DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant’s election without traverse of invention I in the reply filed on 17 June 2022 is acknowledged.
Claims 18-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 17 June 2022.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-5, 9-12, 14, 15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sibert, U.S. Publication No. 2017/0213211.
Referring to claim 1, Sibert discloses a document importation system wherein the secure element of a mobile device ([0023]) is configured to store a digital signature that is utilized to store identification information in the secure element ([0049]: digital signature reads on the claimed first signed attestation; Examiner notes that what the digital signature “indicates” has not receive patentable weight because indications do not define structure nor do indications require positive steps to be performed. See MPEP 2111.04-2111.05.), which meets the limitation of storing a first signed attestation indicating an ability of the computing device to securely perform a user authentication. The NFC interface presents the secure element with a request for identification information 114 from the reader ([0025] & [0049]: identification information 114 reads on the claimed credential information; identification information 114 is part of an identification document 110 that has been issued to a user by an issuing authority [0021]), which meets the limitation of receiving a request to store credential information of an identification document issued by an issuing authority to a user for establishing an identity of the user. The secure element communicates a request to store identification information 114 ([0028] & [0049]: request 136) to the authorization system 140 ([0026]: authorization system 140 is part of the issuing authority), which meets the limitation of in response to the request, sending, to the issuing authority, a request to store the credential information. The request can include the digital signature such that the authorization system 140 validates the request by verifying the digital signature ([0049]: Examiner notes that what the digital signature “indicates” has not receive patentable weight because indications do not define structure nor do indications require positive steps to be performed. See MPEP 2111.04-2111.05.), which meets the limitation of wherein the sent request includes the first signed attestation to indicate an ability to perform a user authentication prior to permitting access to the credential information. Upon successful validation, the authorization system 140 provides an authorization indication to the security element that indicates that the secure element is authorized to store identification information 114 ([0028] & [0049] & [0053]: identification information 114 stored in the secure element), which meets the limitation of in response to an approval of the sent request based on the first signed attestation, storing the credential information in a secure element of the computing device. 
Referring to claim 2, Sibert discloses an authentication process that includes a verification system issues a request to the user mobile device for identity information 114 (Figure 1: reader 122 is part of the verification system), which meets the limitation of receiving a request for the credential information from a verification system attempting to verify an identity of a user of the computing device. In response, a request to check the identity of the mobile device user is received such that the user provides biometric data to a biosensor that is compared against enrolled biometrics ([0053]), which meets the limitation of in response to the request for credential information, performing an authentication of the user of the computing device. If the biometric data is verified, the secure element issues the requested information 114 to the verification system ([0053] & Figure 3C, step 362), which meets the limitation of based on the performed authentication, providing the requested credential information from the secure element to the verification system.
Referring to claim 3, Sibert discloses that the authorization system 140, which is part of the issuing authority ([0026]), provides an authorization indication to the secure element that includes a signed copy of the identity information 114 ([0028]), which meets the limitation of in response to sending the request to store credential information, receiving a second signed attestation from the issuing authority, wherein the second signed attestation includes a signed copy of the credential information. The indication can also include a token ([0028]) that is usable to retrieve identity information 114 from the backend ([0025]: the ability to utilize the token to retrieve the identity information shows that the token identifies a level of trustworthiness), which meets the limitation of wherein the second signed attestation includes an indication identifying a level of trustworthiness of the computing device determined based on the first signed attestation. The indication is provided to the verification system 120 ([0028]), which meets the limitation of providing the second signed attestation to the verification system. 
Referring to claim 4, Sibert discloses that as part of the enrollment process, that beings with the request for identity information 114 ([0049]), the secure element generates a public key pair ([0029] & [0049]), which meets the limitation of in response to receiving the request to store credential information, the secure element of the computing device generating a public-key pair having a public key and a private key. Request 136 that is transmitted along with the public key in a CSR ([0029] & [0049]) that is provided to the authorization system/issuing authority ([0018] & [0029]), which meets the limitation of including the public key in a request sent to the issuing authority. The authorization system 140, which is part of the issuing authority ([0026]), includes a processor and memory (Figure 2 & [0047]) that enable the authorization system to include the public key in the indication, which meets the limitation of wherein the issuing authority is operable to include the public key in the second signed attestation. Examiner notes that the “operable” language represents an intended use limitation. A recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim. A reader of the verification system (Figure 1, 122) transmits an information request to the mobile device such that the mobile device digitally signs the requested information with generated private key and transmits the digitally signed information to the reader of the verification system ([0053] & Figure 3C, Step 362), which meets the limitation of performing a challenge-response exchange with the verification system and using the private key. 
Referring to claim 5, Sibert discloses an authentication process that includes a verification system issues a request to the user mobile device for identity information 114 ([0053]). In response, a request to check the identity of the mobile device user is received such that the user provides biometric data to a biosensor that is compared against enrolled biometrics ([0053]), which meets the limitation of using a biometric sensor to perform biometric authentication. Sibert discloses the secure element is configured to store a digital signature that is created using a key stored in the secure element during fabrication ([0049]: Examiner notes that what the digital signature “indicates” has not receive patentable weight because indications do not define structure nor do indications require positive steps to be performed. See MPEP 2111.04-2111.05.), which meets the limitation of wherein the first signed attestation indicates an ability of the computing device to perform the biometric authentication. 
Referring to claim 9, Sibert discloses that the mobile device reads a portion of identity information 114 from the identification document 110 using a camera of the mobile device ([0026]), which meets the limitation of reading a portion of the credential information by using a camera of the computing device to capture an image of the identity document. The identity information 114 read from the identification document 110 can then be included in request 136 to the authorization system 140 ([0026]), which meets the limitation of including the portion of the credential information in the request sent to the issuing authority. 
Referring to claim 10, Sibert discloses that the mobile device reads a portion of identity information 114 from the identification document 110 by utilizing an NFC interface of the mobile device to read information from an RFID tag 112 of the document ([0026] & [0021] & Figure 1), which meets the limitation of reading a portion of the credential information from a circuit embedded in an identity document by using a short-range radio of the computing device.
Referring to claim 11, Sibert discloses a document importation system wherein an NFC interface presents a secure element with a request for identification information 114 from the reader ([0025] & [0049]: identification information 114 reads on the claimed credential information; identification information 114 is part of an identification document 110 that has been issued to a user by an issuing authority [0021]) such that the secure element communicates a request to store identification information 114 ([0028] & [0049]: request 136; secure element reads on the claimed computing device) to the authorization system 140 ([0026]: authorization system 140 reads on the claimed computing system), which meets the limitation of receiving, by a computing system, a request to approve storing credential information in a computing device, wherein the credential information is of an identification document issued by an issuing authority to a user for establishing an identity of the user. The request can include the digital signature such that the authorization system 140 validates the request by verifying the digital signature ([0049]: digital signature reads on the claimed first signed attestation; Examiner notes that what the digital signature “indicates” has not receive patentable weight because indications do not define structure nor do indications require positive steps to be performed. See MPEP 2111.04-2111.05.), which meets the limitation of verifying, by the computing system, a first signed attestation received with the request, wherein the first signed attestation indicates an ability of the computing device to perform a user authentication prior to permitting access to the credential information. Upon successful validation, the authorization system 140 provides an authorization indication to the security element that indicates that the secure element is authorized to store identification information 114 ([0028] & [0049] & [0053]: identification information 114 stored in the secure element), which meets the limitation of based on the verifying, issuing, by the computing system, an approval to the computing device to authorize the computing device to store the credential information in a secure element of the computing device.
Referring to claim 12, Sibert discloses that the authorization system 140, which is part of the issuing authority ([0026]), provides an authorization indication to the secure element that includes a signed copy of the identity information 114 ([0028]), which meets the limitation of in response to sending the request to store credential information, receiving a second signed attestation from the issuing authority, wherein the second signed attestation includes a signed copy of the credential information.
Referring to claim 14, Sibert discloses that the indication can also include a token ([0028]) that is usable to retrieve identity information 114 from the backend ([0025]: the ability to utilize the token to retrieve the identity information shows that the token identifies a level of trustworthiness; indication was created based upon a verification of the digital signature [0049]), which meets the limitation of wherein the second signed attestation includes an indication identifying a level of trustworthiness of the computing device determined based on the first signed attestation.
Referring to claim 15, Sibert discloses that the mobile device reads a portion of identity information 114 from the identification document 110 using a camera of the mobile device ([0026]), which meets the limitation of receiving includes receiving a portion of the credential information captured from the identification document by using a camera of the computing device. The identity information 114 read from the identification document 110 can then be included in request 136 to the authorization system 140 ([0026]) that is verified by the authorization system ([0026] & [0049]: identity information is verified to the extent that the identity information is included in the request [0026] that is verified using the digital signature of the entire request [0028]), which meets the limitation of wherein verifying includes verifying the portion of the credential information. 
Referring to claim 16, Sibert discloses an authentication process that includes a verification system issues a request to the user mobile device for identity information 114 (Figure 1: reader 122 is part of the verification system), which meets the limitation of receiving a request for the credential information from a verification system attempting to verify an identity of a user of the computing device. In response, a request to check the identity of the mobile device user is received such that the user provides biometric data to a biosensor that is compared against enrolled biometrics ([0053]), which meets the limitation of in response to the request for credential information, performing an authentication of the user of the computing device. If the biometric data is verified, the secure element issues the requested information 114 to the verification system ([0053] & Figure 3C, step 362), which meets the limitation of based on the performed authentication, providing the requested credential information from the secure element to the verification system.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Sibert, U.S. Publication No. 2017/0213211, in view of Hammell, U.S. Publication No. 2007/0104323. Referring to claim 13, Sibert discloses that as part of the enrollment process, that beings with the request for identity information 114 ([0049]), the secure element generates a public key pair ([0029] & [0049]) and transmits a request 136 that includes the generated public key in a CSR ([0029] & [0049]) to the authorization system/issuing authority ([0018] & [0029]: authorization system 140 is part of the issuing authority [0026]), which meets the limitation of wherein the receiving includes receiving a public key of a public-key pair generated by the secure element. Sibert discloses that the authorization system 140, which is part of the issuing authority ([0026]), provides an authorization indication to the secure element that includes a signed copy of the identity information 114 ([0028]), which meets the limitation of wherein the issuing includes including, by the computing system, the [public key] in the second signed attestation.
Sibert does not disclose that the indication includes the generated public key. Hammell discloses including a public key in an authentication indication ([0020]), which meets the limitation of wherein the issuing includes including, by the computing system, the public key in the second signed attestation. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the indication of Sibert to have included the generated public key in order to provide recipient based information along with the indication as suggested by Hammell ([0020]).
 Sibert discloses that a reader of the verification system (Figure 1, 122) transmits an information request to the mobile device such that the mobile device digitally signs the requested information with generated private key and transmits the digitally signed information to the reader of the verification system ([0053] & Figure 3C, Step 362), which meets the limitation of wherein a private key of the public key pair is usable in a challenge-response exchange with a verification system to verify the credential information.
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Sibert, U.S. Publication No. 2017/0213211, in view of Liebl III, U.S. Publication No. 2015/0288694. Referring to claim 16, Sibert discloses a document importation system wherein the secure element of a mobile device transmits identification information as an enrollment request to the authorization system ([0026]) such that the user of the mobile device is authenticated prior to transmitting the identification information in a manner that ties the identification information to the user’s biometric data used for authentication ([0030]-[0031]), which meets the limitation of receiving, by the computing system and from the secure element of the computing device, the credential information. The enrollment request includes a digital signature ([0049]: the user of the mobile device is authenticated prior to transmitting the identification information in a manner that ties the identification information to the user’s biometric data used for authentication ([0030]-[0031]), which meets the limitation of receiving, by the computing system and from the secure element of the computing device a signature generated responsive to the computing device performing an authentication of the user. The authentication system validates the request by verifying the digital signature ([0049]), which meets the limitation of performing, by the computing system, a verification of the received credential information, wherein the verification includes verifying the signature.
Sibert does not disclose that the authorization system transmits an a request to the user device. Liebl III discloses an authentication system that transmits an enrollment invitation to a user device ([0053]), which meets the limitation of sending, by the computing system and to the computing device, a request for the credential information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authorization system of Sibert to have transmitted an enrollment request to the user device in order to provide the user with instructions regarding what information to provide as suggested by Liebl III ([0053]).
Allowable Subject Matter
Claims 6-8, 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Pochuev, WO 2018/232111 A1 discloses an IoT environment wherein devices are authorized prior to being permitted to store credentials.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437