DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings

Figures 2 and 15 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 710, 712, 714, 718, 722, 726, 746, 748, 750, 754, 758, 762 (see Figure 7), and 42 (see Figure 9D).  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application.
The drawings are objected to because they include informalities.  In particular, in Figure 8, element 102a, it appears that “Pseudo name” should read “Pseudonym”.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application.
Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification

The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed.  The following title is suggested: Revoking Verified Claims of User Identity.
The abstract of the disclosure is objected to because it includes legal phraseology of the type often used in patent claims (e.g. “comprising”, “wherein”), which is to be avoided in the abstract.  Further, in line 6, it appears that “the request” may be intended to refer to the first request recited earlier.  Correction is required.  See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:  
The specification does not include a brief summary of the invention as per 37 CFR 1.73.  See also MPEP § 608.01(d).  If the summary was intentionally omitted, Applicant is requested to make a statement on the record confirming this omission.
The specification includes minor grammatical and other errors.  For example, in paragraph 0005, line 1, the phrase “for enrolling for and/or sharing” is grammatically unclear.  See also paragraphs 0006, 0007, and 0013, for example, as well as at the corresponding detailed descriptions of the respective figures.  In paragraph 0027, line 7, it appears that the hyphen in “opts-in” should be deleted.  In paragraph 0029, lines 4-5, the phrase “scores based local device data comparisons” appears to be missing a preposition or other critical language.  In paragraph 0039, line 4, the phrase “to onboard with” is grammatically unclear.  In paragraph 0046, line 12, it appears that the comma after “optional” should be replaced with a period.  In paragraph 0046, lines 12-16, the phrase “may be specific to the electronic device 102 by one or more of a hardware reference key… a software reference key…, a hardware device identifier, and/or a software device identifier” is grammatically unclear.  That is, it is not clear what is meant by specific to the device by a key or by an identifier.  This is not in clear idiomatic English.  See also paragraph 0052  In paragraph 0049, lines 2-3, the statement that the “secure hardware component… may be implemented in software” appears to be contradictory.  In paragraph 0050, line 11, and elsewhere in the specification, it appears that “in serial” should read either “in series” or “serially”.  In paragraph 0062, line 1, it appears that an article (e.g. “a” or “the”) should be inserted before “claim of identity”.  In paragraph 0062, lines 3-4, the phrase “is further to the specific electronic device” appears to be missing a verb or other critical language.  In paragraph 0063, line 8, and elsewhere in the specification, “pseudo name” should read “pseudonym”.  In paragraph 0073, line 3, the phrase “requiring the user to user manually enter” is grammatically unclear and not in proper idiomatic English.  In paragraph 0099, line 7, the abbreviation “AP” is used without having been defined.  In paragraph 0203, line 4, there is an unmatched left parenthesis.
Appropriate correction is required.  The above is not intended as an exhaustive list of errors in the specification.  The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
The use of the terms Bluetooth, Zigbee, and Java, which are trade names or marks used in commerce, has been noted in this application. The terms should be accompanied by the generic terminology; furthermore the terms should be capitalized wherever they appear or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the terms.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) is permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 20 does not fall within at least one of the four categories of patent eligible subject matter because the claim is directed to a computer program product comprising code stored in a tangible computer-readable storage medium.  The broadest reasonable interpretation of a computer-readable storage medium typically covers both forms of non-transitory media and transitory propagating signals per se in view of the ordinary and customary meaning of machine-readable storage media (for example, as defined by usage in issued patents and published patent applications).  The specification does not provide a limiting definition of a computer-readable storage medium (tangible or otherwise) that clearly excludes carrier waves or other transitory signals.  Although the specification states that a tangible computer-readable storage medium “can be non-transitory” (see paragraphs 0204-0206 of the specification), this is not a clear exclusion of transitory signals.  A signal does not constitute statutory subject matter, because it is neither a process, a machine, an article of manufacture, nor a composition of matter, and therefore does not fall within any of the statutory classes of invention.  See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007), and MPEP § 2106.03(I).  See also “Subject Matter Eligibility of Computer Readable Media”, 1351 Off. Gaz. Pat. Office.  When a claim encompasses both statutory and non-statutory subject matter, the claim as a whole is considered to be directed to non-statutory subject matter.  See MPEP § 2106(II).

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “a verified claim” in line 2.  It is not clear by whom or what this claim is verified or what standard is used for verification.  The claim further recites “the verified claim comprising information…” in lines 2-3.  It is not clear what this phrase is intended to modify or how it is otherwise intended to relate grammatically to the remainder of the claim, although it appears that it may be intended as a “wherein” clause or similar.  The above ambiguities render the claim indefinite.
Claim 2 recites “a request” in line 1.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.
Claim 3 recites “wherein the verified claim is specific to the device by at least one of a hardware reference key that references the device, a software reference key that references the device, a hardware device identifier, or a software device identifier” in lines 1-3.  The phrase “specific to the device by” is grammatically unclear.  That is, it is not clear what is meant by specific to the device by a key or by an identifier.  This is not in clear idiomatic English.  Further, the terms “hardware reference key” and “software reference key” do not appear to be clearly defined in the specification or clearly differentiated; similarly, the terms “hardware device identifier” and “software device identifier” do not appear to be clearly differentiated in the specification.
Claim 4 recites “the hardware reference key is a public key” in line 1.  If the verified claim is “specific to the device by” one of the other listed alternatives, then it appears that there would not be clear antecedent basis for the hardware reference key.  Further, it is not clear how a public key would be a “hardware reference key” as recited.
Claim 5 recites “a request” in line 1.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.  The claim further recites “the device is configured to delete the private key” in line 2.  It is not clear whether this deletion is intended to be a step of the claimed method.
Claim 6 recites “a request” in line 2.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.  The claim further recites “the request” in line 2.  It is not clear to which of the plural requests this limitation is intended to refer.  The claim additionally recites “the hardware reference key” in lines 2-3; however, if the verified claim is “specific to the device by” one of the other listed alternatives, then it appears that there would not be clear antecedent basis for the hardware reference key.  The claim also recites “generating and signing the verified claim based on based on verification of the information…” in lines 4-5.  First, the phrase “based on based on” appears to be redundant.  Further, if the verified claim is already stored on the device as recited in Claim 1, then the timing of the step of generating and signing is not clear.
Claim 7 recites “the hardware reference key” in line 1.  If the verified claim is “specific to the device by” one of the other listed alternatives, then it appears that there would not be clear antecedent basis for the hardware reference key.
Claim 8 recites “a request” in line 2.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.
Claim 12 recites “the device is further configured to: receive… and display”.  It is not clear whether the receiving and displaying are intended to be additional steps of the claimed method.
Claim 13 recites “the device is further configured to: receive… and remove”.  It is not clear whether the receiving and removing are intended to be additional steps of the claimed method.
Claim 14 recites “a verified claim” in line 5.  It is not clear by whom or what this claim is verified or what standard is used for verification.  The claim further recites “the verified claim comprising information…” in lines 5-6.  It is not clear what this phrase is intended to modify or how it is otherwise intended to relate grammatically to the remainder of the claim, although it appears that it may be intended as a “wherein” clause or similar.  The claim additionally recites “a hardware reference key” in line 7.  This term does not appear to be clearly defined or differentiated in the specification.  The claim also recites “the hardware reference key is a public key” in line 8.  It is not clear how a public key would be a “hardware reference key” as recited.  The claim further recites “the request” in line 10.  It appears that this is intended to refer to the first request, but it is recommend that this be made explicit.  The above ambiguities render the claim indefinite.
Claim 15 recites “a request” in line 1.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.
Claim 16 recites “a request” in line 1.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.  Further, the recitation that “the device is configured to delete the private key” in line 2 does not appear to provide a clear limitation on the claimed system, since the device appears to be external to the system.
Claim 17 recites “a request” in line 3.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.  The claim further recites “the request” in line 3.  It is not clear to which of the plural requests this limitation is intended to refer.  The claim additionally recites “generate and sign the verified claim based on based on verification of the information…” in line 5.  First, the phrase “based on based on” appears to be redundant.  Further, if the verified claim is already stored on the device as recited in Claim 14, then the relative timing of generating and signing is not clear.
Claim 19 recites “a request” in line 3.  It is not clear if this is a distinct request from the first or second request or if it is intended to refer to a third or further additional request.
Claim 20 recites “a verified claim” in line 3.  It is not clear by whom or what this claim is verified or what standard is used for verification.  The claim further recites “the verified claim comprising information…” in lines 3-4.  It is not clear what this phrase is intended to modify or how it is otherwise intended to relate grammatically to the remainder of the claim, although it appears that it may be intended as a “wherein” clause or similar.  The claim additionally recites “a hardware reference key” in lines 4-5.  This term does not appear to be clearly defined or differentiated in the specification.  The claim additionally recites “the hardware reference key having been generated by the device in association with a hardware component of the device” in lines 5-6.  It is not grammatically clear what this phrase is intended to modify or how it is otherwise intended to relate grammatically to the remainder of the claim, and the tense of the verb “having been generated” is unclear as to whether this is an active step performed by the code.  The claim further recites “the request” in line 7.  It appears that this is intended to refer to the first request, but it is recommend that this be made explicit.  The above ambiguities render the claim indefinite.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dillaway et al, US Patent 8095969.
In reference to Claim 1, Dillaway discloses a method that includes receiving by a server a first request to revoke a verified claim that includes information to identify a user of the device and that is specific to and stored on the device (column 10, line 64-column 12, line 14, discussing revocation of security assertions and the format used); and in response to the first request, sending a second request to revoke the claim and adding the claim to a revocation list (column 13, lines 53-65, comparing to set of revoked assertion identifiers, i.e. revocation list).
In reference to Claim 2, Dillaway further discloses a request to delete the claim (column 14, lines 23-30, revoked assertions removed).
In reference to Claims 3-5 and 7, Dillaway further discloses hardware or software reference keys or hardware or software device identifiers, such as a public key, where revocation deletes the corresponding private key (see column 7, lines 14-25, public key, for example).
In reference to Claim 6, Dillaway further discloses signing the claim (see column 13, lines 25-33, assertions signed).
In reference to Claim 8, Dillaway further discloses receiving a request for status of the claim and transmitting an indication that the claim is revoked (see column 13, line 53-column 14, line 6).
In reference to Claim 9, Dillaway further discloses a service provider using the revocation list (see column 3, lines 21-37, services).
In reference to Claims 10 and 11, Dillaway further discloses receiving the first request from a service or user (see column 10, line 64-column 12, line 14).
In reference to Claims 12 and 13, Dillaway further discloses receiving input to display information or revoke the claim (see column 10, line 64-column 12, line 14; column 13, lines 53-65).

Claims 14-19 are directed to systems having functionality corresponding substantially to the methods of Claims 1-8, and are rejected by a similar rationale, mutatis mutandis.
Claim 20 is directed to a software implementation of the method of Claim 1 in combination with limitations of Claims 3 and 7, and is rejected by a similar rationale, mutatis mutandis.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Aull et al, US Patent 7206936, discloses a method for revoking tokens including keys or certificates.
Gressel et al, US Patent 8261979, discloses a method that includes revoking a token if lost or stolen.
Brown et al, US Patent 8639926, discloses a service that dynamically revokes an assertion.
Dalzell et al, US Patent 8850550,discloses a service that revokes an identity claim if a token is not valid.
Trammel et al, US Patent 9038138, discloses a technique for remote revocation of authorizations or a token if a device is lost, stolen, or compromised.
Lund et al, US Patent 9648003, discloses a method for delegating authorizations in which a token can be revoked and replaced if stolen.
Houser, US Patent Application Publication 2004/0181665, discloses a method that includes revoking a trust assertion based on an assessment.
Bhargava et al, US Patent Application Publication 2019/0028460, discloses a method where an identity assertion can be revoked.
Last et al, US Patent Application Publication 2019/0236257, discloses a token having privileges that can be revoked if lost or stolen.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492