Detailed Action
-Claims 1, 31 and 32 are amended.
-Claim 33 is newly added.
- The double patenting rejection is withdrawn base on the filed and approved terminal disclaimers.
-Claims 1-33 are pending. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s Remarks filed on 6/23/2022 have been fully considered. 
With the respect to the prior art rejection, Applicant’s arguments are moot in view of the new grounds of rejection necessitated by the amendment.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-17, 21-27 and 29-32 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Ebrahimi et al (US Pub.No.2017/0257358) and further in view of Steingart et al (US Pub. No. 2017/0302659).

Re Claim 1. High discloses a system for credential authentication, comprising: an interface configured to: receive a request from an application for authorization to access (i.e. authenticating, by the processor, a receiving device in response to a request from the receiving device to gain access to the locked space) [High, para.0006], wherein access to the application is requested by a user using a user device (i.e. receiving device 112, which may be a mobile computing device or smartphone of a user, may transmit a request to computing system 120 to access to a locked space at a particular time……. The delivery person charged with delivering the parcel may carry a handheld device (e.g. a receiving device 112), and may approach the locked delivery box to deliver the parcel) [High, para.0034]; and a processor configured to: provide an authentication request to the user device; receive a device credential, wherein the device credential is backed by data stored in a distributed ledger (i.e. Step 304 authenticates a receiving device 112 that is requesting permission to access a locked space. Authentication may include accessing the authentication database 113 and/or accessing the publicly distributable transactions ledger 113 (i.e. blockchain)) [High, para.0045], (i.e. embodiments of the input mechanism 110 may be a sensor, an input, an input device, or any device that can detect a presence of a receiving device 112. For instance, embodiments of the input mechanism 111 may be a camera, a scanner, a RFID scanner, an optical sensor, and the like, that may detect a presence of, or communicate with, a chip, a RFID tag, a processor, or a physical presence of a receiving device) [High, para.0023]; determine a user identifier and an authentication device associated with the user based at least in part on the device credential (i.e. Embodiments of the receiving device 112 may include a microcontroller 241 for implementing the tasks associated with the receiving device 112. The RFID chip 211 (or specialized chip) may include various information that may be communicated to the input mechanism 110 and/or to the computing system 120, such as identifying information of the device and/or user associated with the chip 211) [High, para.0025]; provide a proof request to the authentication device (i.e. step 306 instructs the authenticated receiving device 112 to decrypt the digital signature the authenticated using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system 120) [High, para.0046]; receive a proof response; determine that the proof response is valid (i.e. Prior to communicating with the locking mechanism 111 to unlock the locked space, the computing system 120 may access the blockchain to confirm that the hashed access code received from the receiving device matches the hashed access code stored on the blockchain ) [High, para.0046]; 
 	
  	High does not explicitly disclose whereas Ebrahimi does: generate a token; and provide the token to the application authorizing access for the user (i.e. a session ID is generated by web server 320, which may be generated in response to the request for the login web page, or may be generated in anticipation of a login request (e.g., such as at a login kiosk). As shown, a factor in the authentication and login process is the use of the session ID, such that the session ID is used throughout the authentication and login process, thereby connecting the devices used in the process. The session ID is associated with a communication session that will be established after successful login of the user. In addition, web data may be generated by the web server 320 to include one or more of the session ID, a timeout for the session ID, URL web address for the web server…………… web server 320 generates a scannable code (e.g., QR code), which includes at least one of the envelope ID, URL of the web server 320, and a login challenge asking whether a login process is further requested. The scannable code is included in the login page……………… the web server delivers the login web page to the first device 310 of the user 5. At operation 420, the first device 310 of user 5 displays the login web page that includes the scannable code, ………………… if the scannable code is able to include the entire data identified in block 405, it may not be necessary to create an envelope and an envelope ID—the scannable code in this case would have the entire data) [Ebrahimi, para.0067-0071].   
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High with Ebrahimi because It would be advantageous to have a more secure system and method for managing the identity of users and of identifying users to third parties, such as when performing login or user authentication [Ebrahimi, para.0004].
High in view of Ebrahimi does not explicitly disclose whereas Steingart does: wherein the token is used to establish authorization for the user, and wherein the authorization for the user is maintained in response to determining that a distance between the authentication device and the user device is less than a threshold distance (i.e. If a distance between the mobile computing device 210 and the second computing device 212 (as measured by the distance detecting component 226 of the second computing device 212 of FIG. 2) is within a threshold distance, login and access may be maintained. However, if a distance between the mobile computing device 210 and the second computing device 212 is measured that exceeds the threshold distance, access may be ceased) [Steingart, para.0051].
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High-Ebrahimi with Steingart because In this way, the service or app is less vulnerable to opportunistic fraudulent users that attempt to access the secure service or app using the registered user's authentication credentials, for instance, when the user steps away without shutting down or otherwise rendering dormant, the service or appauthentication [Steingart, para.0051].

Re Claims 31 and 32. These claims recite features similar to those recited in claim 1 and therefore they are rejected in a similar manner.

Re Claim 2. High in view of Ebrahimi and Steingart discloses the system of claim 1, Ebrahimi further discloses: wherein the authentication request comprises a [universal] second factor authentication request (i.e. The application presents the user with a question to determine if the user chooses to login and pass his/her credentials. This process may request an additional form of authentication on the mobile device such as a finger thumbprint Id (e.g., touch ID, and/or other biometric identification), or a PIN passcode) [Ebrahimi, para.0066].
	The same motivation to modify with Ebrahimi, as in claim 1, applies.
	High in view of Ebrahimi and Steingart does not explicitly disclose that the second factor is specifically a universal second factor, however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High-Ebrahimi to include universal second factor, the motivation is that it yields the expected result of complying with a specific standard when such standard is required.

Re Claim 3. High in view of Ebrahimi and Steingart discloses the system of claim 1, High further discloses: wherein the processor is further configured to determine a set of credentials that can enable authorization to access (i.e. The access code may be valid forever or may be valid for a limited time, and may be regenerated after each time the space is accessed. Embodiments of the access code may be text, a song or clip thereof, a book or excerpt thereof, a movie clip, digits, bytes, binary digits, bits, characters, an image, a noise, a biological signature (e.g. biometric of owner of the locked space), DNA sequence, a famous quote, a unique identifier, or any indicia or password or code that is computer readable. The access code may be generated based on an algorithm for outputting random combinations of characters, digits, symbols, etc…) [High, para.0030].  

Re Claim 4. High in view of Ebrahimi and Steingart discloses the system of claim 3, High further discloses: wherein the set of credentials is determined using rules (i.e. The access code may be valid forever or may be valid for a limited time, and may be regenerated after each time the space is accessed. …………………. The access code may be generated based on an algorithm for outputting random combinations of characters, digits, symbols, etc…) [High, para.0030].  

Re Claim 5. High in view of Ebrahimi and Steingart discloses the system of claim 1, Ebrahimi further discloses: wherein the authentication device includes a credential wallet (i.e. the sequence flow for the traveler use case includes: 1) Traveler setting up his/her App; 2) Traveler taking a selfie and publishing it for use; 3) Transportation Agent screening and ultimately certifying the traveler ID & selfie, and further giving the Traveler a travel-token; 4) at a later point, the Traveler can present trip-credentials including, traveler ID, selfie, and travel-token so that the traveler information can be retrieved and verified) [Ebrahimi, para.0128].that is able to be unlocked by the user (i.e. The process of signing data may be protected with access control to the App or device. For example, a Touch ID process previously introduced may be used as the user's permission to allow the App to digitally sign data on the user's behalf) [Ebrahimi, para.0089, see also 0074].  
The motivation to modify with Ebrahimi, as in claim 1, applies

Re Claim 6. High in view of Ebrahimi and Steingart discloses the system of claim 5, Ebrahimi further discloses: wherein the credential wallet is unlocked using a biometric (i.e. authenticating entity 810 is configurable to control access to object 820 to user 5, once the user has been authenticated using biometric data that is registered and/or certified. Object 820 may take on any form, including products, services, applications, doors, entryways, etc. In one example, object 820 may be an automobile that is available for short term leasing (e.g., hours, weeks, months, etc.). User 5 has leased the object for a period of time, and the authentication process is performed to provide access to the object 820 once the user 5 has been authenticated using biometrics) [Ebrahimi, para.0116], (i.e. The process of signing data may be protected with access control to the App or device. For example, a Touch ID process previously introduced may be used as the user's permission to allow the App to digitally sign data on the user's behalf) [Ebrahimi, para.0089].  
The motivation to modify with Ebrahimi, as in claim 1, applies

Re Claim 7. High in view of Ebrahimi and Steingart discloses the system of claim 5, Ebrahimi further discloses: wherein a credential is retrieved from the credential wallet (i.e. the sequence flow for the traveler use case includes: 1) Traveler setting up his/her App; 2) Traveler taking a selfie and publishing it for use; 3) Transportation Agent screening and ultimately certifying the traveler ID & selfie, and further giving the Traveler a travel-token; 4) at a later point, the Traveler can present trip-credentials including, traveler ID, selfie, and travel-token so that the traveler information can be retrieved and verified) [Ebrahimi, para.0128].
The motivation to modify with Ebrahimi, as in claim 1, applies

Re Claim 8. High in view of Ebrahimi and Steingart discloses the system of claim 7, High further discloses: wherein the proof response includes the credential (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037].

Re Claim 9. High in view of Ebrahimi and Steingart discloses the system of claim 7, Ebrahimi further discloses:  wherein the credential retrieved from the credential wallet is based at least in part on rules specified in the proof request (i.e. The Traveler 901 is assumed to have downloaded a Traveler App 902 providing an interface and functionality for performing the registration, validation, authentication, login, etc. At this point, at operation 905 the Traveler 901 scans his/her passport or a required form of government ID, and at operation 910 takes a selfie using his/her Traveler App 902. The Traveler App 902 then creates a signed hash of the passport information, and a separate signed hash of the selfie. Optionally, the data given to the hashing algorithm can include the data to be hashed along with a random data string, referred to as a Salt. The resulting hash is then digitally signed. This process prevents a hacker from discovering the data through brute force. In this optional process, the user must always pair and pass the data (e.g., passport information) with the corresponding Salt values in order for a verifier to validate the signatures) [Ebrahimi, para.0129].
The motivation to modify with Ebrahimi, as in claim 1, applies

Re Claim 10. High in view of Ebrahimi and Steingart discloses the system of claim 1, High further discloses: wherein the proof response is signed with an authentication device private key (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037], (i.e. The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature. The private key and the public key may be generated by the encryption module 131 at the same time. The public key and the private key may be generated along with a generation of the access code, or in response to the generation of the access code. Embodiments of the private key and the public key may be cryptographic keys. The private key may be unique to one device, person, account, etc. In one embodiment, the access code or hashed access code may be encrypted with the public key to create a digital signature. In other embodiments, the access code or hashed access code may be encrypted with the private key to create a digital signature) [High, para.0031].  

Re Claim 11. High in view of Ebrahimi and Steingart discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises one or more of the following: determining that a credential is not revoked and/or determining that a credential signature is valid (i.e. The computing system 120 can treat the hashed access code as one cryptocurrency unit, and when the hashed access code is sent to the computing system 120, the lone cryptocurrency unit is spent. Any attempt to resend the hashed access code will not be successful in gaining access because the computing system 120 will access the blockchain, which by virtue of the distributed ledger, will not issue a consensus that the receiving device 112 has a remaining cryptocurrency to spend on gaining access to a particular locked space) [High, para.0033].  

Re Claim 12. High in view of Ebrahimi and Steingart discloses the system of claim 1, High further discloses: wherein the processor is further configured to generate a session keypair for the device and user pairing (i.e. The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature. The private key and the public key may be generated by the encryption module 131 at the same time. The public key and the private key may be generated along with a generation of the access code, or in response to the generation of the access code. Embodiments of the private key and the public key may be cryptographic keys. The private key may be unique to one device, person, account, etc. In one embodiment, the access code or hashed access code may be encrypted with the public key to create a digital signature. In other embodiments, the access code or hashed access code may be encrypted with the private key to create a digital signature) [High, para.0031].  

Re Claim 13. High in view of Ebrahimi and Steingart discloses the system of claim 12, High further discloses: wherein there is a time period associated with the session keypair (i.e. wherein the locked space is accessible for a limited time, and when the limited time passes, the private key is no longer valid to gain access to locked space) [High, claim 3].

Re Claim 14. High in view of Ebrahimi and Steingart discloses the system of claim 13, High further discloses: High in view of Ebrahimi and Steingart does not explicitly disclose: wherein the time period comprises 1 week, 1 day, or 1 hour however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi and Steingart to include “wherein the time period comprises 1 week, 1 day or 1 hour” because High provides that  The length of time access is granted may vary from embodiment to embodiment, depending on the nature of the locked space [High, para.0039] and further provides embodiments where authentication may be required for a particular day: the authentication module 132 of the computing system 120 may access authentication database 113 to verify that indeed the delivery receptacle is expecting a parcel delivery on that particular day [High, para.0035]. Therefore modifying High in view of Ebrahimi and Steingart such that the time period comprises 1 week, 1 day, or 1 hour yields the expected result of selecting a time period that provides token that is valid for as long as the particular application requires.

Re Claim 15. High in view of Ebrahimi and Steingart discloses the system of claim 12, High further discloses: wherein the processor is further configured to store a public key component of the session keypair (i.e. the encryption module 131 may encrypt the hashed access code (or encrypt the access code without performing a hashing function). The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature. The private key and the public key may be generated by the encryption module 131 at the same time.) [High, para.0031].

Re Claim 16. High in view of Ebrahimi and Steingart discloses the system of claim 15, High further discloses:  wherein the public key component of the session keypair is stored in a storage device for session leases (i.e. the encryption module 131 may encrypt the hashed access code (or encrypt the access code without performing a hashing function). The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature…………… computing system 120 may further include a blockchain module(s) that include one or more components of hardware and/or software program code for accessing and/or utilizing the publicly distributed transactions ledger 113 (i.e. blockchain) to store and/or view transaction information, such as the hashed access code and the digital signature, details regarding who is requesting access, who is providing access, time details, the space, and, the like, using the public key and/or the private key generated by the computing system 120.) [High, para.0031].

Re Claim 17. High in view of Ebrahimi and Steingart discloses the system of claim 12, High further discloses: wherein the processor is further configured to provide a private key component of the session keypair to the user device (i.e. the decryption module 133 of the computing system 120 may transmit the private key to the receiving device 112, and instruct the receiving device) [High, para.0037].

Re Claim 21. High in view of Ebrahimi and Steingart discloses the system of claim 17, High further discloses:  wherein the processor is further configured to provide an authentication request to the user device comprising a presigned token (i.e. step 306 instructs the authenticated receiving device 112 to decrypt the digital signature the authenticated using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system 120) [High, para.0046] and receive an authentication response from the user device, wherein the authentication response is signed with a private key component of the session keypair (i.e. The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature. The private key and the public key may be generated by the encryption module 131 at the same time. The public key and the private key may be generated along with a generation of the access code, or in response to the generation of the access code. Embodiments of the private key and the public key may be cryptographic keys. The private key may be unique to one device, person, account, etc. ……………………………. the access code or hashed access code may be encrypted with the private key to create a digital signature) [High, para.0031].  

Re Claim 22. High in view of Ebrahimi and Steingart discloses the system of claim 21, High further discloses: wherein the processor is further configured to validate the authentication response from the user device, wherein validating the authentication response comprises checking a device signature of the authentication response (i.e. Prior to communicating with the locking mechanism 111 to unlock the locked space, the computing system 120 may access the blockchain to confirm that the hashed access code received from the receiving device matches the hashed access code stored on the blockchain ) [High, para.0046].

Re Claim 23. High in view of Ebrahimi and Steingart discloses the system of claim 22, Ebrahimi further discloses: wherein the token is generated in response to a positive validation of the authentication response from the user device (i.e. Once the Certification is completed, the Transportation-service server creates the Traveler's TravelData at operation 1066. This TravelData includes at least one of a Travel-token, Traveler's ShoStoreId (ShoCardId[Traveler]), expiration time for the Traveltoken, imageId of the Traveler (imageId[Traveler])) [Ebrahimi, para.0141-0142].
	The same motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 24. High in view of Ebrahimi and Steingart discloses the system of claim 1, Ebrahimi further discloses: wherein the processor is further configured to receive a second request from a second application for authorization to access, wherein access to the second application is requested by the user using the user device (i.e. a user may be required to allow third party access to his/her account. This can be done where the user is local to the third party or remote from the third party. A local example is when a user goes to a bank branch and wants to allow the teller to have access to his/her account so he/she can perform a transaction or inquiry. A remote example is when a user calls a Call-Center to have the operator on the phone access his/her account to answer a question, perform a transaction or respond to an inquiry. In the physical case, the user may use a QR code authentication scheme. On the other hand, the user may simply provide a user-name, account number, or other identifying information so that the call center is able to identify the user, and access related identifying information. Also, the operator (e.g., call center agent) may then initiate a process to send a Verify request to the user on his/her mobile app (e.g., to device 11 of user 5), wherein the request includes a newly generated session ID.) [Ebrahimi, para.0096].
	The same motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 25. High in view of Ebrahimi and Steingart discloses the system of claim 24, Ebrahimi further discloses: wherein the processor is further configured to provide a second authentication request to the user device (i.e. the operator (e.g., call center agent) may then initiate a process to send a Verify request to the user on his/her mobile app (e.g., to device 11 of user 5), wherein the request includes a newly generated session ID. As such, the user 5 will then receive a request that he/she needs to approve after providing a passcode or biometric authentication (such as Touch ID)) [Ebrahimi, para.0096].
	The same motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 26. High in view of Ebrahimi and Steingart discloses the system of claim 25, Ebrahimi further discloses: wherein the second authentication request comprises a [universal] second factor authentication request (i.e. the user 5 will then receive a request that he/she needs to approve after providing a passcode or biometric authentication (such as Touch ID)) [Ebrahimi, para.0096].
	The same motivation to modify with Ebrahimi, as in claim 1, applies.
	High in view of Ebrahimi and Steingart does not explicitly disclose that the second factor is specifically a universal second factor, however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High-Ebrahimi to include universal second factor, the motivation is that it yields the expected result of complying with a specific standard when such standard is required.

Re Claim 27. High in view of Ebrahimi and Steingart discloses the system of claim 25, Ebrahimi further discloses: wherein the processor is further configured to receive a second authentication response from the user device, wherein the second authentication response is signed with a private key component of a session keypair (i.e. user data is collected, to include at least one of the captured biometric data, the original biometric data, the challenge_string, the public key of the user 5, the registration seal, the certification seal, etc. The user data is hashed, and then signed using the private key of the user) [Ebrahimi, para.0121].
The same motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 29. High in view of Ebrahimi and Steingart discloses the system of claim 28, Ebrahimi further discloses: wherein the authentication device challenge is provided to the authentication device via a proximity communication protocol (i.e. if the Traveler 901 does not have network connectivity, it can exchange data with the Agent's device directly using Bluetooth, NFC,) [Ebrahimi, para.0137].
The same motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 30. High in view of Ebrahimi and Steingart discloses the system of claim 29, Ebrahimi further discloses: wherein the proximity communication protocol comprises Bluetooth or NFC (i.e. if the Traveler 901 does not have network connectivity, it can exchange data with the Agent's device directly using Bluetooth, NFC,) [Ebrahimi, para.0137].
	The same motivation to modify with Ebrahimi, as in claim 1, applies.

Claims 18-20 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over High) in view of Ebrahimi and Steingart, as applied to claim 1, and further in view of Lu (US Pub.No.2017/0180128).

Re Claim 18. High in view of Ebrahimi and Steingart discloses the system of claim 17, High in view of Ebrahimi and Steingart does not explicitly disclose whereas Lu does: wherein the processor is further configured to encrypt the private key component of the session keypair (i.e. the user device may comprise a request agent similar to the one described above and a ciphering agent configured to generate a secret key and to generate an encrypted identity by encrypting the received user's trusted identity with the generated secret key. The ciphering agent is also configured to generate an encrypted key e_K by encrypting the secret key K using a key encryption key) [Lu, para.0076].  
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi and Steingart with Lu because there is a need to develop new methods and devices allowing to prevent several people from claiming a same trusted identity [Lu, para.0003].

Re Claim 19. High in view of Ebrahimi and Steingart discloses the system of claim 18, High in view of Ebrahimi and Steingart does not explicitly disclose whereas Lu does: wherein the private key component of the session keypair is encrypted with an authentication device public key (i.e. the user decrypts the encrypted key e_K using the key KEK and retrieves the secret K, and then re-encrypts the secret key K with the verifier's public key) [Lu, para.0053].  
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi and Steingart with Lu because there is a need to develop new methods and devices allowing to prevent several people from claiming a same trusted identity [Lu, para.0003].

Re Claim 20. High in view of Ebrahimi and Steingart discloses the system of claim 12, High does not explicitly disclose whereas Lu does: wherein the private key component of the session keypair is encrypted (i.e. the user device may comprise a request agent similar to the one described above and a ciphering agent configured to generate a secret key and to generate an encrypted identity by encrypting the received user's trusted identity with the generated secret key. The ciphering agent is also configured to generate an encrypted key e_K by encrypting the secret key K using a key encryption key) [Lu, para.0076].  
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi and Steingart with Lu because there is a need to develop new methods and devices allowing to prevent several people from claiming a same trusted identity [Lu, para.0003].
 	High further discloses: and stored by the user device (i.e. In some embodiments, the data, such as a private key, may be stored in storage device 225 of memory system 205 of the receiving device 112) [High, para.0026].

Re Claim 28. High in view of Ebrahimi and Steingart discloses the system of claim 27, High in view of Ebrahimi and Steingart further discloses: wherein the second [Ebrahimi, as in claim 27] authentication response is generated by and provided to the user device, wherein the second authentication response is generated by: 1) determining that an [encrypted] private key component of the session keypair is available; 2) providing the [encrypted] private key component of the session keypair to the authentication device [using a proximity communication protocol for decryption]; 3) receiving at the authentication device a [decrypted] private key component of the session keypair [using the proximity communication protocol] (i.e. the computing system 120 prior to unlocking the locked space, authentication alone may not be sufficient for accessing the locked space. Embodiments of the computing system 120 may include a decryption module 133, which may include one or more components of hardware and/or software program code for transmitting a private key (or public key) and a digital signature to an authenticated receiving device 112. For instance, embodiments of the decryption module 133 may transmit the private key and the digital signature to the receiving device 112 so that the receiving device 112 can decrypt the digital signature using the private key to obtain the hashed access code or access code) [High, para.0037],
 	Ebrahimi further discloses: using the proximity communication protocol (i.e. if the Traveler 901 does not have network connectivity, it can exchange data with the Agent's device directly using Bluetooth, NFC, Streaming QR Codes) [Ebrahimi, para.0137]; and 4) generating the second authentication response that is signed using the private key component of the session keypair (i.e. user data is collected, to include at least one of the captured biometric data, the original biometric data, the challenge_ string, the public key of the user 5, the registration seal, the certification seal, etc. The user data is hashed, and then signed using the private key of the user) [Ebrahimi, para.0121].
The same motivation to modify with Ebrahimi, as in claim 1, applies.
 	High in view of Ebrahimi and Steingart does not explicitly disclose whereas Lu does: an encrypted private key (i.e. the user device may comprise a request agent similar to the one described above and a ciphering agent configured to generate a secret key and to generate an encrypted identity by encrypting the received user's trusted identity with the generated secret key. The ciphering agent is also configured to generate an encrypted key e_K by encrypting the secret key K using a key encryption key) [Lu, para.0076] and a decrypted private key (i.e. the user decrypts the encrypted key e_K using the key KEK and retrieves the secret K,) [Lu, para.0042].  
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi and Steingart with Lu because there is a need to develop new methods and devices allowing to prevent several people from claiming a same trusted identity [Lu, para.0003].

Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over High in view of Ebrahimi and Steingart, as applied to claim 1, and further in view of Robinson et al (US Pub.No.2017/0372055).

Re Claim 33. (New) High in view of Ebrahimi and Steingart discloses the system of claim 29, High in view of Ebrahimi and Steingart does not explicitly disclose whereas Robinson does: wherein determining that that the distance between the authentication device and the user device is less than the threshold distance comprises determining whether the user device is able to ping the authentication device (i.e. determining when a device leaves the proximity of another device can be based on pings, e.g. L2CAP Echo (see http://www.palowireless.com/bluearticles/adapt.asp), or 2-way RFCOMM echo/echo response protocol (see http://code.google.com/p/btstack/wiki/RFCOMM) and when too many timeouts in a row occur) [Robinson, para.0214].
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Ebrahimi and Steingart with Robinson because the target device can determine whether the key device leaves its proximity in an expected way (e.g. powered off) or in an unexpected way (e.g. no longer in range). In this case, the target device can differentiate its behavior based on this determination. For example, no alert will be created and a silent record of the location of the proximity leaving event if the key device leaves proximity in an expected way, and if the key device leaves proximity in an unexpected way, a loud sound is emitted [Robinson, para.0007].


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285. The examiner can normally be reached Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434