DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application discloses and claims only subject matter disclosed in prior application no 15/701,159, filed09/11/2017, and names the inventor or at least one joint inventor named in the prior application. Accordingly, this application may constitute a continuation. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Instant application 17/145,539
 US 10893038 B2
1. A method of generating an attributed network for tracing transmitted data that is attributable to a user, the method comprising: 
generating a digital registration certificate by packaging an identity marker with a verified privity marker; 


registering the digital registration certificate in a registry by generating an immutable entry in the registry, with the generated immutable entry storing the digital registration certificate and representing initial registration of the digital registration certificate, with the immutable entry further storing the identity marker and referencing the verified privity marker, and with retrieval of the digital registration certificate being required to access the attributed network; 



receiving, from a client device, a request to access the attributed network, the request comprising biometric login data; 
authenticating a user of the client device by verifying the biometric login data as matching the identity marker included in the immutable entry in the registry;
responsive to authenticating, obtaining the digital registration certificate from the registry; 
causing packaging, by a virtual browser configured for accessing the attributed network, of the digital registration certificate with data specified by a client device of a user; 







following transmission of the data packaged with the digital registration certificate by the virtual browser of the attributed network, receiving a request to verify that the data transmitted from the client device is attributable to the user, with the request including the digital registration certificate;

 responsive to the request, retrieving, based on the digital registration certificate, the verified privity marker that is referenced by the generated immutable entry; and 


verifying attribution of the verified privity marker to the user.
1. A method of generating an attributed network for tracing transmitted data that is attributable to a user, the method comprising: 
generating a digital registration certificate by packaging a biometric marker with a verified privity marker, the verified privity marker representing a human-witnessed affirmation of an identity of a user; registering the digital registration certificate in a registry that comprises a block chain by generating an immutable entry in the block chain of the registry, with the generated immutable entry storing the digital registration certificate and representing initial registration of the digital registration certificate, with the immutable entry in the block chain storing the biometric marker and referencing the verified privity marker representing the human-witnessed affirmation of the identity of the user, and with retrieval of the digital registration certificate being required to access the attributed network; 

receiving, from a client device, a request to access the attributed network, the request comprising biometric login data; 
authenticating the user of the client device by verifying the biometric login data as matching the biometric marker included in the immutable entry in the registry; 
responsive to authenticating, obtaining the digital registration certificate from the registry; 
causing packaging, by a virtual browser configured for accessing the attributed network, of the digital registration certificate with user data generated by the user and specified by a client device of the user; generating a new entry on the block chain in the registry, the new entry being linked to the immutable entry, the new entry indicating that the user data are attributed to the user by associating the user data with the privity marker representing the human-witnessed affirmation of the identity of the user;
following transmission of the user data packaged with the digital registration certificate by the virtual browser of the attributed network, receiving a request, from a device, to verify that the user data transmitted from the client device is attributable to the user, with the request including the digital registration certificate; 
responsive to the request, retrieving, based on the digital registration certificate, the verified privity marker, representing the human-witnessed affirmation of the identity of the user, that is referenced by the new entry linked to the generated immutable entry; and 
verifying, to the device, attribution of the verified privity marker to the user.




Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. US 10893038 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because of similar limitations with obvious minor variation.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 3-4, 8, 14, 17, 19-20   are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1).

With regards to claim 1 Wei discloses, A method of generating an attributed network for tracing transmitted data that is attributable to a user, the method comprising: 
generating a digital registration certificate by packaging an identity marker with a verified privity marker (FIG 3  and associated text; Identity marker  as subject Unique ID, Privity marker as Biometric characterstics Template ); 
registering the digital registration certificate in a registry by generating an immutable entry in the registry (FIG 3  Serial No.; [0048] Serial No. : unique ID of the biometric certificate issued by BCA;  ), with the generated immutable entry storing the digital registration certificate and representing initial registration of the digital registration certificate (FIG 3 and associated text; [0041] BACD 140 stores biometric recognition algorithms and biometric recognition parameters such as recognition thresholds and security authentication levels in an appropriate form (e.g., directory).), with the immutable entry further storing the identity marker and referencing the verified privity marker, and with retrieval of the digital registration certificate being required to access the attributed network ([0044] During the authentication, the user terminal 180 provides biometric certificate and acquired biometric information to BAS 150; BAS 150 compares the acquired biometric information of the user with the biometric template contained in the biometric certificate to ascertain legality of the user's identity.); 

receiving, from a client device, a request to access the attributed network, the request comprising biometric login data (FIG 7 511; [0082] When the user requests to access specific resources, BAS sends an identity authentication request to the user (Step S511),); 
authenticating a user of the client device by verifying the biometric login data as matching the identity marker included in the immutable entry in the registry ([0088] Step S570: BAS performs identity authentication for the user with the biometric recognition parameters provided by BACD.); 
responsive to authenticating, obtaining the digital registration certificate from the registry ([0088] Step S570: BAS performs identity authentication for the user with the biometric recognition parameters provided by BACD.); 
causing packaging, of the digital registration certificate with user data generated by the user specified by a client device of the user ([0083] Step S520: the user responds to the identity authentication request from BAS, negotiates the authentication mode with BAS, and sends the biometric certificate to BAS.); 
following transmission of the user data packaged with the digital registration certificate by the virtual browser of the attributed network, receiving a request to verify that the data transmitted from the client device is attributable to the user, with the request including the digital registration certificate ([0088] Step S570: BAS performs identity authentication for the user with the biometric recognition parameters provided by BACD.
 responsive to the request, retrieving, based on the digital registration certificate, the verified privity marker that is referenced by the generated immutable entry; and verifying attribution of the verified privity marker to the user ([0088] Step S570: BAS performs identity authentication for the user with the biometric recognition parameters provided by BACD. [0089] Step S580: if the user passes the identity authentication, PAS authenticates the user's privilege; otherwise PAS rejects the user's request directly.).  	

Wei does not exclusively, but Chan disclose causing packaging, by a virtual browser configured for accessing the attributed network, of the digital registration certificate with user data generated by the user specified by a client device of the user (FIG 3 324 and associated text;) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei’s method with teaching of Chan in order to improve a user's experiences during a certificate validation process (Chan [0001]).



With regards to claim 3, Wei further discloses, wherein the verified privity marker comprises a biometric identifier, and wherein verification of the verified privity marker comprises notarization of the biometric identifier ([0038] BCA 110 is a third-party authority that issues the biometric certificate certified with digital signature and containing the biometric template or the storage address of the biometric template to the user terminal. That is to say, the biometric certificate is bound with the user's identity and biometric information and is certified by BCA 110 with digital signature.).

With regards to claim 4, Wei further discloses, wherein the virtual browser comprises an interface for accessing the attributed network, the interface configured to cause one or more processors of the client device to perform operations comprising: 
verifying, in response to receiving data from one or more devices via the attributed network, a digital registration certificate associated with the data ([0086] Step S550: while Step S540 is executed, PAS, at the same time, sends the user's attribute parameter information (e.g., the security level corresponding to the user's privilege attribute) in the privilege attribute certificate to BACD in accordance with the privilege declared by the user. [0088] Step S570: BAS performs identity authentication for the user with the biometric recognition parameters provided by BACD.); in response to a failed verification of the digital registration certificate associated with the data, preventing the data from being accessed by one or more systems of the client device ([0090] Step S590: if the user passes the privilege authentication performed by PAS, the user can access the specified resources within the declared privilege range.); in response to a successful verification of the digital registration certificate associated with the data, allowing the data to be accessed by the one or more systems of the client device (FIG 7 S590[0090] Step S590: if the user passes the privilege authentication performed by PAS, the user can access the specified resources within the declared privilege range.).

With regards to claim 8, Wei in view of Chan teaches, wherein the virtual browser is configured to package the digital registration certificate with data specified by a client device of the user at an application layer of a network protocol for transmission over the attributed network (Chan FIG 3 and associated text; ). Motivation would be same as stated in claim 1.

With regards to claim 14, Wei further discloses, wherein the biometric data represents inherent biometric data of a user (FIG 4 S440).

With regards to claim 17, Wei further discloses, wherein user includes an administrative or otherwise privileged user, and verifying attribution of the verified privity marker to the user comprises increasing a threshold of verification before verifying the attribution using the increased threshold ([0098] Step S660: BAS determines the biometric recognition algorithm in accordance with the negotiated authentication mode, and sends a request for biometric recognition parameters (e.g., recognition threshold) to BACD carrying relevant parameters (e.g., biometric recognition type, recognition algorithm, and attribute security level) carried in the request.).

Claims 19, 20 are system and product claim corresponding to method claim 1, also rejected accordingly.

Claims 2, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of Ebrahimi  et al(US 20170255805 A1).

With regards 2, Wei in view of Chan do not but Ebrahimi teaches, encrypting the packaged data; and transmitting the encrypted, packaged data over the attributed network (Ebrahimi   [0014] FIG. 3B is a flowchart of a process for transferring an encrypted original data file (e.g., an image file) from a mobile device to an image-capturing device, in accordance with an example embodiment.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of Ebrahimi  in order to secure the transaction.

Claims 5-7, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of Bower et al(US 20170357522 A1).

With regards to claim 5, Wei in view of Chan, do not exclusively but Bower teaches, receiving, from the client device, a request to access the attributed network, the request comprising system image data representing a status of the client device; authenticating the client device by verifying the system image data as matching a verified system image included in an immutable entry in the registry (Bower FIG 5 502 and 504 512 and associated text; ); responsive to authenticating the client device and the user, obtaining the digital registration certificate from the registry (Bower 5 506 and associated text; ).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of Bower in order to secure the system.

With regards to claim 6, Wei in view of Chan, and Bower teaches, wherein the verified system image data includes data indicative of one or both of a pre-approved software configuration of the client device or a hardware configuration of the client device (Bower [0003] A computer program embodied on a tangible computer readable medium includes computer code for identifying a stored configuration of a system, computer code for determining whether the stored configuration of the system includes digital signatures of each of a plurality of parties, and computer code for conditionally implementing a current configuration of the system, based on the determining.).

With regards to claim 7, Wei in view of Chan, and Bower teaches, further comprising: responsive to a failed authentication of the client device, causing the client device to revert to a pre-approved software configuration (Bower [0052] Further still, in one embodiment, if the verification of the signed hash value fails, one or more actions may be performed. For example, if it is determined that the hash value was not signed by each of the plurality of parties, the system may not boot, the system may halt, one or more parties may be notified of the failed signature, the system may boot to a default configuration, etc. ).

Claims 9, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of Castinado et al(US 20170076286 A1).

With regards 9, Wei in view of Chan do not but Castinado teaches, wherein the generated immutable entry storing the digital registration certificate comprises a block chain entry (Castinado [0041]; In certain embodiments, to increase security, enterprise 150 requires an account alias, an authentication certificate (e.g., an SSL certificate generated with a block chain as the central authority), and one or more additional identifiers (e.g., phone number, e-mail address, etc.).). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of Castinado in order to secure the system by particularly to controlling access to account data (Castinado [0001]).

Claims 10, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of NITSCHKE(US 20170054566 A1).

With regards 10, Wei in view of Chan do not but NITSCHKE teaches, wherein the generated immutable entry storing the digital registration certificate comprises a timestamp and a cryptographic hash (NITSCHKE [0035] According to a second variant, the method further comprises to generate a digitally signed timestamp which associates the device certificate with the point in time at which the timestamp is generated. The digitally signed timestamp is preferably generated so that the device certificate or a hash value of the device certificate along with the current time indication, for example in the form of date and time, is digitally signed using a signing key.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of NITSCHKE in order to secure the transaction by authenticity and integrity check using cryptographic methods (NITSCHKE [0002])

Claims 11-13, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and  in view of Chang et al(US 20180019994 A1).

With regards 11, Wei in view of Chan do not exclusively but Chang teaches,  wherein the client device comprises an embedded biometric attribution system (Chang[0087]; The biometric ID of the electronic device may include, for example, a serial number or a phone number of the electronic device. The certificate information may be, for example, information related to a certificate created based on at least one biometric ID of the electronic device and user information (e.g., personal information of the user including a name or an ID of the user) and may be acquired from the authentication server.), and wherein the virtual browser is configured to verify a biometric identifier of the embedded biometric attribution system in response to receiving the request to access the attributed network(Chang [0087] According to various embodiments of the present disclosure, the authentication information transmitting module 215 may transmit authentication information used for user authentication to the authentication server (e.g., the server 106). For example, the authentication information transmitting module 215 may transmit at least one biometric ID of an electronic device (e.g., the electronic device 101), certificate information, or user signature information to the OTP authentication server.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of Chang in order to secure the transaction.

With regards 12, Wei in view of Chan, and Chang teaches, wherein the embedded biometric attribution system comprises a SIM card, the SIM card being associated with the biometric identifier (Chang[0165] The cellular module 1021 may provide, for example, a voice call service, a video call service, a text message service, or an Internet service through a communication network. The cellular module 1021 may identify and authenticate the electronic device 1001 in the communication network using the SIM 1024 (e.g., a SIM card).).

With regards 13, Wei in view of Chan, and Chang teaches, wherein the virtual browser verifies the biometric identifier of the embedded biometric attribution system independent of an operating system of the client device (Chang[0165]).

Claims 15, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of Korous  et al(US 20170318014 A1).

With regards 15, Wei in view of Chan do not but Korous teaches, wherein the biometric data represents behavioral biometric data of the user (  Korous  [0018] The biometric sensor 240 is configured to collect biometric data samples from a user of the communication device 105. For example, the biometric sensor 240 may monitor behavioral biometric data that includes at least one of voice data, gait data, gesture data, and the like.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of Korous in order to prevent unauthorized users from using the communication device without frequent authentication, such authentication may be redundant, difficult, or time-consuming abused(Korous [0001])

Claims 16, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of Zhu et al(US 7987368 B2).

With regards to claim 16 Wei in view of Chan do not but Zhu teaches, wherein user includes an administrative user, and wherein the verified privity marker comprises a verification by another administrative user (Zhu FIG 6 and associated text). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of Zhu in order to make communication with protections.

Claims 18, are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al(US 20070094509 A1) in view of Chan et al(US 20050228998 A1), and in view of POPOVICH et al(US 20160142404 A1).

With regards to claim 18 Wei in view of Chan do not but POPOVICH teaches, periodically requesting verification of biometric data of the user (POPVICH [0026] As discussed above, one embodiment has device 101 performing user authentication by comparing the user's biometric information periodically after the issuance of an identity assertion and disables or deletes the assertion when the user authentication fails a preconfigured number of attempts within a given time.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wei in view of Chan’s method with teaching of POPOVICH in order to  make beneficial for a user to increase assertion lifetimes without increasing the likelihood of the assertion being abused(POPOVICH[0003])

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498