DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 02/14/2022.
Claims 1 and 8-9 have been amended and all other claims are previously presented.
Claims 1-5 and 7-9 are submitted for examination.
Claims 1-5 and 7-9 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment filed on February 14, 2022 has claims 1 and 8-9 have been amended, and all other claims are previously presented. Among the amended claims, claims 1 and 8-9 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on February 14, 2022 at page 6, indicates, “Claim 2 is objected to because of an informality not as including "o" instead of "to". However, this informality is not found in the originally filed claims. Accordingly, reconsideration and withdrawal of the objection to the claims is respectfully requested.” 
Applicant’s argument has been considered and is found persuasive. Therefore, claim objection to Claims 2 has been withdrawn. 
Applicant’s remark, filed on February 14, 2022 at page 6, indicates, “Claim 6 is rejected under 35 U.S.C. §112(b) as being indefinite. Claim 6 has been canceled without prejudice or disclaimer of the subject matter therein. Accordingly, withdrawal of the rejection is respectfully requested.” 
Applicant’s argument has been considered and is found persuasive. Therefore, claim rejection under U.S.C 112(b) to Claim 6 has been withdrawn.
Applicant’s remark, filed on February 14, 2022 at pages 6-7, indicates, “For example, at least the claimed "second list of business entities" are not suggested by any of the cited references. As for the claimed "second list", Cols. 8 and 9 of Borneman are cited. However, the cited portion merely discusses "cooperation", in a very broad sense, among business entities. The term "cooperation" in the context of the "second list" has a specific meaning as described in e.g., [0036] of the originally filed specification. Borneman, Teng and Li fail to disclose or teach "the cooperation includes permitting the identity verification based on one or more electronic certificates transmitted from the one or more other business entities". Thus, at least these features of claims 1, 8 and 9 provide a distinction over the cited references.”
Applicant’s argument has been considered and is found persuasive. Therefore, the previous prior-art rejection is withdrawn.  However, Applicant’s amendment necessitates a new ground of rejection, and therefore, new grounds of rejection have been applied to the pending claims 1-5 and 7-9.
Accordingly, a new ground of rejection based on the newly identified prior-art by Barry (US 10,742,426) has been applied to the amendment.
Specifically, Barry discloses a computer-implemented method for validating the respective identities of co-operating entities on a computer network, and comprises generating, transmitting or exchanging a signed digital certificate. The certificate includes a public key associated with an entity on the network; and an arbitrary identifier associated with the public key. The identifier is arbitrary such that the identity of the entity cannot be, or is unlikely to be, discerned from the identifier alone; and/or its generation is random or pseudo random; and/or selection of the identifier is not related to the identity of the entity or the public key. The certificate is generated and issued by a Certificate Authority in response to a Certificate Signing Request from the entity. (see Abstract and Summary).
Examiner submits that Barry teach the amended limitation “wherein the cooperation includes permitting the identity verification based on one or more electronic certificates transmitted from the one or more other business entities.” For interpretation purposes, the term entity could be a user requesting a service of another entity (i.e. business entity) in the same network (i.e. second list of business entities). Thus, the user identity could be verified by any of the business entities within the cooperation agreement. (See claim rejection below)
The Examiner respectfully submits that Barry does not change the principle of operation of the primary reference or render the reference inoperable for its intended purpose. See MPEP § 2143.01. The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference by Teng. Rather, the test is what the combined teachings of those references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425, 208 USPQ 871, 881 (CCPA 1981). See also In re Sneed, 710 F.2d 1544, 1550, 218 USPQ 385, 389 (Fed. Cir. 1983). It is not necessary that the inventions of the references be physically combinable to render obvious the invention under review.”; and In re Nievelt, 482 F.2d 965, 179 USPQ 224, 226 (CCPA 1973). Combining the teachings of previous references in view of Barry does not involve an ability to combine their specific structures. Thus, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Thus, the claimed invention, as a whole, is at least prima facie obvious.
In addition, the newly applied reference by Borneman et al. (US 8,375,213) hereinafter Borneman, discloses the process of how an entity join a federation.  Those entities that applied and are accepted to join the federation are analogous to the entities of the claimed second list that agreed to cooperate in order to provide user identity verification through electronic/digital certificates (See Abstract). Therefore, Borneman teach the limitations “receiving, as inputs, … , a second list of business entities indicating whether cooperation is performed among a plurality of business entities for the identity verification of the user…” and  “generating, based on the first list, the second list…,” (See claim rejection below).
Finally, Examiner respectfully submits that Teng, Borneman and Li discloses the previous limitations presented as rejected in the Non-Final Office Action. (See rejection below). Thus, the new combination of Teng, Borneman, Li and Barry would render the claimed limitations obvious.
Regarding amended independent claims 8 and 9 has been considered and is addressed based on the same rationale presented for the amended claim 1. Please refer to the rejection to the claims in details below.
Regarding dependent claims 2-5 and 7 please refer to the aforementioned response, which addresses how the new combination of prior-art references by Teng, Borneman, Li and Barry would render the claimed limitations obvious.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. (US 2002/0138543) in view of Borneman et al. (US 8,375,213) hereinafter Borneman, and in further view of Li et al. (US 2015/0106882) hereinafter Li and Barry (US 10,742,426).
As per Claim 1, Teng teaches a non-transitory computer-readable recording medium having stored therein an identity verification program for causing a computer to execute a process (Teng, Parag. [0124]; “Portable storage medium drive 62 operates in conjunction with a portable non-volatile storage medium, such as a floppy disk, to input and output data and code to and from the computer system of FIG. 2. In one embodiment, the system software for implementing the present invention is stored on such a portable medium, and is input to the computer system via the portable storage medium drive 62.”), the computer being configured to generate a workflow used by a control apparatus that controls a system (Teng. Parag. [0186]; “FIG. 18 provides a flowchart for creating a work flow object (step 702 of FIG. 16). In step 750, the appropriate manager (User, Group, Organization) receives a selection or indication to create a workflow. In step 754, it is determined whether the user is allowed to create the work flow. If no, the process is completed. If yes, the system identifies the different types of workflows, objects, tasks and target domains for which the user can create a workflow (step 756). In step 758, the user selects the identification of the workflow to be created. The identification is just a unique name to identify the workflow. In step 760, the user inputs a selection of the type of workflow based on the options from step 756. Step 760 includes choosing the task that the workflow will perform. For example, in the User Manager, the possible tasks include create a user, delete a user, change attribute, etc.,”) in which a plurality of business entities manage, in a distributed manner, attribute information in user information that identifies a user (Teng, Parag. [0010]; “For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System.” … Parag. [0108]; “User Manager 42 manages the identity profiles for individual users. Group Manager 44 manages identity profiles for groups. Organization Manager 46 manages identity profiles for organizations.”), the process comprising:
receiving, as inputs, a first list of target business entities that perform identity verification of the user (Teng, Parag. [0108]; “User Manager 42 manages the identity profiles for individual users. Group Manager 44 manages identity profiles for groups. Organization Manager 46 manages identity profiles for organizations”. Parag. [0114]; “… Group Manager 44 also lets companies form dynamic groups specified by an LDAP filter”. Examiner submits that Organization Manager manages the organizations (first list of entities)), [a second list of business entities indicating whether cooperation is performed among a plurality of business entities for the identity verification of the user], a number of electronic certificates (Teng, Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users.”) that certify the user information and are used by each of the business entities to complete the identity verification (Teng, Parag. [0361]; “Certificates are electronic documents used to verify the identity of an entity such as a user group or organization. A well-known standard defining certificate formats is the X.509 standard for certificates.”), and [a procedure time taken by each of the business entities for the identity verification]; and 
generating, based on the first list, [the second list], the number of electronic certificates for each of the business entities (Teng, Parag. [0108]; “User Manager 42 manages the identity profiles for individual users. Group Manager 44 manages identity profiles for groups. Organization Manager 46 manages identity profiles for organizations”.  Parag. [0114]; “… Group Manager 44 also lets companies form dynamic groups specified by an LDAP filter”.  Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users. Issued certificates are stored in Directory Server 36 and accessible to certificate registration module 2072 through Directory Server 36.”), and [the procedure time], a workflow [that minimizes a procedure time taken for completion of the identity verification by the target business entities] and that describes a distribution procedure of the electronic certificates that are used in the identity verification at each of the business entities (Teng, Parag. [0186]; “FIG. 18 provides a flowchart for creating a work flow object (step 702 of FIG. 16). In step 750, the appropriate manager (User, Group, Organization) receives a selection or indication to create a workflow.”  Parag. [0361]; “Certificates are electronic documents used to verify the identity of an entity such as a user group or organization. A well-known standard defining certificate formats is the X.509 standard for certificates.” … Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users. Issued certificates are stored in Directory Server 36 and accessible to certificate registration module 2072 through Directory Server 36.”).
Teng does not expressly teach:
receiving, as inputs, … , a second list of business entities indicating whether cooperation is performed among a plurality of business entities for the identity verification of the user,
a procedure time taken by each of the business entities for the identity verification;
generating, based on … the second list …,
the procedure time, … minimizes a procedure time taken for completion of the identity verification by the target business entities; and
wherein the cooperation includes permitting the identity verification based on one or more electronic certificates transmitted from the one or more other business entities.
However, Borneman teaches:
receiving, as inputs, … , a second list of business entities indicating whether cooperation is performed among a plurality of business entities for the identity verification of the user (Borneman, Col. 12, lines 40-55; “Once a framework of policies and procedures has been created and made available to organizations (i.e. first list) interested in participating in a federation governed by the published policies and procedures, such organizations may apply to “join” the federation (step 515). The application to join the federation may involve, for example, communicating an interest to trusted third party 300, completing an online application, and signing a waiver submitting to an investigation of current internal policies and procedures. Applications may enable trusted third party 300 to make an initial evaluation of an applicant for a quick determination of whether to proceed with the process. For example, an organization in existence less than one year may be prohibited from joining a federation based on federation policies and procedures. A review of an application from such an organization may eliminate that organization from further consideration.” Examiner submits that organizations admitted to the federation are now the claimed second list. … Col. 15, lines 29-42; “An audit may focus on an applicant organization’s procedures for proofing and vetting of a user's identity prior to being issued credentials for a login and whether such procedures meet the standards set forth by the federation (step 700). Procedures may include, for example, investigating what forms of identification must be provided by a user, how the provided identification documents are stored by the applicant organization, what methods are used to ensure the identification documents are authentic (e.g., contacting a license bureau or bank), and whether a background check was per formed. Determining the methods for identity verification may be important for ensuring that a particular user is who he claims to be and has not provided fraudulent documents.”); and
generating, based on the first list, the second list…, (Borneman, Col. 12, lines 40-55; “Once a framework of policies and procedures has been created and made available to organizations (i.e. first list) interested in participating in a federation governed by the published policies and procedures, such organizations may apply to “join” the federation (step 515). The application to join the federation may involve, for example, communicating an interest to trusted third party 300, completing an online application, and signing a waiver submitting to an investigation of current internal policies and procedures. Applications may enable trusted third party 300 to make an initial evaluation of an applicant for a quick determination of whether to proceed with the process. For example, an organization in existence less than one year may be prohibited from joining a federation based on federation policies and procedures. A review of an application from such an organization may eliminate that organization from further consideration.” Examiner submits that organizations admitted to the federation are now the claimed second list.).
Teng and Borneman are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a management apparatus, and a method for identity verification. Business entities manages, in a distributed manner, identity information (ID information) which is digitized user information of users. The ID information includes attribute information such as an address, a telephone number, and a name of a user, for example, and is information from which the user is identifiable.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borneman system into Teng system, with a motivation to provide methods and systems for enabling trust in a federated collaboration. More specifically, to systems and methods for enabling single sign-on access to resources by providing explicit, transitive multilateral trust within a federation that involves a trusted third party. (Borneman, Col. 1, lines 20-25).
The combination of Teng and Borneman does not expressly teaches:
a procedure time taken by each of the business entities for the identity verification; and
the procedure time, … minimizes a procedure time taken for completion of the identity verification by the target business entities,
wherein the cooperation includes permitting the identity verification based on one or more electronic certificates transmitted from the one or more other business entities.
However, Li teaches:
a procedure time taken by each of the business entities for the identity verification (Li, Parag. [0061]; “By confirming to use the default user digital certificate for performing this identity authentication, an explicit interaction with the user doesn’t need to be performed any more through a digital certificate manager interface, which can shorten the processing time for the overall process greatly, and improve the processing efficiency.” [0163]; “the identity authentication system according to this embodiment specifically includes a device for identity authentication 111 and an application server 112”. Examiner submits that the processing time is the procedure time taken for identity authentication/verification by a member within the system); and
the procedure time, … minimizes a procedure time taken for completion of the identity verification by the target business entities (Li, Parag. [0061]; “By confirming to use the default user digital certificate for performing this identity authentication, an explicit interaction with the user doesn’t need to be performed any more through a digital certificate manager interface, which can shorten the processing time for the overall process greatly, and improve the processing efficiency.”).
Teng, Borneman and Li are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a management apparatus, and a method for identity verification. Business entities manages, in a distributed manner, identity information (ID information) which is digitized user information of users. The ID information includes attribute information such as an address, a telephone number, and a name of a user, for example, and is information from which the user is identifiable. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Li system into Teng-Borneman system, with a motivation to provide a method and a device for identity authentication, so as to improve the convenience and security of the identity authentication. (Li, Parag. [0005]).
The combination of Teng, Borneman and Li does not expressly teach:
wherein the cooperation includes permitting the identity verification based on one or more electronic certificates transmitted from the one or more other business entities.
However, Barry teaches:
wherein the cooperation includes permitting the identity verification based on one or more electronic certificates transmitted from the one or more other business entities (Barry, Col. 2-3, lines 62-6; “Therefore, in accordance with the invention there is provided a computer-implemented method for validating the respective identities of co-operating entities on a computer network, the method comprising the step of: generating, transmitting or exchanging a signed digital certificate comprising: a public key associated with an entity on the network; and an arbitrary identifier associated with the public key. The method may provide a mechanism for exchanging public keys, validating identities, and/or establishing secure communications between entities on a network.” … Col. 3, lines 15-19; “The entity may be an endpoint device on a computer network, or a software component, or a user. The entity may be a party having access to a computer network and wishing to establish a secure, electronic communication with another entity.” Examiner submits the term “entity” could be a user or device requesting a service of another entity (i.e. business entity) in the same network (i.e. second list of business entities). Thus, the user/device identity could be verified by any of the business entities within the cooperation agreement).
Teng, Borneman, Li and Barry are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a management apparatus, and a method for identity verification. Business entities manages, in a distributed manner, identity information (ID information) which is digitized user information of users. The ID information includes attribute information such as an address, a telephone number, and a name of a user, for example, and is information from which the user is identifiable. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barry system into Teng-Borneman-Li system, with a motivation to provide a method for validating the respective identities of co-operating entities on a computer network, and comprises generating, transmitting or exchanging a signed digital certificate (Barry, Abstract).

As per claim 2, the combination of Teng, Borneman, Li and Barry teaches the computer-readable recording medium according to claim 1. Teng teaches the process further comprising: presenting the generated workflow to a user terminal apparatus of the user (Teng, Parag. [0186]; “the System identifies the different types of workflows, objects, tasks and target domains for which the user can create a workflow (step 756). In step 758, the user selects the identification of the workflow to be created. The identification is just a unique name to identify the workflow. In step 760, the user inputs a selection of the type of workflow based on the options from step 756. Step 760 includes choosing the task that the workflow will perform. For example, in the User Manager, the possible tasks include create a user, delete a user, change attribute, etc., as discussed above.”).

As per claim 3, the combination of Teng, Borneman, Li and Barry teaches the computer-readable recording medium according to claim 1.  Teng teaches wherein in the generating of the workflow, the workflow is generated (Teng, Parag. [0186]; “FIG. 18 provides a flowchart for creating a work flow object (step 702 of FIG. 16). In step 750, the appropriate manager (User, Group, Organization) receives a selection or indication to create a workflow.”  Parag. [0361]; “Certificates are electronic documents used to verify the identity of an entity such as a user group or organization. A well-known standard defining certificate formats is the X.509 standard for certificates.” … Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users. Issued certificates are stored in Directory Server 36 and accessible to certificate registration module 2072 through Directory Server 36.”) …., as the completion of the identity verification by the target business entities (Teng, Parag. [0112]; “… to verify the individual's information and approve or deny the registration requests. In one embodiment, self-registration is defined by a customizable, multi-step workflow”. Parag.[0113],”Group Manager 44 allows entities to create, delete and manage groups of users who need identical access privileges to a specific resource or set of resources. Managing and controlling privileges for a group of related people-rather than handling their needs individually-yield valuable economies of scale”. Parag. [0155]; “… a user is provided with the information stored in that user's identity profile. Create User Identity tab 408 allows a user with the appropriate privileges to create a new user identity profile (e.g. with a workflow).”).
In addition, Teng teaches the identity verification in which the user involves and completion of the identity verification using the electronic certificates (Teng, Parag. [0112]; “… to verify the individual's information and approve or deny the registration requests. In one embodiment, self-registration is defined by a customizable, multi-step workflow”. Parag. [0361]; “Certificates are electronic documents used to verify the identity of an entity such as a user group or organization. A well-known standard defining certificate formats is the X.509 standard for certificates.”  Parag. [0371]; “FIG.55 illustrates operations performed to obtain a certificate for a requesting user (step 2128, FIG. 54). Certificate registration module 2070 authenticates the requesting user (step 2152). In one embodiment, authentication is performed by the Access System.”).
Teng does not expressly teach minimizes a procedure time taken for completion of the identity verification.
Li further teaches minimizes a procedure time taken for completion of the identity verification (Li, Parag. [0061]; “By confirming to use the default user digital certificate for performing this identity authentication, an explicit interaction with the user doesn’t need to be performed any more through a digital certificate manager interface, which can shorten the processing time for the overall process greatly, and improve the processing efficiency.”).

As per claim 4, the combination of Teng, Borneman, Li and Barry teaches the computer readable recording medium according to claim 3. Teng further teaches wherein in the receiving, the first list is a list of target business entities that perform identity verification of the user (Teng, Parag. [0108]; “User Manager 42 manages the identity profiles for individual users. Group Manager 44 manages identity profiles for groups. Organization Manager 46 manages identity profiles for organizations”.  Parag. [0112]; “… to verify the individual's information and approve or deny the registration requests. In one embodiment, self-registration is defined by a customizable, multi-step workflow”. Parag. [0114]; “… Group Manager 44 also lets companies form dynamic groups specified by an LDAP filter”. Parag. [0361]; “Certificates are electronic documents used to verify the identity of an entity such as a user group or organization. A well-known standard defining certificate formats is the X.509 standard for certificates.” Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users. Issued certificates are stored in Directory Server 36 and accessible to certificate registration module 2072 through Directory Server 36.”) when attribute information of the user is updated (Teng, Parag. [0108], “The data elements of the identity profile are called attributes, which are discussed in more detail below. An attribute may include a name, value and access criteria”.  Parag.[0113],”Group Manager 44 allows entities to create, delete and manage groups of users who need identical access privileges to a specific resource or set of resources. Managing and controlling privileges for a group of related people-rather than handling their needs individually-yield valuable economies of scale”. Parag. [0155]; “… a user is provided with the information stored in that user's identity profile. Create User Identity tab 408 allows a user with the appropriate privileges to create a new user identity profile (e.g. with a workflow)”.  Parag. [0161]; “Configure tab 450 allows the entity to perform attribute access control, delegate administration, define Workflows and define container limits. Attribute access control includes controlling who has view and modify permissions for each attribute of an organizational identity profile. In addition, an entity can specify an e-mail notification list when a change to an attribute is requested.”).

As per claim 5, the combination of Teng, Borneman, Li and Barry teaches the computer-readable recording medium according to claim 1. Teng further teaches wherein the number of electronic certificates that are used in the identity verification by each of the business entities is a number of successfully verified subsets (Teng, Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users. Issued certificates are stored in Directory Server 36 and accessible to certificate registration module 2072 through Directory Server 36.”) that are verified by another business entity (Teng, Parag. [0388]; “Alternatively, another type of user may require approval before a certificate is issued-requiring the work flow to include an approval or provide approval action. In further embodiments, system administrators can also initiate certificate related requests on behalf of system users.”) and include part of attribute information contained in the electronic certificates that certify the user information of the user (Teng, Parag. [0361]; “Certificates are electronic documents used to verify the identity of an entity such as a user, group or organization. A well-known standard defining certificate formats is the X.509 standard for certificates. In general, a certificate contains information about an entity, including a public key for performing encryption …..  Certificates employed in one embodiment of the present invention include the following fields: (1) VEND--certificate's expiration date; (2) VSTART--certificate validity start date; (3) ISSUER--certificate holder's distinguished name (dn); (4) EMAIL certificate holder's e-mail address; (5) SERIAL certificate serial number; (6) VERSION certificate version number; (7) ALGOID--certificate algorithm identifier; (8) PUBLICKEY_ALGOID--public key algorithm identifier; (9) PUBLICKEY--public key value of the certificate; (10) ISSUER_SIGNATURE_ID--certificate holder's signature algorithm identifier; and (11) SUBJECT--subject of the certificate).

As per claim 7, the combination of Teng, Borneman, Li and Barry teaches the computer-readable recording medium according to claim 1. Teng teaches wherein in the receiving, a start condition on which a business entity serving as a start point of the distribution procedure in the workflow (Teng, Parag. [0177]; “Workflows can be defined in the User Manager, Group Manager or Organization Manager. A workflow can be used only in the application (e.g. User Manager) in which it was created. Each workflow has two or more steps, including one to start the action and one to implement or commit it.”) is caused to perform an identity verification procedure in which the user involves is received as an input (Teng. Parag. [0186]; “FIG. 18 provides a flowchart for creating a work flow object (step 702 of FIG. 16). In step 750, the appropriate manager (User, Group, Organization) receives a selection or indication to create a workflow. In step 754, it is determined whether the user is allowed to create the workflow. If no, the process is completed. If yes, the system identifies the different types of workflows, objects, tasks and target domains for which the user can create a workflow (step 756). In step 758, the user selects the identification of the workflow to be created. The identification is just a unique name to identify the workflow. In step 760, the user inputs a selection of the type of workflow based on the options from step 756. Step 760 includes choosing the task that the workflow will perform. For example, in the User Manager, the possible tasks include create a user, delete a user, change attribute, etc.”), and 
in the generating of the workflow, the workflow is generated based on the first list (Teng. Parag. [0186]; “FIG. 18 provides a flowchart for creating a work flow object (step 702 of FIG. 16). In step 750, the appropriate manager (User, Group, Organization) receives a selection or indication to create a workflow. In step 754, it is determined whether the user is allowed to create the workflow. If no, the process is completed. If yes, the system identifies the different types of workflows, objects, tasks and target domains for which the user can create a workflow (step 756). In step 758, the user selects the identification of the workflow to be created. The identification is just a unique name to identify the workflow. In step 760, the user inputs a selection of the type of workflow based on the options from step 756. Step 760 includes choosing the task that the workflow will perform. For example, in the User Manager, the possible tasks include create a user, delete a user, change attribute, etc.,”), the second list (Borneman, Col. 12, lines 40-55; “Once a framework of policies and procedures has been created and made available to organizations (i.e. first list) interested in participating in a federation governed by the published policies and procedures, such organizations may apply to “join” the federation (step 515). The application to join the federation may involve, for example, communicating an interest to trusted third party 300, completing an online application, and signing a waiver submitting to an investigation of current internal policies and procedures. Applications may enable trusted third party 300 to make an initial evaluation of an applicant for a quick determination of whether to proceed with the process. For example, an organization in existence less than one year may be prohibited from joining a federation based on federation policies and procedures. A review of an application from such an organization may eliminate that organization from further consideration.” Examiner submits that organizations admitted to the federation are now the claimed second list.), the number of electronic certificates for each of the business entities (Teng, Parag. [0364]; “Directory Server 36 maintains a pool of certificates 2082 that are available for issuance to system users. When the system is initialized the administrator applies for a fixed number of certificates that can be distributed to system users. Issued certificates are stored in Directory Server 36 and accessible to certificate registration module 2072 through Directory Server 36), the start condition (Teng. Parag. [0186]; “FIG. 18 provides a flowchart for creating a work flow object (step 702 of FIG. 16). In step 750, the appropriate manager (User, Group, Organization) receives a selection or indication to create a workflow. In step 754, it is determined whether the user is allowed to create the workflow. If no, the process is completed. If yes, the system identifies the different types of workflows, objects, tasks and target domains for which the user can create a workflow (step 756). In step 758, the user selects the identification of the workflow to be created. The identification is just a unique name to identify the workflow. In step 760, the user inputs a selection of the type of workflow based on the options from step 756. Step 760 includes choosing the task that the workflow will perform. For example, in the User Manager, the possible tasks include create a user, delete a user, change attribute, etc.,”). 
Li further teaches the procedure time (Li, Parag. [0061]; “By confirming to use the default user digital certificate for performing this identity authentication, an explicit interaction with the user doesn’t need to be performed any more through a digital certificate manager interface, which can shorten the processing time for the overall process greatly, and improve the processing efficiency.”)

As per claim 8, it is an apparatus claim that recites similar limitations to those of claim 1, and therefore, it is rejected for the same rationale applied to claim 1.  In addition, Teng teaches the apparatus comprising: a memory, and a processor coupled to the memory (Teng, Parag. [0122]; “FIG. 2 illustrates a high level block diagram of a computer system that can be used for the components of the present invention. The computer system in FIG. 2 includes processor unit 50 and main memory 52. Processor unit 50 may contain a single microprocessor, or may contain a plurality of microprocessors for configuring the computer system as a multi-processor system. Main memory 52 stores, in part, instructions and data for execution by processor unit 50. If the system of the present invention is wholly or partially implemented in software, main memory 52 can store the executable code when in operation. Main memory 52 may include banks of dynamic random access memory (DRAM) as well as high speed cache memory.”).

As per claim 9, it is a method claim that recites similar limitations to those of claim 1, and therefore, it is rejected for the same rationale applied to claim 1.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bouse (US 2019/0163889) relates to a method that includes receiving a request for associating a first index of privileges and permissions with an identity token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process.
Karabulut (US 2006/0117179) relates to a method and system to delegate an authority to access collaborative resources are provided. The system enables a participant to re-delegate the authority to another participant by an authorization certificate. A chain of authorization certificates is established along with the re-delegation of the authority from one participant to another. The participant requesting access to the collaborative resources is requested to provide the owner with the chain of authorization certificates for verification.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498              

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498