DETAILED ACTION

Claims 1-22 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter

Claims 2-3 and 13-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Information Disclosure Statement

The Information Disclosure Statement(s) submitted by applicant on 6/28/2022 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1, 4-6, 12, and 17-22, are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al. (US Patent Application No. 20150310194) (Hereinafter Zhang) in view of Mays et al. (US Patent Application No. 20180139187) (Hereinafter Mays).

As per claims 1 and 12,  Zhang discloses a system comprising: data processing hardware; and memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations (para 15) , a method comprising: 
receiving, at data processing hardware, an authentication request from a first application service, the authentication request requesting authentication of a user of a user device (para 36, in attempting to access a protected resource, the software sends an authentication request to the authentication server, which generates a device ID using the received device attribute); 
obtaining, at the data processing hardware, device information associated with the user device of the user (para 36, in attempting to access a protected resource, the software sends an authentication request to the authentication server, which generates a device ID using the received device attribute); 
generating, by the data processing hardware, a device Id [unique opaque identifier] for the user device based on the device information (para 36, the authentication server compares the login information and only generates the device ID if valid.); 
obtaining, at the data processing hardware, authentication credentials from the user device, the authentication credentials verifying an identity of the user (token  (the authentication server compares the login information and only generates the device ID if valid. para. 0036); 
in response to receiving the authentication credentials from the user device: generating, by the data processing hardware, an authentication token  (the authentication server compares the login information and only generates the device ID if valid. para. 0036; after generating the device ID, the authentication server creates an authentication token signed with the device ID. Fig. 3, step 305 and para. 0037. The authentication token is encrypted with the device ID such that the authentication token comprises the device ID. para. 0037. The authentication  to the computing device that transmitted the authentication request. Fig. 3, step 307 and para. 0038); and 
encoding, by the data processing hardware, the device Id [unique opaque identifier] for the user device into the authentication token (after generating the device ID, the authentication server creates an authentication token signed with the device ID. Fig. 3, step 305 and para. 0037. The authentication token is encrypted with the device ID such that the authentication token comprises the device ID. para. 0037. The authentication server transmits the authentication token to the computing device that transmitted the authentication request. Fig. 3, step 307 and para. 0038.); and 
transmitting, by the data processing hardware, the authentication token to the first application service, the authentication token when received by the first application service allowing the first application service to adjust an interaction with the user device based on the device Id [unique opaque identifier] (after generating the device ID, the authentication server creates an authentication token signed with the device ID. Fig. 3, step 305 and para. 0037. The authentication token is encrypted with the device ID such that the authentication token comprises the device ID. para. 0037. The authentication server transmits the authentication token to the computing device that transmitted the authentication request. Fig. 3, step 307 and para. 0038.). Zhang explicitly does not disclose opaque identifier. However, Mays discloses opaque identifier (fig 3, para 4, An opaque identifier associated with the user and the first service can be generated, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Zhang and Mays. The motivation would have been to build the network that provide digital identity and authentication (both hardware and software based).

As per claims 4 and 15,  claims are rejected for the same reasons and motivation  as claim 1, above. In addition, Mays discloses receiving, by the data processing hardware, an information request from the first application service requesting the device information, the information request including the unique opaque identifier (para 4, The opaque identifier can be transmitted to or shared with the second service); and 
transmitting, by the data processing hardware, to the first application service, at least a portion of the device information associated with the user device of the user based on the unique opaque identifier (para 44, Authentication of the opaque identifier [identifies user] can be requested from a second service, opaque identifier can facilitate the authentication of an anonymous user and/or device).

As per claims 5 and 16,  claims are rejected for the same reasons and motivation  as claim 1, above. In addition, Mays discloses transmitting, by the data processing hardware, a credentials request to the user device requesting the authentication credentials and user consent to share the device information associated with the user device with the first application service(para 6, Authentication of the opaque identifier [identifies user] can be requested from a second service; para 4, The opaque identifier can be transmitted to or shared with the second service); and 
receiving, by the data processing hardware, a response to the credentials request comprising the authentication credentials and the user consent (para 43, user credentials for authenticating the user with a particular service).

As per claims 6 and 17,  claims are rejected for the same reasons and motivation  as claim 1, above. In addition, Zhang discloses wherein the device information comprises at least one of: a web cookie of the user device (para 3, cookie); an Internet Protocol address of the user device (para 23; or an operating system version of the user device (para 21, operating system).

Claims 7-11 and 18-22, are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al. (US Patent Application No. 20150310194) (Hereinafter Zhang) in view of Mays et al. (US Patent Application No. 20180139187) (Hereinafter Mays) in further view of Logan et al. (US Patent Application No. 20120260322) (Hereinafter Logan).

As per claims 7 and 18, Zhang In view of Mays fails to disclose wherein the authentication token comprises a federated identity token. However, Logan discloses wherein the authentication token comprises a federated identity token (para 4, 9, providing token  based on federated authentication model). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Zhang and Mays with Logan . The motivation would have been to build the network that provide digital identity and authentication (both hardware and software based).

As per claims 8 and 19,  claims are rejected for the same reasons and motivation  as claim 7, above. In addition, Logan discloses wherein the federated identity token comprises one of an OAuth token or a Security Assertions Markup Language (SAML) token (para 28 SAML).

As per claims 9 and 20, claims are rejected for the same reasons and motivation  as claim 7, above. In addition, Logan discloses wherein the federated identity token comprises a proprietary or standards-based federated identity systems token (para 4, 8, The security token from the identity provider is presented to the relying party).

As per claims 10 and 21, claims are rejected for the same reasons and motivation  as claim 7, above. In addition, Logan discloses where encoding the unique opaque identifier into the authentication token comprises adding the unique opaque identifier as an attribute of the authentication token (para 29, The generated token may contain information such as the user's digital identity, a user profile identifier, a duration of the token's lifetime, and other information associated with the user or may simply contain an opaque identifier).

As per claims 11 and 22, As per claims 10 and 21, claims are rejected for the same reasons and motivation  as claim 7, above. In addition, Logan discloses wherein: the user is associated with a plurality of user devices, and each user device of the plurality of user devices is associated with a different unique opaque identifier (para 29, The generated token may contain information such as the user's digital identity, a user profile identifier, a duration of the token's lifetime, and other information associated with the user or may simply contain an opaque identifier, process would be the same to create opaque identifier for different device, Mays: para 57, the identifier generator 209 can be configured to create one or more identifiers, such as opaque identifiers).

Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493