DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 05/06/2021.
Claims 1-10 are submitted for examination.
Claims 1-10 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on May 06, 2021 claims priority of continuing application 15/908,554 filed on February 28, 2018 which claims priority of provisional application 62/465,431 filed on March 01, 2017. .
Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 06 May  2021.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to
www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-10 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-6 of U.S. Patent No. 11,025,436. Although the claims at issue are not identical, they are not patentably distinct from each other because, please see below table.

 
Instant Application 17/313,739
 
US PAT. # US 11025436 (App. # 15/908,554) 
 
 
SELF-AUTHENTICATING DIGITAL IDENTITY
 
SELF-AUTHENTICATING DIGITAL IDENTITY
 
 
 
 
 
 
1
A method of creating and applying a self-authenticating digital identity for a user having an identity, wherein the method comprises: receiving, by an identity provider computing system, a request for the self-authenticating digital identity; verifying, by the identity provider computing system, the identity of the user; delivering, by the identity provider computing system based on the verifying, an identity assertion to a user computing system associated with the user; creating, by the user computing system, a first aggregated identity assertion comprising the identity assertion received from the identity provider computing system and a public encryption key associated with the user; digitally signing, by the user computing system, the first aggregated identity assertion with a private encryption key associated with the user; delivering, by the user computing system, the digitally signed first aggregated identity assertion to the identity provider computing system; validating, by the identity provider computing system, the digitally signed first aggregated identity assertion;
1
A method of creating and applying a self-authenticating digital identity for a user having an identity, wherein the method comprises the steps of: (a) the user requesting the self-authenticating digital identity from an identity provider; (b) the identity provider taking steps to verify the identity of the user, including employing a third party service having verification expertise or capabilities beyond those held by the identity provider to ensure the identity of the user; (c) the identity provider creating an identity assertion for the user, where the identity assertion includes verification data including a date the identity provider created the identity assertion, the identity of the third party service, and information describing how the identity of the user was verified; (d) the identity provider delivering the identity assertion to the user; (e) the user creating a first aggregated identity assertion comprising the identity assertion received from the identity provider, a date, and a public encryption key associated with the user; (f) the user digitally signing the first aggregated identity assertion with a private encryption key associated with the user; (g) the user delivering the digitally signed first aggregated identity assertion to the identity provider; (h) the identity provider validating the digitally signed first aggregated identity assertion;
 
1
creating, by the identity provider computing system, a second aggregated identity assertion comprising the first aggregated identity assertion received from the user computing system, a date, and a public encryption key associated with the identity provider computing system; digitally signing, by the identity provider computing system, the second aggregated identity assertion; and delivering, by the identity provider computing system, the digitally signed second aggregated identity assertion to the user computing system, wherein the digitally signed second aggregated identity assertion constitutes the self-authenticating digital identity.
1
(i) the identity provider creating a second aggregated identity assertion comprising the first aggregated identity assertion received from the user, a date, and a public encryption key associated with the identity provider; (j) the identity provider digitally signing the second aggregated identity assertion; (k) the identity provider delivering the digitally signed second aggregated identity assertion to the user, wherein the digitally signed second aggregated identity assertion constitutes the self-authenticating digital identity; (l) the user sending the self-authenticating identity to a relying party; (m) the user verifying to the relying party that the user possesses the private encryption key associated with the user; and (n) the relying party accessing and evaluating the verification data to provide assurance regarding the validity of the self-authenticating identity; and (o) the relying party validating the authenticity of the self-authenticating identity by validating that the identity provider is a trusted issuer by confirming the identity provider's public key with the identity provider or by confirming the identity provider's public key with the third party service.
 
2
The method of claim 1, further comprising: sending, by the user computing system, the self-authenticating identity to a relying party computing system; verifying, by the user computing system to the relying party computing system, that the user computing system possesses the private encryption key associated with the user.
1
(l) the user sending the self-authenticating identity to a relying party; (m) the user verifying to the relying party that the user possesses the private encryption key associated with the user;
 
3
The method of claim 2, further comprising: evaluating, by the relying party computing system, the verifying performed by the user computing system to provide assurance regarding the validity of the self-authenticating identity.
1
(n) the relying party accessing and evaluating the verification data to provide assurance regarding the validity of the self-authenticating identity; 
 
4
The method of claim 3, further comprising: validating, by the relying party computing system, the authenticity of the self-authenticating identity by validating that the identity provider computing system is a trusted issuer.
1
and (o) the relying party validating the authenticity of the self-authenticating identity by validating that the identity provider is a trusted issuer by confirming the identity provider's public key with the identity provider or by confirming the identity provider's public key with the third party service.
 
5
The method of claim 4, wherein the validating that the identity provider computing system is the trusted issuer comprises confirming the public key of the identity provider computing system with a third party service.
1
and (o) the relying party validating the authenticity of the self-authenticating identity by validating that the identity provider is a trusted issuer by confirming the identity provider's public key with the identity provider or by confirming the identity provider's public key with the third party service.
 
6
The method of claim 5, further comprising validating, by the relying party computing system, an authenticity of the self-authenticating identity by making an inquiry to the third party service as to whether the self-authenticating identity is still valid.
6
The method of claim 1 further including the step of the relying party validating the authenticity of the self-authenticating identity by making an inquiry to the third party service as to whether the self-authenticating identity is still valid.
 
7
The method of claim 1, wherein the identity assertion includes a confidence level.
2
The method of claim 1 wherein the identity assertion includes a confidence level.
 
8
The method of claim 1, wherein one or more of the public encryption keys is a hashed public key.
3
The method of claim 2 wherein one or more of the public encryption keys is a hashed public key.
 
9
The method of claim 1, wherein the second aggregated identity assertion is digitally signed with a private encryption key associated with the identity provider computing system.
4
The method of claim 3 wherein the second aggregated identity assertion is digitally signed with a private encryption key associated with the identity provider.
 
10
The method of claim 1, wherein the second aggregated identity assertion is digitally signed with a group or ring signature.
5
The method of claim 3 wherein the second aggregated identity assertion is digitally signed with a group or ring signature.
 





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1 and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Kalman Csaba Toth (US PGPUB. # US 2015/0095999, hereinafter “Toth”), and further in view of Gerdes Jr. et al. (US PGPUB. # US 2010/0185864, hereinafter “Gerdes”).

Regarding Claim 1, Toth teaches,
A method of creating and applying a self-authenticating digital identity for a user having an identity, wherein the method comprises: 
receiving, by an identity provider computing system, a request for the self-authenticating digital identity; (¶394, “A requesting user can submit an e-credential request to another user, the issuer, who proofs personal identifying information provided by the requester”, i.e. user is requesting e-credential (self-authenticating identity indicates that an identity provider receives a request for self authenticating digital identity, Fig. 1(109), ¶396, “the figure illustrates an e-credential (electronic credential) requesting user 109 (a requester)”))
verifying, by the identity provider computing system, the identity of the user; (¶394, “an encounter [a session or meeting], or possibly a series of encounters, with issuer(s) to vet the requester by proofing their personal identifying information, for example, by matching the requester to the photograph and signature on their driver's license, and by asking probing questions to ferret out imposters”, i.e. identity provider taking steps to verify the identity of the user).
delivering, by the identity provider computing system based on the verifying, an identity assertion to a user computing system associated with the user; (Fig. 1(112), ¶396, “issuing user 112 (an issuer), who issues an e-credential 113 to the requester 109 by way of their smart phones 102”, i.e. identity assertion is delivered to the user).
Toth does not teach explicitly, 
creating, by the user computing system, a first aggregated identity assertion comprising the identity assertion received from the identity provider computing system and a public encryption key associated with the user; 
digitally signing, by the user computing system, the first aggregated identity assertion with a private encryption key associated with the user; 
delivering, by the user computing system, the digitally signed first aggregated identity assertion to the identity provider computing system; 
validating, by the identity provider computing system, the digitally signed first aggregated identity assertion; 
creating, by the identity provider computing system, a second aggregated identity assertion comprising the first aggregated identity assertion received from the user computing system, a date, and a public encryption key associated with the identity provider computing system; 
digitally signing, by the identity provider computing system, the second aggregated identity assertion; and 
delivering, by the identity provider computing system, the digitally signed second aggregated identity assertion to the user computing system, wherein the digitally signed second aggregated identity assertion constitutes the self-authenticating digital identity.
However, Gerdes teaches,
creating, by the user computing system, a first aggregated identity assertion comprising the identity assertion received from the identity provider computing system and a public encryption key associated with the user; (¶26, “The message comprises an owner's veiled certificate token, the veiled certificate token comprising an encrypted version of the owner's identification data and the owner's identification public key for the certificate”,¶41, “The message contains the individual's identification IDx, the individual's certificate-specific identification public key Kxi”, “Thus, the secure message from x to rj is: x.fwdarw.r.sub.j: .sub.K.sub.j[ID.sub.x.parallel.K.sub.x.sub.i.parallel.vct.sub.x.sub.i.pa- rallel.TS.sub.x.sub.i.parallel.k.sub.i.parallel.CR.sub.x.sup.j.parallel.DS- .sub.x.sub.i] “, ¶42, “where TS.sub.x.sub.i is a timestamp” i.e. user identification data (user identity), user public key and a timestamp (date) are included in the message)
digitally signing, by the user computing system, the first aggregated identity assertion with a private encryption key associated with the user; (¶26, “The message comprises an owner's veiled certificate token, the veiled certificate token comprising an encrypted version of the owner's identification data and the owner's identification public key for the certificate”,¶41, “The message contains the individual's identification IDx, the individual's certificate-specific identification public key Kxi”, i.e. Examiner submits that veiled certification token is an aggregated identity assertion, Fig. 1, ¶70, “An individual can securely send a CA the necessary credentials, public key, VC token, and digitally signing this information with her private key”, i.e. user digitally signs). 
delivering, by the user computing system, the digitally signed first aggregated identity assertion to the identity provider computing system; (Fig. 1, ¶70, “An individual can securely send a CA the necessary credentials, public key, VC token, and digitally signing this information with her private key.”, i.e. user is transmitting first aggregated assertion to CA (identity provider))
validating, by the identity provider computing system, the digitally signed first aggregated identity assertion; (¶26, “The certificate request is validated by verifying the sender's identity through validation of the digital signature using the owner's external public key”,¶43-¶47, “the regulator validates the certificate request”, ¶70, “The CA validates both the veiled certificate request by checking the integrity of DS, and also verifies the token is created properly. In parallel, the CA validates the individual's credentials ensuring that the individual is eligible for the requested certificate”, i.e. regulator (identity provider) validates the message)
creating, by the identity provider computing system, a second aggregated identity assertion comprising the first aggregated identity assertion received from the user computing system, a date, and a public encryption key associated with the identity provider computing system; (¶26, “A veiled certificate is created by combining the veiled certificate token, identification public key, the timestamp along with a digital signature signed by the Certificate Authority”, ¶49, “If credentials are verified, the regulator creates a veiled certificate. For instance, once r.sub.j is satisfied with the credentials of the individual, ID.sub.x, CR.sub.x.sup.j, vct.sub.x.sub.i, k.sub.i, and DS.sub.x.sub.i are removed and r.sub.j digitally signs the certificate with r.sub.j's private key K.sub.j.sup.-1, yielding: VC.sub.x.sub.i.sup.j=K.sub.x.sub.i.parallel.vct.sub.x.sub.i.parallel.TS.- sub.x.sub.i.parallel.E.sub.K.sub.j.sup.-1[MAC(K.sub.x.sub.i.parallel.vct.s- ub.x.sub.i.parallel.TS.sub.x.sub.i)] , i.e. Examiner submits that veiled certificate is an aggregated identity assertion that includes, VC token (aggregated identity received from the user, a timestamp (date) and a public key of the Certificate Authority (identity provider)).
digitally signing, by the identity provider computing system, the second aggregated identity assertion; (¶26, “A veiled certificate is created by combining the veiled certificate token, identification public key, the timestamp along with a digital signature signed by the Certificate Authority”, ¶49, “digitally signs the certificate with rj's private key”, i.e. identity provider digitally sings the veiled certificate (aggregated identity assertion)), and 
delivering, by the identity provider computing system, the digitally signed second aggregated identity assertion to the user computing system (¶70, “the CA generates the requested veiled certificate which is securely transmitted to the individual”), wherein the digitally signed second aggregated identity assertion constitutes the self-authenticating digital identity. (¶56, ¶71, “When all credentials have been verified, the vendor approves service to the individual”, i.e. veiled certificate constitutes the self-authenticating digital identity).
Toth and Gerdes are considered to be analogous art as they both pertain to provide verifiable data to second party who can trust the seal of trusted third party. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the e-credential mechanism of Toth to attach a public key of a trusted third party along with a timestamp system of Gerdes.
	The motivation/suggestion for doing so would be to not expose any identity information about the user, thus ensuring better privacy protection. (Gerdes - ¶24).

Regarding Claim 8, rejection of Claim 1 is included and Toth does not teach explicitly,
The method of claim 1, wherein one or more of the public encryption keys is a hashed public key.
However, Gerdes teaches,
The method of claim 1, wherein one or more of the public encryption keys is a hashed public key. (¶49-¶50, “MAC stands for message authentication code, which is a hash of K.sub.x.sub.i.parallel.vct.sub.x.sub.i.parallel.TS.sub.x.sub.i and is used to decrease the length of VC.sub.x.sub.i.sup.j and to save some signing overhead”, i.e. hash of a public key).

Regarding Claim 9, rejection of Claim 1 is included and Toth does not teach explicitly,
The method of claim 1, wherein the second aggregated identity assertion is digitally signed with a private encryption key associated with the identity provider computing system.
However, Gerdes teaches,
The method of claim 1, wherein the second aggregated identity assertion is digitally signed with a private encryption key associated with the identity provider computing system. (¶26, “A veiled certificate is created by combining the veiled certificate token, identification public key, the timestamp along with a digital signature signed by the Certificate Authority”, ¶49, “digitally signs the certificate with rj's private key”, i.e. identity provider digitally sings the veiled certificate (aggregated identity assertion)).


Claims 2-6 are rejected under 35 U.S.C. 103 as being unpatentable over Kalman Csaba Toth (US PGPUB. # US 2015/0095999, hereinafter “Toth”), and further in view of Gerdes Jr. et al. (US PGPUB. # US 2010/0185864, hereinafter “Gerdes”), and further in view of Stephen Wilson (US 2011/0031310, hereinafter “Wilson). 

Regarding Claim 2, rejection of Claim 1 is included and combination of Toth and Gerdes does not teach explicitly,
The method of claim 1, further comprising: sending, by the user computing system, the self-authenticating identity to a relying party computing system; verifying, by the user computing system to the relying party computing system, that the user computing system possesses the private encryption key associated with the user.
However, Wilson teaches,
The method of claim 1, further comprising: 
sending, by the user computing system, the self-authenticating identity to a relying party computing system; (Fig. 2, ¶68, “the user's response to the e-commerce form 212 causes a Private Key securely stored in the tamper resistant storage of the smartcard 224 to sign transaction details and convey the signed details 240”, i.e. user sends self authenticating identity to a merchant (relying party)) verifying, by the user computing system to the relying party computing system, that the user computing system possesses the private encryption key associated with the user. (¶69, “the merchant server 210 uses the user's Public Key from the Public Key Certificate 290 to verify that the digital signature 244 on the transaction 240 is cryptographically valid and that the transaction 240 has been received intact.”, i.e. digital signature is validated using user’s public key indicates that user computing device posses a private encryption key associated with a user).
Toth, Gerdes Wilson are considered to be analogous art as they all pertain to provide verifiable data to second party who can trust the seal of trusted third party and the user. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the e-credential mechanism of Toth to attach a public key of a trusted third party along with a timestamp system of Gerdes and a relying party is able to verify that the user’s computing system posses a private encryption key system of Wilson.
	The motivation/suggestion for doing so would be to improve the security of credit card transactions to reduce fraud. (Wilson - ¶2).

Regarding Claim 3, rejection of Claim 3 is included and for the same motivation combination of Toth and Gerdes does not teach explicitly,
The method of claim 2, further comprising: 
evaluating, by the relying party computing system, the verifying performed by the user computing system to provide assurance regarding the validity of the self-authenticating identity.
However, Wilson teaches,
The method of claim 2, further comprising: 
evaluating, by the relying party computing system, the verifying performed by the user computing system to provide assurance regarding the validity of the self-authenticating identity. (¶49, “ Merchant applications may then access revocation status via the Online Certificate Status Protocol (OCSP) or similar mechanism. Such embodiments enable merchants to determine whether a used payment card had been cancelled using a simple, fast and secure system, and without requiring the merchant to make contact with the issuing financial institution”, ¶69-¶70, ¶78 i.e. merchant application (relying party) verifies validity of the certificate indicates that validity of self authenticating identity is verified).
Regarding Claim 4, rejection of Claim 3 is included and for the same motivation combination of Toth and Gerdes does not teach explicitly,
The method of claim 3, further comprising: validating, by the relying party computing system, the authenticity of the self-authenticating identity by validating that the identity provider computing system is a trusted issuer.
However, Wilson teaches,
The method of claim 3, further comprising: 
validating, by the relying party computing system, the authenticity of the self-authenticating identity by validating that the identity provider computing system is a trusted issuer. (¶69, “the merchant server 210 will also use a copy of a Root Key Certificate (not shown in the figure) to validate the signature 294 of the issuer on the user's Public Key Certificate 290”, i.e. merchant server (relying party) validates that the issuer computing system is a trusted issuer).

Regarding Claim 5, rejection of Claim 4 is included and for the same motivation combination of Toth and Gerdes does not teach explicitly,
The method of claim 4, wherein the validating that the identity provider computing system is the trusted issuer comprises confirming the public key of the identity provider computing system with a third party service.
However, Wilson teaches,
The method of claim 4, wherein the validating that the identity provider computing system is the trusted issuer comprises confirming the public key of the identity provider computing system with a third party service. (¶69, “the merchant server 210 will also use a copy of a Root Key Certificate (not shown in the figure) to validate the signature 294 of the issuer on the user's Public Key Certificate 290”, i.e. merchant server (relying party) validates that the issuer computing system is a trusted issuer by validating the issuer’s public key).

Regarding Claim 6, rejection of Claim 5 is included and for the same motivation combination of Toth and Gerdes does not teach explicitly,
The method of claim 5, further comprising validating, by the relying party computing system, an authenticity of the self-authenticating identity by making an inquiry to the third party service as to whether the self-authenticating identity is still valid.
However, Wilson teaches,
The method of claim 5, further comprising validating, by the relying party computing system, an authenticity of the self-authenticating identity by making an inquiry to the third party service as to whether the self-authenticating identity is still valid. (¶49, “ Merchant applications may then access revocation status via the Online Certificate Status Protocol (OCSP) or similar mechanism. Such embodiments enable merchants to determine whether a used payment card had been cancelled using a simple, fast and secure system, and without requiring the merchant to make contact with the issuing financial institution”, ¶70, ¶78 i.e. merchant application (relying party) verifies validity of the certificate indicates that validity of self authenticating identity is verified).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Kalman Csaba Toth (US PGPUB. # US 2015/0095999, hereinafter “Toth”), and further in view of Gerdes, JR et al. (US PGPUB. # US 2010/0185864, hereinafter “Gerdes”), and further in view of Jackson et al. (US PGPUB. # US 2016/0294845, hereinafter “Jackson”).

Regarding Claim 7, rejection of Claim 1 is included and for the same motivation combination of Toth and Gerdes does not teach explicitly,
The method of claim 1, wherein the identity assertion includes a confidence level.
However, Jackson teaches,
The method of claim 1, wherein the identity assertion includes a confidence level. (¶15, “thereby providing the validating entity an enhanced level of confidence that the validation results are valid and authentic”, ¶67, “a Certified Electronic Credential using the Credentialer as an integral part of the validation process, and in particular as the Validating Entity's gateway for validation, provides an advantageously high level of confidence that the Credential is valid and authentic”, i.e. identity assertion includes a confidence level).
Toth, Gerdes and Jackson are considered to be analogous art as they all pertain to provide verifiable data to second party who can trust the seal of trusted third party. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the e-credential mechanism of Toth to attach a public key of a trusted third party along with a timestamp system of Gerdes and include a confidence level associated with identity assertion system of Jackson.
	The motivation/suggestion for doing so would be to authenticate an electronic credential that gives the authenticating party the needed level of confidence and assurance that the credential is authentic and valid. (Jackson - ¶11).

Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Kalman Csaba Toth (US PGPUB. # US 2015/0095999, hereinafter “Toth”), and further in view of Gerdes Jr. et al. (US PGPUB. # US 2010/0185864, hereinafter “Gerdes”), and further in view of Abt. JR. et al. (US PGPUB # US 2017/0301052, hereinafter “Abt”).

Regarding Claim 10, rejection of Claim 1 is included and combination of Toth and Gerdes does not teach explicitly,
 The method of claim 1, wherein the second aggregated identity assertion is digitally signed with a group or ring signature.
However, Abt teaches,
 The method of claim 1, wherein the second aggregated identity assertion is digitally signed with a group or ring signature. (¶31-¶37, Fig. 2(225), Fig. 3B, ¶48, ”at 225, a passport agent can use n as the unique identifier for the date stamp s and add it to the Group”, i.e. digital passport (identity) is signed with group signature. Examiner submits that group homomorphism used in connection with digital signature is considered as group signature).  
Toth, Gerdes and Abt are considered to be analogous art as they all pertain to provide verifiable data to second party who can trust the seal of trusted third party. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the e-credential mechanism of Toth to attach a public key of a trusted third party along with a timestamp system of Gerdes and utilize a group signature system of Abt.
	The motivation/suggestion for doing so would be to enable the verification of privacy information in a secure manner so as to prevent access to information that is not required. (Abt - ¶4).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Jens-Uwe, Buber (US PGPUB. # US 2018/0205559) discloses, a method and an apparatus for authenticating a service user for a service that is to be provided. The method has the following steps: a) provision of an anonymous and self-signed certificate, produced by a service use means of the service user, for set-up of a connection, protected by the use of a security protocol, for data transmission between the service use device which is for example, a mobile device or a PC, via his anonymous, self-signed certificate and a service provision device, for example, a server, at the application level using the group signature, and b) verification of the provided anonymous and self-signed certificate by means of a group signature, assigned to a group, for detecting the authorization of the service user to use the service, in order to establish whether the service user providing the certificate through his service use device is a member of the group.
Leblang et al. (US PGPUB. # US 2018/0007060) discloses, a multi-factor authentication process to access services in a computing service environment. One or more policies can be defined for allowing access to one or more services and/or resources associated with a service provider environment according to an authenticated identity. A device, detected by a voice-capturing endpoint within a defined geographical location, may be authenticated according to a unique identification (ID). Voice data received from the voice-capturing endpoint can be authenticated. The authenticated identity can be established according to the authenticated device and the authenticated voice data. A command, received via a voice command from the voice-capturing endpoint, may be issued with the authenticated identity to access the one or more services and/or resources associated with the service provider environment according to the plurality of policies.
Ebrahimi et al. (US PGPUB. # US 2017/0255805) discloses, software on an image-capturing device iteratively captures a visual code in a series of visual codes displayed in a repeating progression on a screen of a mobile device. The visual code was generated from a display block that resulted from a partition of an original data file into a series of display blocks of at least a specified size. The software converts the visual code back into a display block and reads a header for the display block, discarding the display block if it has already been captured, as determined by the ordered identifying block number in a header. The software stops the iterative capturing when all of the display blocks in the series have been captured, as determined by the count in the header and coalesces the captured display blocks into the original data file, using an order determined by the ordered identifying block numbers.
COSTA FAIDELLA et al. (US PGPUB. # US 2017/0177855) discloses, a method of providing identity services includes: receiving identity data for an individual for which the identity provider has provided an identity; generating a transaction to store an identifier representing the identity data in a data structure on a blockchain of a distributed system; sending the transaction to at least one node of the distributed system; and generating an identity token incorporating the identifier representing the identity data. An embodiment of a method of verifying an identity includes: receiving data extracted from the identity token, wherein the extracted data includes an identifier representing the identity data; determining whether a data structure containing the extracted identifier representing the identity data is stored on a blockchain of a distributed system; and outputting an indication of a validity of an identity associated with the identity data based on the determination.
Lovelock et al. (US PGPUB. # US 2016/0380774) discloses, providing virtualized credentials of a holder includes authorizing a subset of credential data to be sent to a device of a relying party that is different from the holder, where the subset of credential data depends on a role of the relying party, selection by the holder, and/or contextual data of the relying party and includes displaying the subset of credential data on a screen of the device of the relying party. The contextual data may be a privacy level setting, distance between the relying party and the holder, and/or geolocation of the relying party. The role of the relying party may be provided by the relying party. Role information provided by the relying party may be provided in a verifiable format. The role information may be digitally signed or securely derived and determined by a mutual authentication algorithm between the relying party and the holder.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498