Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 10/16/2020 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) have been considered by the examiner.

Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-10 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites, “converting and encrypting the original information to generate an encrypted authentication information corresponding to the original information.” (emphasis added) In light of the specification, the emphasized features are confusing because the conversion is described as converting the physical information or biological information into encrypted physical information or encrypted biological information. Thus, it makes no sense to convert the original information and then encrypt the original information after it already has been encrypted because the specification describes converting which results in encrypted information. 
Claims 2-10 are also rejected for being dependent upon rejected base claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 5-10 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. 10,826,703 to Shipley (hereinafter Shipley), in view of U.S. 2016/0110528 to Gupta et al. (hereinafter Gupta). 
Regarding claim 1, Shipley teaches,
A composite identity authentication method, comprising: 
1) obtaining original information, wherein the original information comprises physical information, biological information or mixed information for identifying an identity of a user; and …
Shipley teaches the storage of identity data (“original information”) that includes both images of physical information (“physical information”), biometric data (“biological information”) and the use of both physical information and biometric information (“mixed information”) used to identify individuals (“for identifying an identity of a user”), which is stored in a distributed ledger / blockchain. (Shipley, Abstract) Additionally, Fig. 2 of Shipley teaches physical credentials and biometric data 206 being stored together, which corresponds to “mixed information.”
… converting and encrypting the original information to generate an encrypted authentication information corresponding to the original information; 
Shipley also teaches encrypting of identity data by encrypting / hashing of the identity data. (See, Shipley, Abstract, referring to obfuscated version and/or hash digest of identity data) (See also, Shipley, Col. 7, lines 43-45; (24), which describes fig. 1B and states “The public ledger 108 may store a hashed, encrypted, and/or otherwise obfuscated version of the identity data 110 for individual(s).”) 
The examiner interprets the encrypting as corresponding to hashing the original information / identity data. (See, printed publication of the applicant’s invention, first sentence of [0033], which teaches that the hashed original information / identity data is the encrypted information.)
2) sending the encrypted authentication information to a blockchain network, and storing the encrypted authentication information in the blockchain network; 
As stated above, Shipley teaches the storage of (hashed) identity data (“encrypted authentication information”) in a distributed ledger (“blockchain network”). (Shipley, Abstract) 
3) linking a plurality of terminals with the blockchain network to synchronize the encrypted authentication information; and … 
Shipley in fig. 1B teaches a requesting device 102 (“terminal”) that is connected to (“linking”) a distributed ledger 108 (“blockchain”). 
Shipley teaches that the distributed ledger may be called by requesting entities and/or devices (“linking a plurality of terminals with the blockchain network”). (Shipley, Col. 1, lines 32-41; (2))
Shipley teaches that the identity data in the ledger may be updated (“synchronize the encrypted authentication information”), and that a history of the updates may also be tracked and updated (412) when updates to the identity data are made and when requests to use the identity data are made. (Shipley, Col. 10, lines 15-27; (38))
Shipley fails to teach,
… selecting corresponding encrypted authentication information as an authentication condition of each of the terminals according to a set security level; 
However, Gupta teaches the above features, 
Gupta teaches multifactor authentication that uses two or more authentication factors including a knowledge factor (e.g., password or PIN), a possession factor (e.g., key fob or smart card), and an inherence factor (e.g., biometrics such as a fingerprint or iris scan). (Gupta, [0037]) 
Gupta teaches a computing device that selects the authentication factors and/or determines the number of authentication factors (“selecting corresponding encrypted authentication information as an authentication condition”) based on the determined vulnerability value (“set security level”), and evaluate the authentication factors to authenticate a user, application, or activity. (Gupta, [0048]) The vulnerability value may be based on historical behaviors of the software applications currently operating on the device, and/or other behaviors, events, or conditions detected in the device (“an authentication condition of each of the terminals according to a set security level”). (Gupta, [0048])
Gupta also teaches that critical behaviors such as payment activities / transactions, accessing PIN or passwords, or receiving / sending encrypted communications may, for a large number of devices (“each of the terminals”) stored in a cloud server or network and sent to the computing device, for analysis. (Gupta, [0065])
Gupta also teaches that the behavior observer module 202 may receive the initial set of behaviors and/or factors from a server and/or a component in a cloud service or network. (Gupta, [0091])  
Shipley teaches the following features,
4) obtaining verification information, and converting and encrypting the verification information to generate encrypted verification information; and 
Shipley teaches that a “credential to be verified” / “presented image” (“obtaining verification information”) may be compared to a credential from the ledger.  (Shipley, Col. 8, lines 4-6) The credential generated by application 104 in the requesting device 102 may be hashed (“ encrypting the verification information to generate encrypted verification information”), which would be compared to the ledger 108 which stores obfuscated / hashed data, as shown in fig. 1B. (Shipley, Col. 8, lines 8-10)
Shipley teaches the following features, with the exception of the underlined features,
5) comparing the encrypted verification information with the encrypted authentication information for the authentication based on the authentication condition of the terminal; and determining that the authentication is passed when the encrypted verification information is consistent with the encrypted authentication information.  
	Shipley teaches that a hash of a credential (“encrypted verification information”) is compared to a stored hash on the ledger 108 (“encrypted authentication information”), where the comparison may be performed in the distributed ledger 108 or in the application 104 of the requesting device 102. (Shipley, Col. 8, lines 12-18; last sentence of (26)) 
This comparison is performed to “verify the individual’s identity,” (Shipley, Col. 8, line 18), which corresponds to “determining that the authentication is passed when the encrypted verification information is consistent with the encrypted authentication information.”
Gupta teaches the above underlined features,
As previously stated above, Gupta in [0048] teaches selecting the authentication factors based on behaviors and conditions in each of the devices.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shipley, which teaches a distributed leger that stores identity data (e.g., physical credentials and biometrics) that are used for authentication / verification of a user’s identity, with Gupta which teaches using behavioral analysis and machine learning techniques to identify security issues, where in response to the behaviors a transaction type criticality value, a user confidence value multifactor authentication operations may be chosen and performed, where the behavioral / transaction features are used to determine the number and type (e.g., physical credentials and biometrics) of authentication factors that are to be used, as discussed in Gupta’s Abstract.
One of ordinary skill in the art would have been motivated to perform such an addition to provide Shipley authentication system using a distributed leger that stores multiple credentials for each user (e.g., physical credentials and biometrics) with the capability of adjusting and choosing authentications factors, including number of authentication factors, based on the conditions in the user’s device, behaviors of the user on the user’s device, and transaction type.

Regarding claim 2, Gupta teaches,
The composite identity authentication method of claim 1, wherein the authentication condition is generated by the encrypted authentication information that is converted and encrypted from single original information, or is generated by the encrypted authentication information that is converted and encrypted from composite original information through logic and/or computing.  
	The examiner interprets the above feature as corresponding the authentication condition is generated from single original information or composite information (i.e., multi-factor authentication). 	
Gupta above teaches a computing device that selects the authentication factors and/or determines the number of authentication factors (“authentication condition is generated by … the encrypted authentication information that is converted and encrypted from composite original information”) based on the determined vulnerability value, and evaluate the authentication factors to authenticate a user, application, or activity. (Gupta, [0048])
Thus, Gupta teaches an authentication condition that may be multi-factored. 

Regarding claim 3, Shipley teaches,
The composite identity authentication method of claim 1, wherein each of the terminals is provided with identification information which is independent; 
in the step 1, the encrypted authentication information is bound with the identification 1information; 
Shipley in fig. 2 depicts the identification data 208 (“identification information”) that is stored in the blockchain. (Shipley, Col. 8, lines 43-47) The identification data 208 (“identification information”) is associated with (“bound with”) the biometric data 206 (“encrypted authentication information”).
in the step 2, the identification information is sent and stored in the blockchain network together with the encrypted authentication information; and 
See Shipley in fig. 2 which includes both identification data 208 (“identification information”) stored with / associated with the biometric data 206 (“encrypted authentication information”)
in the step 3, each of the terminals searches for the encrypted authentication information bound with the identification information in the blockchain network based on the identification information of each of the terminals.  
	Shipley teaches a merchant that authenticates a user by providing the user’s identifier (e.g., name, ID number) in a request 106 of fig. 1A. (See Shipley, Col. 6, line 66 to Col., 7 line 2). Then the identity data 118 (of fig. 2) in the blockchain / ledger 116 may be accessed for the purpose of verification / authentication. (Shipley, Col. 7, lines 7-10).
	
Regarding claim 5, Shipley teaches,
The composite identity authentication method of claim 1, wherein the mixed information is composed of specific physical information and specific biological information. (emphasis added) 
	Shipley’s Abstract states, “Techniques are described for providing delegated access to identity data stored on distributed ledger(s), in which the identity data can include image(s) of physical credential(s) (“physical information”) and (“mixed information”) biometric data (“specific biological information”) used to identify individual(s).” 
Additionally, Fig. 2 of Shipley teaches physical credentials 202 and biometric data 206 being stored together, which corresponds to “mixed information.”

Regarding claim 6, Gupta teaches,
A composite identity authentication system in which the authentication is performed by using the composite identity authentication method of claim 5.  
The examiner interprets the above feature as using the “mixed information” of two different authentication factors such as a physical credential and a biometric credential. 
Gupta teaches multifactor authentication that uses two or more authentication factors including a knowledge factor (e.g., password or PIN), a possession factor (e.g., key fob or smart card), and an inherence factor (e.g., biometrics such as a fingerprint or iris scan). (Gupta, [0037]) 
	
Regarding claim 7, Shipley teaches,
The composite identity authentication system of claim 6, wherein the physical information and/or the biological information are adopted for the authentication in the terminals.  
	As discussed above in the rejection of claim 1, Shipley teaches that a hash of a credential (“encrypted verification information”) is compared to a stored hash on the ledger 108 (“encrypted authentication information”), where the comparison may be performed in the ledger 108 or in the application 104 of the requesting device 102 (“terminal”). (Shipley, Col. 8, lines 12-18; last sentence of (26)) Thus, verification is performed at the client device.

Regarding claim 8, Gupta teaches,
The composite identity authentication system of claim 6, wherein the mixed information is adopted for the authentication in the terminals.  
Gupta teaches multifactor authentication (“mixed information”) that uses two or more authentication factors including a knowledge factor (e.g., password or PIN), a possession factor (e.g., key fob or smart card), and an inherence factor (e.g., biometrics such as a fingerprint or iris scan). (Gupta, [0037]) 

Regarding claim 9, Shipley and Gupta teach,
The composite identity authentication system of claim 6, wherein the physical information, the biological information and the mixed information are adopted for the authentication in the terminals.  
Gupta teaches multifactor authentication (“mixed information”) that uses two or more authentication factors including a knowledge factor (e.g., password or PIN), a possession factor (e.g., key fob or smart card) (“physical information”), and an inherence factor (e.g., biometrics such as a fingerprint or iris scan) (“biological information”). (Gupta, [0037]) 
	As discussed above in the rejection of claim 1, Shipley teaches that a hash of a credential (“encrypted verification information”) is compared to a stored hash on the ledger 108 (“encrypted authentication information”), where the comparison may be performed in the ledger 108 or in the application 104 of the requesting device 102 (“terminal”). (Shipley, Col. 8, lines 12-18; last sentence of (26))  
Additionally, Fig. 2 of Shipley teaches physical credentials 202 and biometric data 206 being stored together, which corresponds to “mixed information.”

Regarding claim 10, Shipley teaches,

The composite identity authentication system of claim 6, wherein the terminal locally stores the encrypted authentication information.
As discussed above in the rejection of claim 1, Shipley teaches that a hash of a credential (“encrypted verification information”) is compared to a stored hash on the ledger 108 (“encrypted authentication information”), where the comparison may be performed in the ledger 108 or in the application 104 of the requesting device 102 (“terminal”). (Shipley, Col. 8, lines 12-18; last sentence of (26))  	
	Thus, to perform the comparison of the hashed credential from the ledger 108 (“encrypted authentication information”) in then requesting device 102 (“terminal”) the hashed credential from the ledger 108 must be provided to the requesting device 102, and thus is locally stored (“terminal locally stores the encrypted authentication information”).  


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Shipley, in view of Gupta, and in further view of US 2018/0343120 to Andrade (hereinafter Andrade). 
Regarding claim 4, Andrade teaches,
The composite identity authentication method of claim 1, wherein a request is sent to the blockchain network through the terminal to mark the encrypted authentication information, so as to add an authorized identity of the user; 
another request is sent to the blockchain network through the terminal to reversely mark the encrypted authentication information, so as to delete the authorized identity of the user.  (emphasis added)
Shipley does not appear to teach deleting or removing authentication / identity information from the blockchain.
Andrade teaches a universal decentralized solution for verification of users that uses a blockchain. (Andrade, Abstract, first sentence)  
Andrade further teaches in steps 610 and 612-618 of fig. 6, a process for establishing a secure verification address for a digital user identifier or biometric identification data of a user related to verified documents of a user on the distributed ledger comprises steps of (a) activating an interface configured to add (“to add an authorized identity of the user”) or delete (“to delete the authorized identity of the user”) data related to verified documents or biometric identification data associated with the user. (Andrade, first sentence [0106])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Shipley, which teaches a distributed leger that stores identity data (e.g., physical credentials and biometrics) that are used for authentication / verification of a user’s identity, with Andrade, which teaches a universal decentralized solution for verification of users that uses a blockchain to verify a user (Andrade, Abstract) and that further teaches adding and deleting identification / verification data from the blockchain.
One of ordinary skill in the art would have been motivated to perform such an addition to provide the ability to add and delete identity / verification data from the blockchain for the purpose of updating the blockchain.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./



/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495