threshold per client which is the maximum number of tokens that can be allocated by the router to a given client per unit time…”) to deny the provision of further tokens after a maximum threshold is reached.
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for secure and reliable identity-based computing, disclosed of Shear, by implementing techniques for dynamic buffer management, comprising of the token issuer including a token counter to count the number of tokens provided to each user device, disclosed of Smith. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for requesting access to a service, comprising of the token issuer including a token counter to count the number of tokens provided to each user device. This allows for better security management within the system by implementing a token counter to keep track of each token allocated to the user, to enable tracking of each instance where the token is utilized and to make sure the token storage does not overflow when tokens allocated to a user exceed a threshold. Smith is deemed as analogous art due to the art disclosing methods of a token counter to count the number of tokens provided to each user (Smith, Column 5, Lines 61 – 64). 



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499                                                                                                                                                                                                        
/PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499