DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 05/10/2022.
Status of claims in the instant application:
Claims 1-5, 8, 10-14, 16-19, 23-25, 27-32, 34 and 36-38 are pending.
Claims 6-7, 9, 15, 20-22, 26, 33 and 35 have been canceled.
Claims 1, 8, 10, 16, 19, 23-25, 31, 34 and 36 have been amended.
Claims 37 and 38 have been newly added.
Response to Arguments
Applicant’s arguments, see page [9-11] of the remarks filed on 05/10/2022, with respect to rejections of  claims under 35 USC 103 have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Allowable Subject Matter
Claims 1-5, 8, 10-14, 16-19, 23-25, 27-32, 34 and 36-38 are allowed, but they are renumbered as claim 1-28.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 05/10/2022  in response to office action mailed on 02/15/2022. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
PAT US 9160727 B1, Saylor et al.: Saylor discloses a server system maintains data indicative of credentials held by multiple different users. Each of the credentials has been issued by a credential granting authority that is separate from an entity that operates the server system. The server system receives selection data that indicates how credential data of a first user is to be made available to other users. Based on the selection data, the server system stores availability data that indicates how credential data of the first user is to be made available to the other users. The server system also maintains a location of a mobile computing device associated with the first user and, based on the availability data and the location, provides, to at least a second user, information about at least one credential held by the first user in association with an indication of the location.
PGPUB US 20130073460 A1, Paquin et al.: Paquin discloses a system and method for enabling paid-for exchange of identity attributes with minimal disclosure credentials. An exemplary method includes requesting a credential from an identity provider by one of a user or a credential agent. The credential may be presented to a relying party, and the presented credential may be verified. Based on verification of the presented credential, a service of the relying party may be accessed by the user. The user, the relying party, a neutral third party, or the credential agent may provide payment for the credential to the identity provider, and the identity provider is unable to determine whether, where, when or by whom the credential has been used.
PGPUB US 20090132813 A1, Schibuk: Schibuk discloses apparatus and methods perform transactions in a secure environment between an individual and another party, such as a merchant, in various embodiments. The individual possesses a mobile electronic device, such as a smartphone, that can encrypt data according to a public key infrastructure. The individual authenticates the individual's identity to the device, thereby unlocking credentials that may be used in a secure transaction. The individual causes the device to communicate the credentials, in a secure fashion, to an electronic system of a relying party, in order to obtain the relying party's authorization to enter the transaction. The relying party system determines whether to grant the authorization, and communicates the grant and the outcome of the transaction to the device using encryption according to the public key infrastructure.
The present invention relates to apparatus and computer-implemented methods for distributed public key infrastructures (PKI). More specifically, the present invention relates to credential services, such as authenticating individuals and distributing data, using a distributed public key infrastructure, and includes in various embodiments the use of mobile telephones and flash memory to these ends.
USPGPUB: 20160094540 (CAMENISCH et al.): Methods and apparatus are provided for authenticating user computers in distributed single sign-on systems. A user computer is connectable via a network to a plurality of verifier servers and a plurality n of authentication servers. Through communication with authentication servers, the user computer can generate a cryptographic token for authenticating the user computer to a selected verifier server under a username identifying the user computer to that verifier server. A second preferred embodiment of the SSO process will now be described with reference to FIGS. 7 and 8a to 8c. In this embodiment, the cryptographic mechanism used for token generation and verification is based on privacy-preserving attribute-based credentials (Privacy-ABCs, or "PABCs" hereinafter). PABCs. At a high level, a PABC system allows users to obtain credentials on lists of attributes certified by credential issuers. The users can then use these credentials to derive so-called presentation tokens that selectively reveal partial information about the credential attributes and can be verified by a verifying party using the credential issuer's public key. The presentation tokens have the privacy features that they do not expose any information about the credentials or credential attributes beyond what was explicitly revealed by the token, and they are untraceable in that an issuer cannot trace a presentation token back to the issuance of the credential from which it was derived. Credentials and presentation tokens. A credential is a certified list of attribute values, and is issued to a user by a credential issuer. The user can derive a presentation token from one or more of his credentials using a "PABC: Present" algorithm, and thereby reveal a subset of the attributes in those credentials.
USPGPUB: 20100325441 (Laurie et al.): Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.
NPL: Efficient Selective Disclosure on Smart Cards Using Idemix (Vullers et al.): This discloses an efficient implementation for selective disclosure of attribute-based credentials on smart cards. In this context we concentrate on the implementation of this core feature of IBM’s Identity Mixer (Idemix) technology. Using the MULTOS platform we are the first to provide this feature on a smart card. We compare Idemix with Microsoft’s U-Prove technology, as the latter also offers selective disclosure of attributes and has been implemented on a smart card. Unique identiﬁers are used to identify entities during authentication and/or authorisation, but actually in most use cases identiﬁcation is not necessary. For instance, when you want to buy liquor, a merchant only needs to verify that you are of a certain age. The same holds when boarding a train; the system only needs to know whether or not you are allowed to do so, and there is no direct need for the system to know exactly who you are. A more privacy-friendly approach is possible by using attribute-based credentials. Instead of providing lots of identity information to the service provider, the user can now just provide the required attributes, such that the service can be accessed without the user revealing his identity. The Identity Mixer (Idemix) technology [7, 8, 9] developed by IBM Research to implement attribute-based credentials. This system allows the user to receive a signed list of attributes from a trusted party which can then be used to convince a service provider. A core feature of this technology, selective disclosure, enables a user to control which attributes from this list get revealed to the service provider. A user may have several credentials, each asserting some collection of attributes. When requesting a service from a service provider, the user is required to authenticate using one (or more) of his/her credentials. In the veriﬁcation process the user can choose to only provide certain credentials; also, given a speciﬁc credential, the user may choose to reveal only a subset of attributes in the credential. By doing this, authentication becomes more privacy friendly. This latter process is called selective disclosure, involving a veriﬁcation protocol in which only a subset of the credential attributes is revealed to the veriﬁer while the other attributes are only proved to be present in the credential. This allows a user to reveal only the necessary attributes and prove that the credential belongs to him/her. The service provider can verify all information that has been sent, including the issuer’s signature.
However, none of the prior arts of record, alone or in combination, discloses all the limitations of the amended independent claims 1, 16 and 31 specifically they do not disclose the combination of claim limitations as recited in amended independent amended claims, “for a given credential having credential data, authorizing a subset of the credential data to be sent to a device of a relying party that is different from the holder, wherein the subset of the credential data selected from the credential data depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the relying party; transmitting a cryptogram from a device of the holder to the device of the relying party using a direct NFC or Bluetooth communication link between the device of the holder and the device of the relying party, the cryptogram including the subset of the credential data and being generated as a function of cryptographic information associated with a device of the holder; presenting the cryptogram to a verification service for verification and receiving, in response to the verification, a verified version of the subset of the credential data; and displaying at least some of the verified version of the subset of the credential data on a screen of the device of the relying party”.
Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed because of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434