DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the amendment filed on 03/24/2022. Claims 1, 5 – 7, and 14 – 16 have been amended. Claims 2 – 4, 11 – 13, and 20 have been canceled. Claims 21 – 26 are new. Claims 1, 5 – 10, 14 – 19, and 21 – 26 are pending for consideration. 

Response to Arguments
In view of the amendments, the 35 U.S.C. 101 rejection is withdrawn.  
Regarding pending claims, the Applicant's arguments have been fully considered but they are moot in view of new ground of rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 10, and 19 are rejected under 35 U.S.C. 112 (b) or 35 U.S.C. 112 (pre-AIA ) second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
The limitation ‘q identifier’ in dependent claims 1, 10, and 19 lacks proper antecedent basis. For the purpose of examination this limitation is treated as an identifier. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 5, 8 – 10, 14, 17 – 19, 22, 24, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Zagarese et al. (US 2018/0181964) (hereafter Zagarese) and in view of Harrison et al. (US 2008/0031456) (hereafter Harrison).

Regarding claim 1 Zagarese teaches: An apparatus comprising: a processor; a memory storing code executable by the processor to: (Zagarese, in Para. [0131] discloses “The processor 4 has access to in-memory storage ("cache") 108, which may for example be implemented, at the hardware level, in volatile electronic storage.” Zagarese, in Para. [0348] discloses “The central service can be implemented in any suitable way and requires at least one processor 114 executing identity management code, and electronic storage components providing secure storage.”)
generate an initial hash of only a seed, wherein the seed is a user attribute (Zagarese, in Para. [0260] discloses “The metadata can be used to generate the credential, for example as a hash of the metadata and a random sequence (seed).” Zagarese, in Para. [0605] discloses “Credentials are generated by creating a random salt value and combining this with the device identification number. The result is then used as the initial seed value for an iteratively generated SHA-2 hash value with the number of rounds of iteration being determined at random.” Zagarese, in Para. [0066] discloses “The at least one bearer attribute may be held in the data store in association with at least one identifier of the bearer”);
generate an initial public group index as a function of the seed (Examiner note: input value for the hash generator is a seed value) (Zagarese, in Para. [0601] discloses “Only the HMAC of the initial hash value is ever stored” Zagarese, in Para. [0156] discloses “The hash of an input value means an output value obtained by applying a hash function, such as an HMAC function, to the input value.” Zagarese, in Para. [0588] discloses “perform SHA-2 hashing iteratively with the stored credential number as the seed value”);
[generate an initial one-time user identifier as an initial identifier output from a public group indexed by the initial public group index, wherein the public group is a corpus of a plurality of q identifiers]
store the initial public group index, (Zagarese, in Para. [0394] discloses “Each time a data item is added to a profile, or an uPass profile is utilized, a new credential is created for that profile and transmitted to the owner of the profile. These credentials are stored in association with the identifier 26 in the uPass for the person 20, and are bound to a profile.”
 generate a plurality of the hashes of the seed and a previous public group index (Zagarese, in Para. [0681] discloses “the hashes are generated from all of the data of the master receipts, including their public indexes” Zagarese, in Para. [0750] discloses “An encrypted database also needs a search facility and this is implemented in one embodiment by storing characteristic cryptographic hashes for each indexable data item.” Zagarese, in Para. [0679] discloses “Because the earlier master receipts 32', 32" have been generated in the same manner as the master receipt 32, one of the public indexes of the first earlier master receipt 32’ will match the H(CB) from the current master receipt 32-that index having been generated in the earlier transaction”);
 iteratively generate a public group index for each hash; (Zagarese, in Para. [0588] discloses “perform SHA-2 hashing iteratively with the stored credential number as the seed value” Zagarese, in Para. [0600] discloses “An improved alternative is to use a key which is generated based upon the serial number using a hashing algorithm such as SHA-2 iteratively. This involves creating a hash for the serial number and then creating a sequence of salted hashes with this value as the starting point” Zagarese, in Para. [0677] discloses “The master receipt is locate by hashing the available credential to generate a search index, which will match the corresponding index of the master receipt 32.” Zagarese, in Para. [0679] discloses “These indexes are public, in that they are not encrypted with the transaction identifier 60”)  
generate a one-time user identifier expressed as a hash chain of identifiers each based on the public group indexed by one of the public group indexes (Examiner note: a one-time identifier building a hash chain of identifiers is met by the number of hashes of all data of master receipt comprising hashes of credentials, i.e., one-time identifiers) (Zagarese, in Para. [0681] discloses “the hashes are generated from all of the data of the master receipts, including their public indexes.” Zagarese, in Para. [0064] discloses “The master receipt may also comprise a hash of the fresh validator credential and/or a hash of the validator credential.”)
verify user attributes from the one-time user identifier and store each generated public group index (Zagarese, in Para. [0024] discloses “The identity attribute may be a data item captured from an identity document.” Zagarese, in Para. [0066] discloses “The at least one bearer attribute may be held in the data store in association with at least one identifier of the bearer” Zagarese, in Para. [0051] discloses “validating the credential, wherein the sharing token is generated only if the bearer credential is valid.”).
Zagarese fails to explicitly teach: generate an initial one-time user identifier as an initial identifier output from a public group indexed by the initial public group index, wherein the public group is a corpus of a plurality of q identifiers
Harrison from the analogous technical field teaches: generate an initial one-time user identifier (Examiner note: one-time user identifier is met by the one-time pad, OTP, comprising one-time user identification functions; broad functions of OTP data/instructions as installed on various devices perform as equivalents to user identifiers, public group indexes and other features of attributes) (Harrison, in Para. [0002] discloses “The term "one-time pad" is therefore frequently used to refer to the secret random data shared by the parties and this term, or its acronym "OTP", is used herein for secret random data shared by more than one party.” Harrison, in Para. [0027] discloses “in generalized form, a user OTP device 10 for storing and using one-time pad data for various applications such as, for example, encryption and identification.” Harrison, in Para. [0052] discloses “This applies not only for the OTP device 10 and the complementary OTP apparatus 20, but also to the trusted data store 21 and the trusted random data generator 24 which should check the attributes of any entity purporting to entitled to receive OTP data before such data is passed on to that entity.”) as an initial identifier output from a public group indexed by the initial public group index (Examiner note: public group index is attributed as an index/pointer to each encryption/hashing as disclosed in Para. [0003] and therefore it is met by the OTP head index) (Harrison, in Para. [0057] discloses “this measure can also be thought of as a pointer or index to the head of the OTP pad and is therefore referred to below as the "head index". Harrison, in Para. [0058] discloses “the head index is sent along with the OTP interaction data (e.g. an OTP encrypted message) to enable the recipient to go directly to the correct OTP data in its one-time pad”) wherein the public group is a corpus of a plurality of q identifiers (Harrison, in Para. [0077] discloses “each of the pads is individually identified and this identity is passed to the complementary OTP apparatus when conducting an OTP interaction” Harrison, in Para. [0011] discloses “holding a plurality of one-time pads, each pad having a different security rating and being intended for use by the device in executing a task to that security rating”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zagarese in view of the teaching of Harrison which discloses functionality and application of the one-time pads as a specified data/instructions by performing variety of functions including identification and indexing as related to attributes in order to improve security of attribute verification (Harrison, [0003, 0011, 0027, 0057, 0058, 0077]).

Regarding claim 5 Zagarese as modified by Harrison teaches: The apparatus of claim, wherein each public group index calculated as a deterministic function of the hash (Examiner note: the index as a part of master receipt is determined by the HMAC function which is deterministic by definition, i.e., no randomness is involved, which means that the same output could be produced/re-computed from the starting conditions) (Zagarese, in Para. [0677] discloses “The master receipt is locate by hashing the available credential to generate a search index, which will match the corresponding index of the master receipt 32.” Zagarese, in Para. [0156] discloses “The hash of an input value means an output value obtained by applying a hash function, such as an HMAC function, to the input value.” Zagarese, in Para. [0256] discloses “if the original credential is made available to the system later by the user, the hash can be re-computed from the available credential, and the resulting value can be used to locate the master receipt.”).

Regarding claim 8 Zagarese as modified by Harrison teaches: The apparatus of claim 1, where a given public group index is the previous public group index for a subsequent verification of the user attributes (Zagarese, in Para. [0679] discloses “Because the earlier master receipts 32', 32" have been generated in the same manner as the master receipt 32, one of the public indexes of the first earlier master receipt 32’ will match the H(CB) from the current master receipt 32-that index having been generated in the earlier transaction” Zagarese, in Para. [0353] discloses “There are two basic workflows, one relating to registration of user identity documents and the other to verification of identity (authentication).” Zagarese, in Para. [0066] discloses “The at least one bearer attribute may be held in the data store in association with at least one identifier of the bearer”).

Regarding claim 9 Zagarese as modified by Harrison teaches: The apparatus of claim 1, wherein the one-time user identifier comprises in the range of 2-4 identifiers (Examiner note: as noted above, one-time user identifier is met by the one-time user/payer credential; the identifier 26 may comprise several credentials) (Zagarese, in Para. [0153] discloses “The credential is a one-time only use credential for the user that is bound to his device 12 and a user identifier uID of the user.” Zagarese, in Para. [0394] discloses “Each time a data item is added to a profile, or an uPass profile is utilized, a new credential is created for that profile and transmitted to the owner of the profile. These credentials are stored in association with the identifier 26 in the uPass for the person 20, and are bound to a profile.”).

Regarding claim 10, claim 10 discloses a method that is substantially equivalent to the apparatus of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 10 and rejected for the same reasons.

Regarding claim 14, claim 14 dependent on claim 13 discloses a method that is substantially equivalent to the apparatus of claim 5 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 14 and rejected for the same reasons.

Regarding claim 17, claim 17 dependent on claim 10 discloses a method that is substantially equivalent to the apparatus of claim 8 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 8 are equally applicable to claim 17 and rejected for the same reasons.

Regarding claim 18, claim 18 dependent on claim 10 discloses a method that is substantially equivalent to the apparatus of claim 9 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 9 are equally applicable to claim 18 and rejected for the same reasons.

Regarding claim 19, claim 19 discloses a medium that is substantially equivalent to the apparatus of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 19 and rejected for the same reasons.

Regarding claim 22 Zagarese as modified by Harrison teaches: The apparatus of claim 1, wherein the one-time user identifier UI is calculated as UI = I_0, I_1, I_2, where I_0, I_1, and I_2 are identifiers (Examiner note: as noted above, the one-time user identifier is met by the one-time pad, OTP; creation of UI is met by the procedure of the OTP creation by Harrison) (Harrison, in Para. [0056] discloses “the device 10 preferably sends the OTP apparatus an identifier of the one-time pad that the device is proposing to use.” Harrison, in Para. [0065] discloses “One way of enabling the OTP apparatus to determine quickly which is the correct pad of OTP data to use in respect of a particular device 10, is for each pad to have a unique identifier which the device sends to the apparatus when an OTP interaction is to be conducted.”)

Regarding claim 24, claim 24 dependent on claim 10 discloses a method that is substantially equivalent to the apparatus of claim 22 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 22 are equally applicable to claim 24 and rejected for the same reasons.

Regarding claim 26, claim 26 dependent on claim 19 discloses a product that is substantially equivalent to the apparatus of claim 22 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 22 are equally applicable to claim 26 and rejected for the same reasons.

Claims 6, 7, 15, 16, 21, 23, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Zagarese and Harrison as applied to claim 1 and in view of Acar et al. (US 2014/0281525) (hereafter Acar).

Regarding claim 6 Zagarese as modified by Harrison fails to explicitly teach: The apparatus of claim 1, wherein each public group index calculated as hard discreet logarithm function over the public group over the hash.
Acar from the analogous technical field teaches: The apparatus of claim 1, wherein each public group index calculated as hard discreet logarithm function over the public group over the hash (Acar, in Para. [0315] discloses “Step 406 refers to computing discrete logarithmic cryptographic group based values using at least some proof components.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zagarese, as modified by Harrison, in view of the teaching of Acar which discloses application of discrete logarithmic function as a part of the cryptographic procedure in order to make cryptographic process of Zagarese more security resistant against external influences (Acar, [0315]). 

Regarding claim 7 Zagarese as modified by Harrison, fails to explicitly teach: The apparatus of claim 1, wherein each public group index calculated as a hard logarithm function over the public group.
Acar from the analogous technical field teaches: The apparatus of claim 1, wherein each public group index calculated as a hard logarithm function over the public group (Examiner note: application of discrete logarithm function to build up the group of indexes/integers is met by application of discrete logarithm function to generate a group of credential parameters) (Acar, in Para. [0220] discloses “One or more credential parameters, such as a public cryptographic key, may be generated with/without any bilinear pairings and/or based on discrete logarithms” Acar, in Para. [0017] discloses “the cryptographic data may include a verifier-generated challenge value that also is an element of a prime-order cryptographic group construction, including a prime-order additive subgroup of integers. This construction may be built without anything that could be considered a bilinear pairing between subgroups of integers and instead, may be based upon a discrete logarithmic group”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zagarese, as modified by Harrison, in view of the teaching of Acar which discloses application of discrete logarithmic function as a part of the cryptographic procedure in order to make cryptographic process of Zagarese more flexible and security resistant against external influences (Acar, [0017, 0220]).

Regarding claim 15, claim 15 dependent on claim 13 discloses a method that is substantially equivalent to the apparatus of claim 6 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claim 16, claim 16 dependent on claim 13 discloses a method that is substantially equivalent to the apparatus of claim 7 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 7 are equally applicable to claim 16 and rejected for the same reasons.

Regarding claim 21 Zagarese as modified by Harrison, fails to explicitly teach: The apparatus of claim 1, wherein the public group index PGI is calculated as PGI = gH mod q where g is the public group, and H is the hash.
Acar from the analogous technical field teaches: The apparatus of claim 1, wherein the public group index PGI is calculated as PGI = gH mod q where g is the public group, and H is the hash (Examiner note: computation of PGI using equation 2 is met by computation procedure of Acar discrete logarithm function disclosed in Para [247, 256 – 260]) (Acar, in Para. [0221] discloses “G represents a standardized cryptographic cyclic group, whose order is a prime q” Acar, in Para. [0247] discloses “For each iEC, r_i:=-co_i+w_i mod q” Acar, in Para. [0223] discloses “Step 306 examines the credential's attribute data and identifies a revocation attribute comprising a unique user identifier  x_id that is a member of the set of attribute values {Ai, ... , An} either in the form of cleartext data (e.g., an integer) or encoded data (e.g., a hash value).”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zagarese, as modified by Harrison, in view of the teaching of Acar which discloses computation of values equivalent to group identifications in order to  improve cryptographic process of Zagarese (Acar, [0223, 0247, 0256-0260]).

Regarding claim 23, claim 23 dependent on claim 10 discloses a method that is substantially equivalent to the apparatus of claim 21 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 23 and rejected for the same reasons.

Regarding claim 25, claim 25 dependent on claim 19 discloses a product that is substantially equivalent to the apparatus of claim 21 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 25 and rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Applicant's amendment necessitated the new ground(s) of rejection presented in
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37
CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE
MONTHS from the mailing date of this action. In the event a first reply is filed within
TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Vladimir I. Gavrilenko/Examiner, Art Unit 2431        

/TRANG T DOAN/Primary Examiner, Art Unit 2431