DETAILED ACTION
This Office Action is in response to the application filed on 12/22/2020 having claims 1-20 pending.
Claims 1-20 are examined and being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
Applicant’s oath/declaration, filed on 12/22/2020, has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/18/2022 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The Specification filed on 12/22/2020 is accepted for examination purpose.

Drawings
The Drawings filed on 12/22/2020 are accepted for examination purpose.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Independent claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. Specifically, claim 1 recites the limitation, “the data associated with the user being absent from the signed certificate”. However, the claim also recites the signed certificate comprising the public key of the user and information indicating a health status of the user.  The scope of the claim is unclear and indefinite as discrepancy exists on the description of the recited signed certificate.  That is, it is unreasonable to have the recited signed certificate to include the public key of the user and information indicating a health status of the user, but exclude the data associated with the user at the same time.  That is, the claimed public key of the user and information indicating a health status of the user of the signed certificate is data associated with the user and contradict with the limitation regarding data associated with the user being absent from the signed certificate.  It is also noted that the specification does not provide details on the claimed data associated with the user that is absent from the signed certificate.  Rather, the specification on parag. [0022] only indicates that the public key of the user, the hash of the data associated with user and the current health status of the user are to be included in the signed certificate.  Appropriate correction is required.
Dependent claims 2-16 are also rejected under 35 U.S.C. 112(b) based on dependency of claim 1.
Independent claim 17 is rejected under 35 U.S.C. 112(b) based on same rationale applied to independent claim 1 stated above.
Claim 18 is rejected under 35 U.S.C. 112(b) based on its dependency to claim 17.
Claims 19 and 20 are rejected under 35 U.S.C. 112(b) based on same rationale applied to independent claim 1 stated above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-8, 13-14, 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Raduchel et al. (US 2019/0208354) hereinafter Raduchel in view of White et al. (US 10,923,216) hereinafter White.
As per Claim 1, Raduchel teaches a computer-implemented method comprising: 
sending, to a first device, a request for a signed certificate (Raduchel, Parag. [0042]; “an electronic medical record may have a digital certificate attached … the digital certificate may include, for example, a digital signature of the submitting party.” … Parag. [0060]; “The user electronic device 130 creates a first request for electronic medical records based on the accessed authentication token (206). For example, the user electronic device accesses information associated with a first storage system (e.g., storage system 140) storing electronic medical records included in the request and generates a request for the electronic medical records stored by the first storage system based on the accessed information and the accessed authentication token.”), the request for the signed certificate comprising a signed hash of data associated with a user, a corresponding public key of the user (Raduchel, Parag. [0060]; “The first request also may include information identifying the user and/or the electronic medical records asked for in the request. However, the requested information segment for the electronic medical record may not include information identifying the user. As disclosed herein, a particular electronic medical record may be segmented and each segment stored at separate storage. To mitigate the risks of data breach, each segment is not only stripped of information identifying the patient (the user) but also encrypted by a key unique to the patient (for example, the public key of the user). To counter data alteration/tampering, the segment also may include integrity check. In one example, a hash code (e.g., a MD5 hash) may be generated for the segment and embedded with the data segment in a manner unknown to an intruder.”), and the data associated with the user (Raduchel, Parag. [0060]; “The first request also may include information identifying the user and/or the electronic medical records asked for in the request.”); 
sending, to a second device different from the first device, a request for the signed certificate (Raduchel, Parag. [0061] “The user electronic device 130 creates a second request for electronic medical records based on the accessed authentication token (208). The user electronic device 130 may create the second request in a manner similar to creating the first request described above with respect to step 206. The second request may be addressed a second storage system (e.g., storage system 150) storing electronic medical records included in the request. The second storage system may be different from the first storage system.”), the request comprising information to retrieve the signed certificate (Raduchel, Parag. [0118]; “In particular, the electronic device 740 may store information identifying the electronic medical records storage systems that store electronic medical records for the particular patient (e.g., electronic medical records storage systems 710, 720, and 730) and information needed to authenticate and retrieve electronic medical records for the particular patient from each of the electronic medical records storage systems.”); and 
obtaining, from the second device, a signed certificate the signed certificate comprising the public key of the user, (Raduchel, Parag. [0068]; “The storage system 150 receives the second request (220), authenticates the second request (222), accesses electronic medical records associated with the second request (224), and transmits the accessed electronic medical records to the user electronic device (226).” … Parag. [0069]; “The chain of trust may include an authenticity feature of the particular electronic medical record, that is, the particular electronic medical record is authentic as submitted by the purported submitting party. … In some instances, a certificate authority (CA) may provide the digital certificates as well as a public/private key infrastructures (PKI) for participating entities, including, for example, the individual patients, healthcare professionals, or health insurance carriers. For instance, hospitals (or healthcare professionals) may submit electronic medical records with a proof of authenticity (such as, for example, a digital certificate). In these instances, the electronic medical records may be encrypted with a private key of the submitting party and the corresponding public key may be attached to the encrypted medical records.” … Parag. [0042]; “… The digital certificate may include a public key of the submitting party …”), the hash of the data associated with the user (Raduchel, Parag. [0140]; “In one example, the application program may replace information in the electronic medical data that identifies the user with a random string, such as a hash.”), and [information indicating a health status of the user], the data associated with the user being absent from the signed certificate (Raduchel, Parag. [0060]; “The first request also may include information identifying the user and/or the electronic medical records asked for in the request. However, the requested information segment for the electronic medical record may not include information identifying the user.”).
Raduchel does not expressly teach:
information indicating a health status of the user for the signed certificate.
However, White teaches:
information indicating a health status of the user (White, Col. 6, lines 57-66; “In an embodiment, the certificate component 4 functions to process a secure test result 3a and from the test result processing, generate a digital certificate 4a attesting to the acceptability of the test result for one or more purposes. Those purposes may include, for example, allowing the user 21 whose health is represented by the digital certificate 4a to access one or more venues that are associated with venue access component 6. The digital certificate 4a also may include the test result as well as all information provided in the secure test result 3a”.  Col. 20, lines 55-60; “For example, the user 21, operating PD 400, may attempt to purchase a concert ticket for a venue associated with the VAM 600. For this transaction (purchase a ticket) to be approved, the user may be required to supply, or have supplied on behalf of the user 21, the user's health status.).
Raduchel and White are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a computer-implemented method to request and obtain a signed certificate that provides the health status of a user.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of White’s system into Raduchel’s system with a motivation to provide safe and secure transmission of health-related data and status of a user to ensure validity of health data while granting access to a venue (White, Abstract and Col. 5, lines 34-36).

As per claim 2, the combination of Raduchel and White teaches the computer-implemented method of claim 1.  Raduchel further teaches wherein the data associated with the user corresponds to partial personally identifiable information (Raduchel, Parag. [0241]; “user information can be stored in a user profile. A user profile can contain data including but not limited to age, gender, fitness, weight, body composition, percentage of body fat, ethnicity, family medical history, personal medical history, current medical condition, genetics, social relationships, economic well-being, spending habits, as well as other behavioral, consumer, financial and demographic data that can provide insight into the user 120.”).

As per claim 3, the combination of Raduchel and White teaches the computer-implemented method of claim 2. Raduchel further teaches wherein the partial personally identifiable information corresponds to information available on an identity document of the user (Raduchel, Parag. [0240]; “… a Personal Health Record is to enable a more streamlined onboarding process with new healthcare providers so that instead of the user 120 filling out paperwork, an electronic document can be sent with the same basic information …”.  Parag. [0241]; “user information can be stored in a user profile. A user profile can contain data including but not limited to age, gender, fitness, weight, body composition, percentage of body fat, ethnicity, family medical history, personal medical history, current medical condition, genetics, social relationships, economic well-being, spending habits, as well as other behavioral, consumer, financial and demographic data that can provide insight into the user 120.”).

As per claim 4, the combination of Raduchel and White teaches the computer-implemented method of claim 1.  Raduchel further teaches wherein the data associated with the user (Raduchel, Parag. [0060]; “… information identifying the user and/or the electronic medical records ….”).   In additional, White teaches the data associated with the user corresponds to an obfuscated or deformed image of the user (White, Col. 19, lines 42-46; “The biometric profile 406 may include a jpeg image. Biometric data 406a may be transformed by a mathematical operation, algorithm, or hash that represents the complete biometric information (e.g., a complete fingerprint scan, a complete retina scan).”). 

As per claim 5, the combination of Raduchel and White teaches the computer implemented method of claim 1.  Raduchel further teaches wherein the information to retrieve the signed certificate comprises either the public key of the user or a hash of the public key of the user (Raduchel, Parag. [0042]; “… The digital certificate may include a public key of the submitting party …”.  Parag. [0068]; “The storage system 150 receives the second request (220), authenticates the second request (222), accesses electronic medical records associated with the second request (224), and transmits the accessed electronic medical records to the user electronic device (226).” … Parag. [0069]; “The chain of trust may include an authenticity feature of the particular electronic medical record, that is, the particular electronic medical record is authentic as submitted by the purported submitting party. … In some instances, a certificate authority (CA) may provide the digital certificates as well as a public/private key infrastructures (PKI) for participating entities, including, for example, the individual patients, healthcare professionals, or health insurance carriers. For instance, hospitals (or healthcare professionals) may submit electronic medical records with a proof of authenticity (such as, for example, a digital certificate). In these instances, the electronic medical records may be encrypted with a private key of the submitting party and the corresponding public key may be attached to the encrypted medical records.” … Parag. [0118]; “In particular, the electronic device 740 may store information identifying the electronic medical records storage systems that store electronic medical records for the particular patient (e.g., electronic medical records storage systems 710, 720, and 730) and information needed to authenticate and retrieve electronic medical records for the particular patient from each of the electronic medical records storage systems.”).

As per claim 7, the combination of Raduchel and White teaches the computer-implemented method of claim 1.  White further teaches wherein the data associated with the user and the signed certificate are provided by a user device to a relying party device (White, Col. 16, lines 47-50; “In operation, a transaction module of server 610 may initiate a transaction with the server 510. For example, the personal smart device 400 may communicate with a venue represented by VAM 600 (i.e. relying party) to access that venue.” … Col. 16-17, lines 63-5; “In response, the transaction module transmits a key request 720 to the key management module. The key request 720 may indicate that the VAM 600 has determined to complete one or more transactions with the smart personal device 400. In an aspect, the key request 720 is to occur between the VAM 600 and the smart personal device 400. In an aspect, the key request 720 indicates a requested transaction type (e.g., health certification (i.e., the key request 720 is for a health credential that the transaction module requires to complete the transaction(s)).”).

As per claim 8, the combination of Raduchel and White teaches the computer-implemented method of claim 7. White further teaches wherein the relying party device displays the data associated with the user and the information indicating the health status of the user on a display screen thereof (White, Col. 7, lines 55-60; “The user 21 may employ the digital certificate 4b in its digital form or in a printed form. For example, the user 21 may the provide the digital certificate 4b on the user's smart phone display, where the digital certificate may be read at a venue access point.” … Col. 8, lines 54-57; “In an embodiment, the certified ticket 6a may be produced by the venue access component 6 based on inputs received from the test result, or health status transmission component 3 and/or the data merging component 5.”  Col. 19, lines 60-63; “image … display at the point of entry of a venue to allow an administrator (e.g., a clerk or security guard) to confirm or reject the identity of the user 21 requesting venue access …”.  Col. 20, line 55 to Col. 21, line 2; “For example, the user 21, operating PD 400, may attempt to purchase a concert ticket for a venue associated with the VAM 600. For this transaction (purchase a ticket) to be approved, the user may be required to supply, or have supplied on behalf of the user 21, the user's health status. … to grant access to concert venue.”  Examiner submits that the image data and the user health status need to be displayed and checked at the point of entry of a venue when using the purchased ticket for access to the venue).

As per claim 13, the combination of Raduchel and White teaches the computer-implemented method of claim 1.  White further teaches wherein the information indicating a health status of the user relates to one of an immunisation status or a vaccination status (White, Col. 4, lines 6-7; “… the result could also indicate immunity to a particular disease for a period of time”.  Col. 5, lines 10-11; “… show long-term immunity to an infection …”).

As per claim 14, the combination of Raduchel and White teaches the computer-implemented method of claim 1.  Raduchel further teaches wherein the second device is one of a server comprising signed certificates provided by a certificate authority or a server managed by a certificate authority (Raduchel, Parag. [0050] “For example, the multiple record storage systems 140, 150, and 160 may include a personal computer, a server, or a database.” … Parag. [0068]; “The storage system 150 (i.e. second device) receives the second request (220), authenticates the second request (222), accesses electronic medical records associated with the second request (224), and transmits the accessed electronic medical records to the user electronic device (226).” … Parag. [0069]; “The chain of trust may include an authenticity feature of the particular electronic medical record, that is, the particular electronic medical record is authentic as submitted by the purported submitting party. … In some instances, a certificate authority (CA) may provide the digital certificates as well as a public/private key infrastructures (PKI) for participating entities, including, for example, the individual patients, healthcare professionals, or health insurance carriers. For instance, hospitals (or healthcare professionals) may submit electronic medical records with a proof of authenticity (such as, for example, a digital certificate). In these instances, the electronic medical records may be encrypted with a private key of the submitting party and the corresponding public key may be attached to the encrypted medical records.”).

As per claim 16, the combination of Raduchel and White teaches the computer-implemented method of claim 1.  Raduchel further teaches wherein the first device is one of a healthcare communication device or a healthcare server (Raduchel, Parag. [0050]; “For example, the multiple record storage systems 140, 150, and 160 may include a personal computer, a server, or a database. … In these implementations, the multiple record storage systems 140, 150, and 160 may be associated with one or more of a doctor, a hospital, a pharmacy, an insurance company, a records storage company, another type of medical service provider, or another type of organization that stores electronic medical records.”).

As per claim 17, Raduchel teaches a computer-implemented method comprising: 
obtaining a public key of a user, a hash of data associated with the user (Raduchel, Parag. [0042]; “… The digital certificate may include a public key of the submitting party …”.  Parag. [0060]; “The first request also may include information identifying the user and/or the electronic medical records asked for in the request. However, the requested information segment for the electronic medical record may not include information identifying the user. As disclosed herein, a particular electronic medical record may be segmented and each segment stored at separate storage. To mitigate the risks of data breach, each segment is not only stripped of information identifying the patient (the user) but also encrypted by a key unique to the patient (for example, the public key of the user). To counter data alteration/tampering, the segment also may include integrity check. In one example, a hash code (e.g., a MD5 hash) may be generated for the segment and embedded with the data segment in a manner unknown to an intruder.”), without having access to the data associated with the user (Raduchel, Parag. [0060]; “The first request also may include information identifying the user and/or the electronic medical records asked for in the request. However, the requested information segment for the electronic medical record may not include information identifying the user.”), and [information indicating a health status of the user], from a communication with a first device (Raduchel, Parag. [0060]; “The user electronic device 130 creates a first request for electronic medical records based on the accessed authentication token (206). For example, the user electronic device accesses information associated with a first storage system (e.g., storage system 140) storing electronic medical records included in the request and generates a request for the electronic medical records stored by the first storage system based on the accessed information and the accessed authentication token.”); and 
signing a certificate comprising the public key of the user, the hash of the data associated with the user (Raduchel, Parag. [0042]; “… The digital certificate may include a public key of the submitting party …”.  Parag. [0068]; “The storage system 150 receives the second request (220), authenticates the second request (222), accesses electronic medical records associated with the second request (224), and transmits the accessed electronic medical records to the user electronic device (226).” … Parag. [0069]; “The chain of trust may include an authenticity feature of the particular electronic medical record, that is, the particular electronic medical record is authentic as submitted by the purported submitting party. … In some instances, a certificate authority (CA) may provide the digital certificates as well as a public/private key infrastructures (PKI) for participating entities, including, for example, the individual patients, healthcare professionals, or health insurance carriers. For instance, hospitals (or healthcare professionals) may submit electronic medical records with a proof of authenticity (such as, for example, a digital certificate). In these instances, the electronic medical records may be encrypted with a private key of the submitting party and the corresponding public key may be attached to the encrypted medical records.”), and [the information indicating the health status of the user], the signing delivering a signed certificate, the data associated with the user being absent from the signed certificate (Raduchel, Parag. [0060]; “The first request also may include information identifying the user and/or the electronic medical records asked for in the request. However, the requested information segment for the electronic medical record may not include information identifying the user.”).
Raduchel does not expressly teach:
the information indicating the health status of the user for the signed certificate.
However, White teaches:
the information indicating a health status of the user (White, Col. 6, lines 57-66; “In an embodiment, the certificate component 4 functions to process a secure test result 3a and from the test result processing, generate a digital certificate 4a attesting to the acceptability of the test result for one or more purposes. Those purposes may include, for example, allowing the user 21 whose health is represented by the digital certificate 4a to access one or more venues that are associated with venue access component 6. The digital certificate 4a also may include the test result as well as all information provided in the secure test result 3a”.  Col. 20, lines 55-60; “For example, the user 21, operating PD 400, may attempt to purchase a concert ticket for a venue associated with the VAM 600. For this transaction (purchase a ticket) to be approved, the user may be required to supply, or have supplied on behalf of the user 21, the user's health status.).
Raduchel and White are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a computer - implemented method to request and obtain a signed certificate that provides the health status of a user.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of White’s system into Raduchel’s system with a motivation to provide safe and secure transmission of health-related data and status of a user to ensure validity of health data while granting access to a venue (White, Abstract and Col. 5, lines 34-36).

As per claim 18, the combination of Raduchel and White teaches the computer-implemented method of claim 17. Raduchel further teaches further comprising transmitting to the first device a notification subsequent to the signing, wherein the notification informs of an availability of the signed certificate (Raduchel, Parag. [0082]; “The user electronic device 130 may transmit acknowledgements to the record storage system sending a particular electronic medical record when the user electronic device 130 receives the particular electronic medical record.”)

As per claim 19, it is a system claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1. 
In addition, Raduchel teaches at least one processor Raduchel, Parag. [0199]; “Suitable processors include, by way of example, both general and special purpose microprocessors. Generally, a processor will receive instructions and data from a read-only memory and/or a random access memory.”); and
a memory coupled to the at least one processor and storing instructions that, when executed by the at least one processor, configure the at least one processor (Raduchel, Parag. [0199]; “Suitable processors include, by way of example, both general and special purpose microprocessors. Generally, a processor will receive instructions and data from a read-only memory and/or a random access memory.”)to:

As per claim 20, it is a system claim that recites similar limitations to those of claim 17, and therefore it is rejected for the same rationale applied to claim 17.


Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Raduchel et al. (US 2019/0208354) hereinafter Raduchel in view of White et al. (US 10,923,216) hereinafter White as applied to claim 1, and in further view of Blonchek (US 2011/0313928).
As per claim 6, the combination of Raduchel and White teaches the computer-implemented method of claim 1. Raduchel further teaches further comprising:
[receiving, from the first device, a unique certificate identification number], and wherein the information to retrieve the certificate (Raduchel, Parag. [0118]; “In particular, the electronic device 740 may store information identifying the electronic medical records storage systems that store electronic medical records for the particular patient (e.g., electronic medical records storage systems 710, 720, and 730) and information needed to authenticate and retrieve electronic medical records for the particular patient from each of the electronic medical records storage systems.”) [corresponds to the unique certificate identification number].
The combination of Raduchel and White does not expressly teach:
receiving, from the first device, a unique certificate identification number, … corresponds to the unique certificate identification number.
However, Blonchek teaches:
receiving, from the first device, a unique certificate identification number (Blonchek, Parag. [0012]; “The UIN and ERI are physically provided to the individual by the health care provider (i.e. first device) by printing them on a variety of health documents such as discharge instructions or account summaries, or by delivering them electronically to the individual by electronic mail or other electronic mechanism.”), … corresponds to the unique certificate identification number (Blonchek, Abstract; “A method and system for exchanging health information of an individual via the Internet is characterized by tagging of discreet consumer health encounter records, created by an electronic medical record system, with a unique identification number and encoding the identification number in an electronically readable identifier. The record includes the results of medical examinations, medical procedures, medical device measurements and other health information pertinent to the individual.”).
Raduchel, White and Blonchek are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a computer - implemented method to request and obtain a signed certificate that provides the health status of a user.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Blonchek system into Raduchel-White system, with a motivation to provide a method and system for exchanging health information of an individual via the Internet that is characterized by tagging of discreet consumer health encounter records, created by an electronic medical record system, with a unique identification number and encoding the identification number in an electronically readable identifier (Blonchek, Abstract).

As per claim 15, the combination of Raduchel, White and Blonchek teaches the computer-implemented method of claim 6.  Blonchek further teaches wherein the unique certificate identification number is received from the first device (Blonchek, Parag. [0012]; “The UIN and ERI are physically provided to the individual by the health care provider (i.e. first device) by printing them on a variety of health documents such as discharge instructions or account summaries, or by delivering them electronically to the individual by electronic mail or other electronic mechanism.”) 
In addition, Raduchel teaches:
when the signed hash is validated via a signature verification process (Raduchel, Parag. [0322]; “The record storage system 140 (i.e. first device) receives the electronic medical record request message from the user electronic device 130 and then can validate, or verify, the message (1730). In an exemplary embodiment, the address is a hash of the public key corresponding to the private key … In an exemplary embodiment, the private key corresponds to a signature, which can be created via the Elliptic Curve Digital Signature Algorithm ( ECDSA ), … In this embodiment, multiple public keys can be reconstructed from the signature and then each key can be hashed and compared to the address to see if there is a match. If there is not a match, the validation of the signature will have failed, and therefore the validation of the request message will have failed.” … Parag. [0324]; “The record storage system 140 can then send the electronic medical record to user electronic device 130 (1750). In an exemplary embodiment, record storage system 140 sends the electronic medical record as an electronic file. In another embodiment, record storage system 140 sends the electronic medical record as a link in a message. In addition to the electronic medical record, the record storage system 140 can send a response message to the user electronic device 130. This response message can be signed with the record storage system's private key.”).


Claims 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Raduchel et al. (US 2019/0208354) hereinafter Raduchel in view of White et al. (US 10,923,216) hereinafter White as applied to claim 8, and in further view of Baghdasaryan (US 9,749,131).
As per claim 9, the combination of Raduchel and White teaches the computer-implemented method of claim 8. 
The combination of Raduchel and White does not expressly teach:
wherein the relying party device generates a nonce, displays the nonce on the display screen thereof, and sends the nonce to the user device. 
However, Baghdasaryan teaches:
wherein the relying party device generates a nonce, displays the nonce on the display screen thereof, and sends the nonce to the user device (Baghdasaryan, Col. 8, lines 45-48; “For example, the connected device 410 (i.e., as a part of the relying device) may display a quick response (QR) code, barcode, or other optical code to convey information to the user device 401 (e.g., such as the encrypted challenge discussed below.).”… Col. 9, lines 4-16; “Assuming that the user device 401 is already provisioned with a private key and the authentication server 402 is provisioned with the corresponding public key, one embodiment of the invention operates in accordance with the transaction diagram shown in FIG. 5. At 501, the relying party authentication server 402 generates a random challenge (C) (i.e. nonce) and encrypts it with a public key corresponding to the private key stored on the user device 401: EC = Encrypt (PublicKey, C), where C is the random challenge and EC is the encrypted challenge. The authentication server 402 stores C in its storage and sends the EC to the connected device 410 which communicates the EC to the user device 401 as illustrated.”).
Raduchel, White and Baghdarsayan are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a computer - implemented method to request and obtain a signed certificate that provides the health status of a user.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Baghdasaryan system into Raduchel-White system, with a motivation to provide a method and system for authenticating a user by generating a random challenge and transmit it to a user device (Baghdasaryan, Abstract).

As per claim 10, the combination of Raduchel, White and Baghdasaryan teach the computer-implemented method of claim 9. Baghdasaryan further teaches wherein the nonce is encrypted with the public key of the user by the relying party device (Baghdasaryan, Col. 9, lines 4-16; “Assuming that the user device 401 is already provisioned with a private key and the authentication server 402 is provisioned with the corresponding public key, one embodiment of the invention operates in accordance with the transaction diagram shown in FIG. 5. At 501, the relying party authentication server 402 generates a random challenge (C) (i.e. nonce) and encrypts it with a public key corresponding to the private key stored on the user device 401: EC = Encrypt (PublicKey, C), where C is the random challenge and EC is the encrypted challenge. The authentication server 402 stores C in its storage and sends the EC to the connected device 410 which communicates the EC to the user device 401 as illustrated.”).

As per claim 11, the combination of Raduchel, White and Baghdasaryan teaches the computer-implemented method of claim 10.  Baghdasaryan further teaches wherein the user device decrypts the nonce using a private key of the user associated with the public key of the user (Baghdasaryan, Col. 9-10, lines 64-3; “FIG . 7 illustrates the logic employed on the user device 401 in accordance with one embodiment of the invention. A decryption module 703 decrypts the encrypted challenge (EC) 600 sent from the authentication server 402 using a private key 705 stored in a secure storage 704. As mentioned, the private key 705 corresponds to the public key 605 used to perform the encryption.”) , and displays the nonce on a display screen thereof (Baghdasaryan, Col. 10, lines 3-5; “A conversion module 706 then converts the decrypted random challenge, C, to arrive at ShortC 710, which is presented (i.e., displayed) to the user.”), and 
In addition, White teaches:
wherein when the data associated with a user corresponds to the obfuscated or deformed image of the user (White, Col. 19, lines 42-46; “The biometric profile 406 may include a jpeg image. Biometric data 406a may be transformed by a mathematical operation, algorithm, or hash that represents the complete biometric information (e.g., a complete fingerprint scan, a complete retina scan).”), the user device further displays a corresponding non-obfuscated or non-deformed image of the user (White, Col. 19, lines 57-63; “In an embodiment, the ABK 402 operates to cause of a picture profile that includes one or more jpeg or analog images of the user 21. In a picture authentication operation, the image stored in the ABK 402 may be transmitted to a display at the point of entry of a venue to allow an administrator (e.g., a clerk or security guard) to confirm or reject operate the identity of the user 21 requesting venue access.”).


Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Raduchel et al. (US 2019/0208354) hereinafter Raduchel in view of White et al. (US 10,923,216) hereinafter White and Baghdasaryan (US 9,749,131) as applied to claim 9, and in further view of Miyabayashi et al. (US 7,948,925) hereinafter Miyabayashi.
As per claim 12, the combination of Raduchel, White and Baghdasaryan teach the computer-implemented method of claim 9.  Baghdasaryan teaches wherein the nonce is displayed at [corresponding locations on the display screens] of the relying party device and the user device (Baghdasaryan, Col. 8, lines 45-48; “For example, the connected device 410 (i.e., a part of the relying device) may display a quick response (QR) code, barcode, or other optical code to convey information to the user device 401 (e.g., such as the encrypted challenge discussed below.).”… (Baghdasaryan, Col. 10, lines 3-5; “A conversion module 706 then converts the decrypted random challenge, C, to arrive at ShortC 710, which is presented (at display as mentioned at 503) to the user.”).
The combination of Raduchel, White and Baghdasaryan does not expressly teach:
… corresponding locations on the display screens…
However, Miyabayashi teaches:
… corresponding locations on the display screens… (Miyabayashi, Fig. 1 and col. 8, lines 56-65; “The communication devices 100 and 200 included in the communication system 10 may take any form of communication device that can perform communication in both the first communication mode and the second communication mode. The communication devices 100 and 200 may be, for example, a television signal receiver, a video recorder, a media player, an audio amplifier, an audio system, a printer, a facsimile machine, an in-vehicle audio system, a vehicle navigation system, and so on”.  Col. 23, lines 4-6; “The technology according to the above-described embodiment is preferably applicable to SSP (secure simple pairing) described below.” … Col. 23, lines 14-27; “The numeric comparison model is designed for scenarios as follows: (1) both devices that are to communicate to each other are capable of displaying 6-digit numbers; and (2) both devices are capable of having the user to enter “Yes” or “No”. For example, a cellular phone or a personal computer is used for this scenario. (Procedure of Establishing Pairing) First, the user sees 6-digit numbers (from "000000 to “999999) displayed on displays of both devices. The user is then asked whether or not the numbers displayed on both devices are the same. The user then enters “Yes” or “No” on both devices. If “Yes” is entered on both devices, the pairing is successful.”  Examiner submits that the communication devices 100 and 200 can be of the same type of devices that both display the 6-digit numbers identically on their screens).
Raduchel, White, Baghdarsayan and Miyabayashi and are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a computer - implemented method to request and obtain a signed certificate that provides the health status of a user.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Miyabayashi system into Raduchel-White-Baghdarsayan system, with a motivation to provide a method and system for authenticating a user by displaying at the same time a random code into two different devices (Miyabayashi, Col. 23, lines 3-42).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Khassanov et al. (US 2019/0327311) relates to a facility for accessing medical information from a patient is described.
Roennow (US 2019/0189254) relates to a method for verifying user health data comprising generating a user health data item by a user wearable device; hashing the user health data item using a cryptographic hashing function, to create a cryptographic hash block; recording the cryptographic hash block associated with a digital signature of the wearable device to a block of a digital block-chain; and transmitting the user health data item to a receiving device for verification.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.D.C./Examiner, Art Unit 2498    

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498