DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 05/02/2022 has been received and considered.
Claims 1 and 4-13 are pending. Claims 6-10 are withdrawn from consideration. 
This action is Final.
Response to Arguments
2.	Applicant's arguments filed 05/02/2022 have been fully considered but are not persuasive. As per amendments to claim 1, applicant argues that claim 1 is now broader in scope than the prior art and therefore the motivation to combine the teachings of Kragh’s identity validation and verification into Hardt’s networked identity framework is disputed. This argument is moot in consideration of the new rejection below. 
	Applicant further argues, regarding claims 4 and 5, the contentions are traversed for at least the same reasons of claim 1. With respect to this argument, Hardt teaches a framework for networked identity management in a user centric model where anonymization of identity data is enabled through the use of an anonymizer. Kragh teaches a method for verifying an validating user identity for enrollment in a secure personal dataset accessing system where a personal dataset includes identifiable attributes of a user. Kragh in col. 25 lines 19-52 discloses pseudonymization, a specialized class of anonymization or pseudonymization that removes the association and adds an association between a particular set of data characteristics relating to the data subject. This is a means for information to be linked together to the same group of persons over time and across multiple data records without revealing the identity of the person and subject data. Therefore it would have been obvious to one of the ordinary skill in the art to combine these teachings into Hardt’s anonymization method in order to protect and control personal identity, privacy and access to personal data. 
 
3. 	The rejections under 35 U.S.C. 112(b) are withdrawn based on the filed amendments.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

4.	Claim 1 is rejected under 35 U.S.C. 102(a)(2) as being anticipated by US Pub No. US 2007/0143860 A1 to Hardt, (hereinafter, “Hardt”).
As per claim 1, Hardt teaches a method of displaying reputation information on a data-user electronic device and on a first data-subject device, using a computer system coupled to at least the data-user electronic device, the computer system comprising a computer, each of the computer, the first data subject device and the data-user electronic device comprising at least a processor and a memory, the method comprising:
displaying, using the first data-subject device, a plurality of items in an electronic proofing guide, of a corresponding plurality of documents available for identity proofing on the data-user electronic device (Hardt, para. [0049] “This selection of data sets can then be presented to the user, through user client 100. The user can then provide an indication of which of the data sets should be submitted to MS 106.” And para. [0097] “The form, in one embodiment, contains a list of options that the user can choose from, for example, permission for the Membersite to store the received identity data, the length of time that the Membersite can store the received identity data, the actions that the Membersite is allowed to perform with the identity data.” And para. [0112] “FIG. 9 is a flowchart illustrating a method of selecting one of a plurality of requested data sets to provide to a membersite…a data set satisfying the structured request is selected. This selection can be done in accordance with either a hard priority list, in conjunction with predetermined user preferences, in accordance with a soft priority list, and/or in accordance with user input. In step 408, the selected set of identity data is transmitted to the membersite. If the requested set of identity data includes identity claims, the claims are preferably validated by the homesite prior to transmission in step 408, and may require updating as described in step 404. And para. [0113] “In FIG. 10 a method of anonymizing user data is illustrated in a flowchart. In step 410 identity data is received. The identity data received in step 410 can be accompanied by an indication of the data that should be redacted. This indication can be explicit, can be derived based on known user preferences, or based on known membersite preferences. In step 412 the identity information is redacted to anonymize the information. This may include removal of identifying information such as a GUPI, or the obfuscation of information such as an address or a date of birth.”)
receiving, using the first data-subject device, first user input indicative of an item selected from among the plurality of items in the electronic proofing guide, corresponding to a document comprised in the plurality of documents available for identity proofing (Hardt, para. [0048] “Data is stored in a variety of forms either in the homesite, or in a data repository accessible to the homesite. Identity claims that satisfy queries are stored either at the homesite or in the aforementioned repositories, and are preferably tested to determine if they match the query…Identity data and claims can be stored in the form of flat file profiles, relational databases, hierarchical data structures, or other forms.” And para. [0059] “Claims are typically authenticated statements about an identity; however, it may be advantageous for the homesite to be able to provide a claim about itself. When HS 102 authenticates user 100 and provides MS 106 with confirmation of authentication and optionally with requested information including claims such as C1 112 and C2 114, it does so at the request of MS 106, and may use an authentication mechanism specified by MS 106.” And para. [0114] “FIG. 11 illustrates a method of obtaining user information from an external site. Once again, this is presented from the perspective of the homesite, although the method performed at the membersite, the user client, and the external site should all be considered as being within the scope of the present invention. In step 416 a request for identity information is received. In step 418 a determination is made that a subset of the requested information is hosted on an external server. This determination can be made by the homesite in accordance with instructions provided in the received request, or can be made by examining the information stored by the homesite. In step 420 a request for the subset is issued to the external server. The identity of the external server can be provided to the homesite in the received request, can be supplied by the user, or can be determined by the homesite in accordance with predetermined rules and information. In step 422 the requested subset of received from the external server, and in step 424 the requested subset is transmitted to the membersite.”);
the first data-subject device transmitting to the computer system, a selection of the document (Hardt, para. [0092] “HS 102 prompts the user to select the claims to be returned to MS 106 and authenticates the user over data paths 288 and 290. The prompt includes an option to anonymize the identity transaction. HS 102 then sends User Client 100 the resultant claims, over data path 292.”);
in response to receipt of the selection, the computer system transmitting to a second data-subject device paired with the selected document, a signal comprising at least one of (a) reputation information to be disclosed and (b) a consent to disclosure of said reputation information (Hardt, para. [0071] “FIGS. 5a and 5b illustrate another embodiment. Homesite (HS) 102 receives a content request over data path 246 from User Client 100 whose identity data is stored in Profile 104 to delegate another user with permission to act on User 100's behalf to release data stored in Profile 104. In this embodiment, the delegate user already has identity data stored at HS 102, in Profile 130.” And para. [0102] “illustrated by FIG. 7, the User Client makes a content request of a Membersite (MS) 106 over data path 330, which in turn makes a call on a Web Service (WS) 138, over data path 332. This, in turn causes a request for a piece of identity data that is stored at a Homesite (HS) 102. WS 138 sends the data request to MS 106 over data path 302. After receiving the data request from WS 138, MS 106 sends a dynamic request over data paths 304 and 306 to HS 102. The dynamic request contains a form stating that WS 138 has requested the data and listing a set of actions that the user can select from regarding the use of the data. After receiving input to the form from User Client 100, HS 102 sends a response including responses to the Dynamic Request over data paths 308 and 310 to MS 106. MS 106 processes the response and issues the requested data to WS 138 over data path 312 along with the restrictions specified by the user regarding what WS 138 can do with the requested data and the length of time that they can use the data. Additionally, if a Membersite needs to request additional data that is not to be stored at the user's Homesite, it can request the data as part of a Dynamic Request. Note that it is also possible for other sites, such as sites that act as Authoritative Sites, to send Dynamic Requests to a user's Homesite.”); 
the second data-subject device transmitting to the data-user electronic device, the consent to disclosure of said reputation information; the data-user electronic device transmitting to the computer system, the consent to disclosure of said reputation information (Hardt, para. [0092] “FIG. 6 illustrates an embodiment of a method of providing an anonymous transaction. In response to a content request from User Client 100, MS 106 sends a request for a set of one or more claims over data paths 202, 204 to HS 102. HS 102 prompts the user to select the claims to be returned to MS 106 and authenticates the user over data paths 288 and 290. The prompt includes an option to anonymize the identity transaction. HS 102 then sends User Client 100 the resultant claims, over data path 292. In an ordinary identity transaction datapath 292 would include a redirection instruction that forwarded the data to MS 106. Instead, in an anonymized identity transaction, the redirection forwards the user to anonymizer 150 over datapath 294. The anonymizer redacts the identity transaction by removing identifying information, such as the GUPI, and then binds the identity claims to the nonce used by the membersite to identify the transaction. The anonymized data is provided to the user client 100 over datapath 296, and is then forwarded to MS 106 over datapath 298.”); 
in response to receipt of the consent from the data-user electronic device, the computer system transmitting to the data-user electronic device, an obfuscated version of the reputation information (Hardt, para. [0063] “FIG. 4 illustrates a possible embodiment of the TTP examples described above. After receiving an authentication level request from MS 106, HS 102 performs the requested authentication and sends a request for an authentication claim to TTP 122 over data path 232. The request preferably contains a hash from the Authentication Engine confirming that the authentication was properly performed. It also contains an HSID confirming the identity of HS 102. After processing the request, TTP 122 sends a digitally signed authentication claim to HS 102 over data path 234. After receiving consent to release the requested data from User Client 100, HS 102 sends the authentication claim as part of the response to MS 106 via User Client 100.”); and 
in response to said detecting, the data-user electronic device automatically displaying on a screen therein, the reputation information on receipt thereof from the computer system (Hardt, para. [0102] “the User Client makes a content request of a Membersite (MS) 106 over data path 330, which in turn makes a call on a Web Service (WS) 138, over data path 332. This, in turn causes a request for a piece of identity data that is stored at a Homesite (HS) 102. WS 138 sends the data request to MS 106 over data path 302. After receiving the data request from WS 138, MS 106 sends a dynamic request over data paths 304 and 306 to HS 102. The dynamic request contains a form stating that WS 138 has requested the data and listing a set of actions that the user can select from regarding the use of the data. After receiving input to the form from User Client 100, HS 102 sends a response including responses to the Dynamic Request over data paths 308 and 310 to MS 106. MS 106 processes the response and issues the requested data to WS 138 over data path 312 along with the restrictions specified by the user regarding what WS 138 can do with the requested data and the length of time that they can use the data. Additionally, if a Membersite needs to request additional data that is not to be stored at the user's Homesite, it can request the data as part of a Dynamic Request. Note that it is also possible for other sites, such as sites that act as Authoritative Sites, to send Dynamic Requests to a user's Homesite.”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



5.	Claims 4-5 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Hardt, as disclosed above, in view of US Patent No. US 10,255,419 B1 to Kragh, (hereinafter, “Kragh”). 
As per claim 4, Hardt teaches the method of claim 1, however fails to explicitly teach but Kragh teaches:
 wherein the consent is characterized by absence of any variables that allow for re-identification (Kragh, col. 25 lines 19-52 “A Blind Identity Trust Registry is herein referred to as a registry with Blinded Authenticated Identity Attributes that has a globally unique identifier that is assigned a unique user email address (P282, 14/60-64) with multifactor authentication functionality required that has an expiration date along with other authenticated personal attributes. P282, 0065 the trusted process validates the user's ID and provides an authentication process. Given: It is recognized that when a RP questions or makes a request for additional attribute information, the RP always corresponds with the user's Identity Proofing agent-IdP. There are selected individuals who want to remain Anonymous and that all transactions be doubled blinded so that the IdP and the RP remain blinded from the other. For a user to want to become Anonymous they first must be known, credentialed, authenticated with a high level of trust. As noted in 0008 Anonymization and Pseudonymization are specific de-identification processes that file the intent of HIPAA 1996 and the HIPAA omnibus rules of January 2013. An authenticated user, who is credentialed and has high Trust Level status, such as a sports figure, executive, celebrity or Politian and wants to have an anonymized authenticated identity, must follow an anonymity identity process if offered by an IdP. Pseudonymization is a specialized class of Anonymization or Pseudonymization that removes the association and adds an association between a particular set of data characteristics relating to the data subject in addition to adding more pseudonyms. This is a means by which information can be linked together to the same group of persons over time and across multiple data records without revealing the identity of the person and subject data. A trusted third party play's a critical role if there needs to be a re-identification event that is in response to a major public health event all of which is defined in HIPAA.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kragh’s identity verification into Hardt’s networked identity framework, with a motivation to control and manage personal identity, privacy and access to personal data (Kragh, col. 3 lines 18-35). 
As per claim 5, the combination of Hardt and Kragh teaches the method of claim 4, wherein 
the variables comprise at least one of name, address and phone number of a data subject (Hardt, para. [0015] “the identity information includes information selected from a list including: a unique identifier associated with the user; a user birth date; and a user address. Where the identifying information is a unique identifier, the step of redacting can include replacing the unique identifier with an identifier that is pairwise unique between the user and the membersite. Where the identifying information is a unique identifier, the step of redacting can include replacing the unique identifier with an identifier selected from a pool of identifiers. Where the identifying information is a user birth date, the step of redacting can include replacing the user birth date with an age range. Where the identifying information is a user address, the step of redacting can include replacing the user address with one of a country, province, state, city, postal code, zip code or other non-specific geographical indicator derived in accordance with the user address.”);
the reputation information is characterized by absence of any variables that allow for re-identification (Kragh, col. 11 lines 40-65 “The substantive part of the process 100 begins with entry of demographic data (block 105), which can include entering an email address and a selected password (for verification re-entry; block 106). All required personal data are also entered (block 107), which can include, but are not intended to be limited to, such as name, address, citizenship, social security number, etc. A verification request screen provides the ability to perform further validation against sponsor supplied list (block 108). Acceptance may be recognized by elements such as a government-issued ID; driver's license, Medicaid, Medicare or Food Stamp card, a PIV card, a Green Card, or a passport with a magnetic stripe or bar code that can be swiped in a reader and electronically present a matching name. In addition, or in lieu of this, an employer, membership club or organization that issues magnetic stripe card can be used as a secondary validating source. Due to digital automation and the explosive acceptance of social media with 50% of the population having social identities that requires minimum demographic data, user name, address and a password, such are being recognized as baseline qualifiers when used with a one-time-number/password (OTP) for initiating an IdP starting the authentication process with user focused knowledge based questions, a process recognized as Knowledge Based Authentication or KBA.”); 
the variables comprise at least one of name, address and phone number of a data subject (Hardt, para. [0015] “the identity information includes information selected from a list including: a unique identifier associated with the user; a user birth date; and a user address. Where the identifying information is a unique identifier, the step of redacting can include replacing the unique identifier with an identifier that is pairwise unique between the user and the membersite. Where the identifying information is a unique identifier, the step of redacting can include replacing the unique identifier with an identifier selected from a pool of identifiers. Where the identifying information is a user birth date, the step of redacting can include replacing the user birth date with an age range. Where the identifying information is a user address, the step of redacting can include replacing the user address with one of a country, province, state, city, postal code, zip code or other non-specific geographical indicator derived in accordance with the user address.”); 
the reputation information comprises at least one of: 
a fraud alert indicating the selected document is being claimed by a plurality of data subjects (Kragh, col. 26 lines 26-43 “a candidate provides subjective identity data for consideration. Verification is a process that checks to determine the authenticity of the asserted identity data. Validation is intended to confirm that the identity asserted matches and meets the initial attributes of the original identity and related specifications requirements such images, demographics, prints, nomenclatures and regulations. In order to strengthen the foregoing and maintain a high level of confidence in data generated and integrity in the electronic data sharing process such as in healthcare by way of example, the process must incorporate e-audit identifier trails, have a traceable electronic enterprise infrastructure and generate key bench mark performance indicators.”); and 
highest number of documents vetted among the plurality of data subjects (Kragh, col. 15 lines 11-24 “The involvement of a trusted notary during an identity proofing process can enhance a candidate user's Credential Strength Value; By way of example, if the minimum score was achieved at block 113, three consumer-based questions are presented (block 121), such as, for example, third-party-providing knowledge-based questions. Depending upon the number of correct answers (block 122), the process 100 proceeds as follows. If all three questions are answered correctly, the process continues at block 124. If only two questions are answered correctly, a fourth consumer-based question is posed (block 123), and, if this is answered correctly, the process proceeds to block 124. If either the fourth question is answered incorrectly, or only one of the three initial questions is answered correctly, the process 100 returns to block 114, wherein the process 100 is put on hold.”); 
the data-user electronic device digital signing a vetting request that comprises the consent and a count of proofing documents, and sending the signed request to the computer system (Kragh, col. 21 lines 66-67 and col. 22 lines 1-11 “Typically, each plan will have a scoring process associated with it in order to achieve a plan-designated authentication scoring level. An individual will know steps in advance that will assist in helping one achieve a designated score that can be independently validated and audited. The resulting score of an identity-proofing process then results in a pass or no-pass score. FIG. 8 is an exemplary emergency medical data set layout of the present invention digitally or electronically signed by someone with access to the entire record. FIG. 9 is a portion of the data set of FIG. 8, with the emergency medical data set hidden from view.”); and 
the first data-subject device and the second data subject device are the same device (Kragh, col. 30 lines 50-61 “Now consider the same credential documents being issued in a digital mobile or internet format specifically designed for smartphones that a user already has in their smartphone device. When a user elects to elevate the strength of their digital identity for a specific transaction or to address a Relying Party issue, the user only needs to present the digital image of the credentialed document on their user-hub smartphone that is authenticated to the user. The digital image will reflect the document, its chip, bar code or QR code that will be read electronically while being displayed while also enabling real time verification of the document's visual security features by the issuing third party authority.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kragh’s identity verification into Hardt’s networked identity framework, with a motivation to control and manage personal identity, privacy and access to personal data (Kragh, col. 3 lines 18-35). 
As per claim 11, Hardt teaches the method of claim 1, however fails to explicitly teach but Kragh teaches:
further comprising: detecting, using the data-user electronic device, an unlock condition based on a second user input received at a second input mechanism, wherein the data-user electronic device is configured to interpret the second user input as a password for unlocking access to the obfuscated reputation information (Kragh, col. 9 lines 61-67 and col. 10 lines 1-10 “one may have an authenticated digital identity but its initial use may be limited to the regulated industries of Healthcare and Financial Services and to a greater extent to digital commerce. A user may receive a request from a loyal vendor where they invite them to upgrade their trade username-password and possible a biometric print (multifactor authentication) to their platform. The customer/user can now respond that they have a Digital Identity (metadata) and can ask the vendor to contact the user/customer's IdP to establish their user's trust profile using their metadata attributes associated with their multifactor authentication and also provide direction on how their privacy and data will be managed. The user's new attribute profile will be logged into the user's Relying Party Registry and Attribute Registry.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kragh’s identity validation and verification into Hardt’s networked identity framework, with a motivation to control and manage personal identity, privacy and access to personal data (Kragh, col. 3 lines 18-35). 
As per claim 12, the combination of Hardt and Kragh teaches the method of claim 11,  wherein the second user input comprises a cryptographic key (Kragh, col. 31 lines 18-29 “one class of attributes can provide a high level of trustworthiness to create an eID (digital). But once a unique e-identity is created, a validated attribute of that person can be used as trusted pointer/key to person's authenticated eID. An identity verification process does not convey or grant a value, benefit or privilege. It is an electronic instrument to provide a level of authenticity and confidence as to one's eID and related trusted attributes. An authenticated eID must carry with it a high level of trust and assurance in order to maintain trust and integrity in the eID process and to continually challenge the system to single out identities of questionable character.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kragh’s identity verification into Hardt’s networked identity framework, with a motivation to control and manage personal identity, privacy and access to personal data (Kragh, col. 3 lines 18-35). 
As per claim 13, the combination of Hardt and Kragh teaches the method of claim 11, wherein the second user input comprises a value that uniquely identifies the selected document (Kragh, col. 19 lines 31-42 “The key principles include ID proofing, generating new identity reference/tokens, or recognizing and accepting existing ones to provide contacts and directives. A trusted process incorporates functional, institutional and privacy attributes, and authenticated attributes, linked to a participant's digital ID included for generating an enhanced token in compliance with Federal Guidelines and Regulations and established policies. Real-time authentication and/or verification of identity are coupled with privileges and attribute based access control with authenticated attributes and supporting attributes for devices, things, applications, objects, subjects and events”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kragh’s identity verification into Hardt’s networked identity framework, with a motivation to control and manage personal identity, privacy and access to personal data (Kragh, col. 3 lines 18-35). 
Conclusion
6.		The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20200106611 A1 – Identity proofing offering for customers and non-customers.
US 6976164 B1 – User identification and password requests with identity change within a certificate-based host session.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437 

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437