Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 03/18/2021 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) have been considered by the examiner.

Specification Objections
The specification is objected to for including an inconsistent explanations regarding how the challenge and answer are generated. The disclosure is objected to as explained below: 
The specification states.
FIG. 2 is a flow diagram of a process 200 for verifying that a user is using a device at a pre-specified location from the start time to the end time in accordance with one implementation of the present disclosure. In the illustrated implementation of FIG. 2, a nonce, called a challenge, may be generated, at step 210, in a challenge and answer format, where answer = f(challenge) and f is a non-reversible function, i.e., knowing answer it is computationally hard to guess the challenge. (printed publication of the invention, [0031]) (emphasis added)

However, the specification then states:
[0042] FIG. 6 is a flow diagram of a process 600 for a smart contract "create commitment" to verify that a user is using a device at a pre-specified location from the start time to the end time in accordance with one implementation of the present disclosure. In the illustrated implementation of FIG. 6, a determination is made, at step 610, whether the blockchain has any information about the user identity and the device identity. If it is determined, at step 610, that the blockchain has the information about the user identity and the device identity, two nonces are generated, at step 620. Otherwise, the process 600 is aborted, at step 612. In one implementation, the generated nonces are answer and seed. A challenge may be calculated, at step 630, as challenge=f(seed|answer), wherein f is a secret function. In one implementation, the secret function is SHA256 function. (printed publication of the invention, [0042]) (emphasis added)
In the illustrated implementation of FIG. 9, the process 900 verifies three conditions. For the first condition, a challenge may be calculated, at step 940, as challenge=f(seed|extracted code), wherein the extracted code was generated (at step 854) as commitment information included in the message 120, while the seed was generated (at step 640) as a new commitment. In one implementation, the function f is SHA256 function. … (printed publication of the invention, [0052]) (emphasis added)

The examiner has interpreted the claims in accordance with the explanation provided in paragraphs [0042] and [0052] of the printed publication of the invention, included above. This explanation includes generating the challenge based on a function (e.g., SHA256)
Appropriate correction to the specification is required.

Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 8 and 17 are rejected for including the indefinite term “substantially,” which is not further described in the specification. Appropriate correction is required. 
Claims 19-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 19 includes an antecedent basis issue. Claim 19 recites:
a public key and a private key of the device for encryption and decryption that are stored in the device and in the blockchain;
…
a scheduler to generate a visual code of the device to carry an answer to the challenge, to encrypt the generated visual code with the public key of the device, wherein the encrypted visual code may only be decrypted with a private key of the device, and to store the encrypted visual code in the blockchain. (emphasis added)

Claim 19 recites “a private key the device” twice, and is therefore confusing and includes incorrect antecedent basis. The examiner will interpret claim 19 in accordance with the second instance of “a private key of the device” instead reciting “the private key of the device.” Appropriate correction is required.
Claim 20 is rejected based on its dependency from claim 19.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over US 2021/0119764 to Meghji (hereinafter Meghji), in view of US 2021/0042743 to Green et al. (hereinafter Green), and further in view of US 2021/0314139 to Zhang et al. (hereinafter Zhang).
Regarding claim 1, Meghji teaches the following features,
A method for verifying that a user is using a device at a pre-specified location between a start time and an end time, the method comprising:
Meghji teaches in fig. 1 a client device 170 (“device”) that communicates with a mobile device 110-2 (see “mobile device” of claim 4). (Meghji, [0057] and fig. 1) Meghji also teaches the access management system 185 (for an event provider 115) can identify an event, a parameter of attending the event, a date or dates of the event, a location or locations of the event (“a pre-specified location between a start time and an end time”). (Meghji, second to last sentence [0041]) (emphasis added)
The examiner notes that Meghji uses the terms “event” and “resource” interchangeably, and that the “access code” of Meghji, which includes visual / graphic codes, are used to enter the event / resource. (Meghji, second sentence [0037])
The examiner notes, that the specification describes a “blockchain” that communicates with a “device” that displays a “visual code” to a “mobile device” (see claim 4) for the purpose of allowing a user to access the resources associated with the “device.” ([0003] and [0006] of the printed publication of the invention)
Meghji fails to teach the following,
calculating a challenge and an answer that is a function of the challenge;
The printed publication of the invention teaches that challenge may be calculated, at step 630, as challenge = f (seed|answer), wherein f is a secret function, using SHA256 (i.e., hash function).  (printed publication of invention, [0042]]) Additionally, the printed publication of the invention teaches that challenge = f (seed|extracted code), thus, the answer may be the “extracted code” (visual code). (printed publication of the invention, [0052]) Thus, the “answer” corresponds to the “visual code.”
However, Green teaches the above recited features,
Green teaches a hash (“challenge”) of the terminal information (“answer”), which is information included in the visual code, and the hash of the terminal information is performed by the terminal (“device”). (Green, sixth sentence of [0045])
For the purpose of background, as further discussed below. Green teaches terminal information, such as a terminal detail record, can be provided to user device 200 (“mobile device” of claim 4) via a visual code displayed by terminal 212 (“device”). (Green, third sentence of [0045]) 
Meghji also teaches the following, except for the underlined portions,
generating and storing in a blockchain, a commitment including an identity of the user, an identity of the device, the pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device, and the calculated challenge;
Meghji teaches one ledger of the distributed ledgers is updated after an entry event is detected at a single ACL device, the remaining ACL devices may automatically update their corresponding ledger (“commitment”) in response to the detected entry event without needing to access a central server. (Meghji, second half [0014]) The examiner interprets the updating of data on the blockchain, including the load data 1020 (discussed below), as corresponding to “a commitment.”
Meghji teaches that load data 1020 can include an identification of the user device (“identity of the device”) or corresponding information, such as a name (“identity of the user”), email, profile, device identifier (“identity of the device”) or phone number of a corresponding user. (Meghji, last two sentences [0213]) (emphasis added) Meghji then teaches that the load management system 1140, which includes load data 1020, may be part of the distributed ledger (i.e., blockchain system 1150). (Meghji, [0225]) Thus, the load data 1020 is generated and stored in the blockchain. 
Meghji teaches access right slots to identify time and location of when a resource is available (“pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device”). (Meghji, [0210]) (emphasis added)  Additionally, as discussed below, the access code is stored in the blockchain which is associated with the resource / event at a specific time and place.
As stated above, Meghji fails to teach the above underlined portions,
However, Zhang teaches the above underlined portions,
Zhang teaches a hash value (“calculated challenge”) of the information stored in a block of the blockchain. The hash value (“calculated challenge”) may itself be stored in the blockchain. (Zhang, [0110])
Additionally, Zhang teaches a newly created block 450 may broadcast  to the blockchain peers of the blockchain network for validation and commitment (“generating and storing in a blockchain, a commitment”) to their respective blockchain ledgers. (Zhang, last sentence [0076]) (emphasis added)
Meghji teaches the following features, except the underlined features,
generating a visual code of the device to carry the answer;
As stated above, regarding the “challenge” and “answer,” the invention describes the “answer” as being based on the visual code. Thus, the “visual code” corresponds to the “answer.”
Meghji teaches that ACL device (“device”) which retrieves data from another device (see “mobile device” of claim 4) using optical scanning (“generating a visual code”) or short-range radio communication (e.g., Bluetooth, Zigbee, NFC, RFID, etc.). (Meghji, fourth from last sentence [0006]) (emphasis added) Meghji also teaches a unique access-enabling code (e.g., a barcode) (“visual code”) that is later scanned to grant access to a resource / event). (Meghji, first two sentences [0037])  
However, Meghji does not teach the “device” displaying the code, but instead teaches a mobile device that displays the visual code the “device.”
However, Green teaches the above underlined feature of, 
Green teaches a user device (“mobile device” of claim 4) capturing a visual code [when the user device is located] at a terminal (“device”) for authentication. (Green, Abstract) Green also teaches terminal information, such as a terminal detail record, can be provided to user device 200 (“mobile device” of claim 4) via a visual code displayed by terminal 212 (“generating a visual code of the device”). (Green, 3rd sentence of [0045]) 
Green teaches a hash (“challenge”) of the terminal information (“answer”), which is information included in the visual code, and the hash of the terminal information is performed by the terminal (“device”). (Green, sixth sentence of [0045])
Meghji teaches the following features,
encrypting the generated visual code with a public key of the device, wherein the encrypted visual code may only be decrypted with a private key of the device; and
Meghji teaches “access code encryption engine 1230 may use the access code as input into a key derivation function to generate a resource-specific key pair, which includes a resource-specific private key(“may only be decrypted with a private key of the device”), from which a resource-specific public key is derived. The resource-specific public key (“generated visual code with a public key of the device”) can be used to encrypt the access code (“visual code”).” (Meghji, second half [0235])
storing the encrypted visual code in the blockchain.
Meghji also teaches that the encrypted access code (“visual code”) (encrypted by access code encryption engine 1230) representing the user's access right may be stored in a distributed ledger (“storing the encrypted visual code in the blockchain”) represented across blockchain system 1150.  (Meghji, [0236], see also [0006])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Green, which teaches a mobile device reading a visual code from a client / terminal, where the visual code is used for authentication, where the exchange of information includes a hash to verify authenticity. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to have a device (client) display a code to a personal device (mobile device) for the purpose of authentication and the use of a hash to verify authenticity, as taught in Green.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Zhang, which teaches a blockchain that stores a hash (“calculated challenge”) for the purpose of confirming the authenticity of data in the blockchain. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to store authenticity information in the blockchain. 

Regarding claim 2, Meghji teaches the following,
The method of claim 1, further comprising
transferring the encrypted visual code to the device.
Meghji teaches that each ACL device (“device”) may serve as a blockchain node storing and updating the ledger. Thus, as described in greater detail below, the ACL devices can securely receive (“transferring”) a resource-specific private key that can be used to decode the encrypted access codes (“encrypted visual code”) stored on the distributed ledger. (Meghji, last third of [0006])
Thus, the ACL device (“device”) receives the encrypted access code (“encrypted visual code”) from the distributed ledger. The examiner notes, as described above, that the access codes may be visual codes, as evidenced by the teaching of Meghji that an access (enabling) code may be a barcode (“visual code”). (Meghji, third sentence [0003], and second sentence [0037])   

Regarding claim 3, Meghji teaches the following,
The method of claim 1, further comprising:
decrypting the encrypted visual code using the private key of the device; and
Meghji teaches that each ACL device (“device”) may serve as a blockchain node storing and updating the ledger. Thus, as described in greater detail below, the ACL devices can securely receive a resource-specific private key (“private key of the device”) that can be used to decode (“decrypting … ”) the encrypted access codes (“… the encrypted visual code”) stored on the distributed ledger. (Meghji, last third of [0006])
Thus, encrypted access code (“encrypted visual code”) is decrypted using a private key of the device. The examiner notes, as described above, that the access codes may be visual codes, as evidenced by the teaching of Meghji that an access (enabling) code may be a barcode (“visual code”). (Meghji, third sentence [0003], and second sentence [0037])   
However, Meghji fails to teach the following,
displaying an image of the visual code on a display.
Green teaches the above features,
Green teaches a user device (“mobile device” of claim 4) capturing a visual code [when the user device is located] at a terminal (“device”) for authentication. (Green, Abstract) 
Green teaches terminal information, such as a terminal detail record, can be provided to (“displaying an image of the visual code on a display” of the device) user device 200 (“mobile device”) via a visual code displayed by terminal 212 (“device”). (Green, 3rd sentence of [0045]) 

Regarding claim 4, Green teaches the following,
The method of claim 3, further comprising:
capturing the image of the visual code using a mobile device; and
Green teaches a user device (“mobile device” of claim 4) capturing a visual code (“capturing the image of the visual code”) [when the user device is located] at a terminal (“device”) for authentication. (Green, Abstract)
Green teaches terminal information, such as a terminal detail record, can be provided to (“capturing an image”) user device 200 (“using a mobile device”) via a visual code displayed by terminal 212 (“device”). (Green, 3rd sentence of [0045]) 
extracting the visual code.
Green teaches “the visual code can be scanned … In such cases, the terminal detail record, including the terminal parameters (“extracting the visual code”), can be provided to the user device.”

Regarding claim 5, Meghji teaches the following,
The method of claim 4, further comprising:
generating, by the mobile device, a message including the commitment with a location of the mobile device, the identity of the device obtained from the extracted visual code, and a current time; and
Meghji teaches after a predefined time period, such as within a defined period from a resource time; and/or when a user device 1026 crosses a geofence (“location”) corresponding to a resource, and/or when a user device 1026 receives input or a site-controller request indicating that access data is to be transmitted to a nearby site controller), user device 1026 may retrieve the first access code data and transmit it (e.g., via a short-range communication) to a first site controller 712a. (Meghji, [0221])
signing the message with a private key of the user to generate a signature.
Meghji teaches “the present disclosure envisions the use a signed message to authenticate that the access-right holder (“mobile device”) is in possession of a specific cryptographic account or private key, which is known to the access-right system that is managing the resource. Digitally signing a message is a technique for authenticating a document or digital message. Further, signing a message can be used as a form of proof that the sender of a signed message is in possession of the private key associated with the access-right holder (“private key of the user to generate a signature”) (more specifically, associated with the anonymous address representing the access-right holder). As a non-limiting example, a native application or an SDK running on an access-right holder's smartphone can be configured to digitally sign a payload (e.g., any message) with the access-right holder's private key. Then, when the access-right holder (“mobile device”) arrives at the resource, the ACL device (“device) located at the entry gate can retrieve the access-right holder's public key from the access-right holder's smartphone. The ACL device can use the access-right holder's public key to verify the signed payload (“message”) (e.g., determine whether the access-right holder's smartphone contains the access-right holder's private key).” (Meghji, starting fourth sentence of [0012]) (emphasis added)

Regarding claim 6, Meghji teaches the following,
The method of claim 5, further comprising
verifying the commitment when the message is received and the signature matches a public key of the user.
Meghji teaches one ledger of the distributed ledgers is updated after an entry event is detected at a single ACL device, the remaining ACL devices may automatically update their corresponding ledger (“verifying the commitment”) in response to the detected entry event without needing to access a central server. (Meghji, second half [0014])
Meghji, as discussed above in the rejection of claim 6, teaches “verify the signed payload (“message”)”, which corresponds to the above features (“the signature matches a public key of the user.”). (Meghji, middle of [0012])

Regarding claim 7, Green teaches the following,
The method of claim 5, further comprising
verifying the commitment when the message is received and a value of the extract visual code matches the calculated challenge.
Green teaches verification engine 208 that is in a user device 200 of fig. 2. The verification engine uses a hash (“challenge”). Specifically, Green further teaches “Verification engine 208 can also verify the authenticity of the information by generating a hash value for the terminal information and comparing it to a hash received via the visual code provided by terminal 212.” (Green, sixth sentence [0045])

Regarding claim 8, Meghji teaches the following,
The method of claim 5, further comprising
verifying the commitment when the message is received and the pre-specified location is substantially equal to the location of the mobile device.
Meghji teaches one ledger of the distributed ledgers is updated after an entry event is detected at a single ACL device, the remaining ACL devices may automatically update their corresponding ledger (“verifying the commitment”) in response to the detected entry event without needing to access a central server. (Meghji, second half [0014])
Meghji teaches access right slots to identify time and location of when a resource is available. (Meghji, [0210])
Meghji also teaches a mobile device 110 (“mobile device”) can transmit data (“message”) corresponding to the access right (e.g., an access-enabling code) to a client device (“device”) upon, for example, detecting the client device, detecting that a location of the mobile device 110 is within a prescribed geographical region (“the pre-specified location is substantially equal to the location of the mobile device”). (Meghji, second sentence [0051])

Regarding claim 9, Meghji teaches the following,
The method of claim 5, further comprising
verifying the commitment when the message is received and the current time is within a time slot bounded by the start time and the end time.
Meghji teaches access right slots to identify time and location of when a resource is available. (Meghji, [0210])
Meghji also teaches mobile device 110 (“mobile device”) can also communicate with one or more client devices, such as a client agent device 170 (“device”) operated by a client agent 175, a client register 160 or a client point device 165 using a wired or wireless connection. In addition, using the access management system 185, an event provider 115 can identify an event, a parameter of attending the event, a date or dates (“time slot bounded by the start time and the end time”) of the event, a location or locations of the event, etc. (Meghji, middle of [0041])

Regarding claim 10, Meghji teaches the following,
A non-transitory computer-readable storage medium storing a computer program to verify that a user is using a device at a pre-specified location between a start time and an end time, the computer program comprising executable instructions that cause a computer to:
Meghji teaches in fig. 1 a client device 170 (“device”) that communicates with a mobile device 110-2 (see “mobile device” of claim 4). (Meghji, [0057] and fig. 1) Meghji also teaches the access management system 185 (for an event provider 115) can identify an event, a parameter of attending the event, a date or dates of the event, a location or locations of the event (“a pre-specified location between a start time and an end time”). (Meghji, second to last sentence [0041]) (emphasis added)
The examiner notes that Meghji uses the terms “event” and “resource” interchangeably, and that the “access code” of Meghji, which includes visual / graphic codes, are used to enter the event / resource. (Meghji, second sentence [0037])
The examiner notes, that the specification describes a “blockchain” that communicates with a “device” that displays a “visual code” to a “mobile device” (see claim 4) for the purpose of allowing a user to access the resources associated with the “device.” ([0003] and [0006] of the printed publication of the invention)
Meghji fails to teach the following,
calculate a challenge and an answer that is a function of the challenge;
The printed publication of the invention teaches that challenge may be calculated, at step 630, as challenge = f (seed|answer), wherein f is a secret function, using SHA256 (i.e., hash function).  (printed publication of invention, [0042]]) Additionally, the printed publication of the invention teaches that challenge = f (seed|extracted code), thus, the answer may be the “extracted code” (visual code). (printed publication of the invention, [0052]) Thus, the “answer” corresponds to the “visual code.”
However, Green teaches the above recited features,
Green teaches a hash (“challenge”) of the terminal information (“answer”), which is information included in the visual code, and the hash of the terminal information is performed by the terminal (“device”). (Green, sixth sentence of [0045])
For the purpose of background, as further discussed below. Green teaches terminal information, such as a terminal detail record, can be provided to user device 200 (“mobile device” of claim 4) via a visual code displayed by terminal 212 (“device”). (Green, third sentence of [0045]) 
Meghji also teaches the following, except for the underlined portions,
generate and store in a blockchain, a commitment including an identity of the user, an identity of the device, the pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device, and the calculated challenge;
Meghji teaches one ledger of the distributed ledgers is updated after an entry event is detected at a single ACL device, the remaining ACL devices may automatically update their corresponding ledger (“commitment”) in response to the detected entry event without needing to access a central server. (Meghji, second half [0014]) The examiner interprets the updating of data on the blockchain, including the load data 1020 (discussed below), as corresponding to “a commitment.”
Meghji teaches that load data 1020 can include an identification of the user device (“identity of the device”) or corresponding information, such as a name (“identity of the user”), email, profile, device identifier (“identity of the device”) or phone number of a corresponding user. (Meghji, last two sentences [0213]) (emphasis added) Meghji then teaches that the load management system 1140, which includes load data 1020, may be part of the distributed ledger (i.e., blockchain system 1150). (Meghji, [0225]) Thus, the load data 1020 is generated and stored in the blockchain. 
Meghji teaches access right slots to identify time and location of when a resource is available (“pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device”). (Meghji, [0210]) (emphasis added)  Additionally, as discussed below, the access code is stored in the blockchain which is associated with the resource / event at a specific time and place.
As stated above, Meghji fails to teach the above underlined portions,
However, Zhang teaches the above underlined portions,
Zhang teaches a hash value (“calculated challenge”) of the information stored in a block of the blockchain. The hash value (“calculated challenge”) may itself be stored in the blockchain. (Zhang, [0110])
Additionally, Zhang teaches a newly created block 450 may broadcast  to the blockchain peers of the blockchain network for validation and commitment (“generating and storing in a blockchain, a commitment”) to their respective blockchain ledgers. (Zhang, last sentence [0076]) (emphasis added)
Meghji teaches the following features, except the underlined features,
generate a visual code of the device to carry the answer;
As stated above, regarding the “challenge” and “answer,” the invention describes the “answer” as being based on the visual code. Thus, the “visual code” corresponds to the “answer.”
Meghji teaches that ACL device (“device”) which retrieves data from another device (see “mobile device” of claim 4) using optical scanning (“generating a visual code”) or short-range radio communication (e.g., Bluetooth, Zigbee, NFC, RFID, etc.). (Meghji, fourth from last sentence [0006]) (emphasis added) Meghji also teaches a unique access-enabling code (e.g., a barcode) (“visual code”) that is later scanned to grant access to a resource / event). (Meghji, first two sentences [0037])  
However, Meghji does not teach the “device” displaying the code, but instead teaches a mobile device that displays the visual code the “device.”
However, Green teaches the above underlined feature of, 
Green teaches a user device (“mobile device” of claim 4) capturing a visual code [when the user device is located] at a terminal (“device”) for authentication. (Green, Abstract) Green also teaches terminal information, such as a terminal detail record, can be provided to user device 200 (“mobile device” of claim 4) via a visual code displayed by terminal 212 (“generating a visual code of the device”). (Green, 3rd sentence of [0045]) 
Green teaches a hash (“challenge”) of the terminal information (“answer”), which is information included in the visual code, and the hash of the terminal information is performed by the terminal (“device”). (Green, sixth sentence of [0045])
Meghji teaches the following features,
encrypt the generated visual code with a public key of the device, wherein the encrypted visual code may only be decrypted with a private key of the device; and
Meghji teaches “access code encryption engine 1230 may use the access code as input into a key derivation function to generate a resource-specific key pair, which includes a resource-specific private key(“may only be decrypted with a private key of the device”), from which a resource-specific public key is derived. The resource-specific public key (“generated visual code with a public key of the device”) can be used to encrypt the access code (“visual code”).” (Meghji, second half [0235])
store the encrypted visual code in the blockchain.
Meghji also teaches that the encrypted access code (“visual code”) (encrypted by access code encryption engine 1230) representing the user's access right may be stored in a distributed ledger (“storing the encrypted visual code in the blockchain”) represented across blockchain system 1150.  (Meghji, [0236], see also [0006])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Green, which teaches a mobile device reading a visual code from a client / terminal, where the visual code is used for authentication, where the exchange of information includes a hash to verify authenticity. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to have a device (client) display a code to a personal device (mobile device) for the purpose of authentication and the use of a hash to verify authenticity, as taught in Green.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Zhang, which teaches a blockchain that stores a hash (“calculated challenge”) for the purpose of confirming the authenticity of data in the blockchain. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to store authenticity information in the blockchain. 

Regarding claim 11, Meghji teaches the following,
The non-transitory computer-readable storage medium of claim 10, further comprising executable instructions that cause a computer to
transfer the encrypted visual code to the device.
Claim 11 is rejected using the same basis of arguments used to reject claim 2 above.

Regarding claim 12, Meghji and Green teach the following,
The non-transitory computer-readable storage medium of claim 10, further comprising executable instructions that cause a computer to:
decrypt the encrypted visual code using the private key of the device; and
display an image of the visual code on a display.
Claim 12 is rejected using the same basis of arguments used to reject claim 3 above.

Regarding claim 13, Green teaches the following,
The non-transitory computer-readable storage medium of claim 12, further comprising executable instructions that cause a computer to:
capture the image of the visual code using a mobile device; and
extract the visual code.
Claim 13 is rejected using the same basis of arguments used to reject claim 4 above.

Regarding claim 14, Meghji teaches the following,
The non-transitory computer-readable storage medium of claim 13, further comprising executable instructions that cause a computer to:
generate a message including the commitment with a location of the mobile device, the identity of the device obtained from the extracted visual code, and a current time; and
sign the message with a private key of the user to generate a signature.
Claim 14 is rejected using the same basis of arguments used to reject claim 5 above.

Regarding claim 15, Meghji teaches the following,
The non-transitory computer-readable storage medium of claim 14, further comprising executable instructions that cause a computer to
verify the commitment when the message is received and the signature matches a public key of the user.
Claim 15 is rejected using the same basis of arguments used to reject claim 6 above.

Regarding claim 16, Green teaches the following,
The non-transitory computer-readable storage medium of claim 14, further comprising executable instructions that cause a computer to
verify the commitment when the message is received and a value of the extract visual code matches the calculated challenge.
Claim  16 is rejected using the same basis of arguments used to reject claim 7 above.

Regarding claim 17, Meghji teaches the following,
The method of claim 14, further comprising executable instructions that cause a computer to
verify the commitment when the message is received and the pre-specified location is substantially equal to the location of the mobile device.
Claim 17 is rejected using the same basis of arguments used to reject claim 8 above.

Regarding claim 18, Meghji teaches the following,
The non-transitory computer-readable storage medium of claim 14, further comprising executable instructions that cause a computer to
verify the commitment when the message is received and the current time is within a time slot bounded by the start time and the end time.
Claim 18 is rejected using the same basis of arguments used to reject claim 9 above.

Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Meghji, in view of Green, in view of Zhang, and further in view of US 2020/0145198 to Guan et al. (hereinafter Guan).
Regarding claim 19, Meghji teaches the following,
A system for verifying that a user is using a device at a pre-specified location between a start time and an end time, the system comprising:
Meghji teaches in fig. 1 a client device 170 (“device”) that communicates with a mobile device 110-2 (see “mobile device” of claim 4). (Meghji, [0057] and fig. 1) Meghji also teaches the access management system 185 (for an event provider 115) can identify an event, a parameter of attending the event, a date or dates of the event, a location or locations of the event (“a pre-specified location between a start time and an end time”). (Meghji, second to last sentence [0041]) (emphasis added)
The examiner notes that Meghji uses the terms “event” and “resource” interchangeably, and that the “access code” of Meghji, which includes visual / graphic codes, are used to enter the event / resource. (Meghji, second sentence [0037])
The examiner notes, that the specification describes a “blockchain” that communicates with a “device” that displays a “visual code” to a “mobile device” (see claim 4) for the purpose of allowing a user to access the resources associated with the “device.” ([0003] and [0006] of the printed publication of the invention)
a blockchain;
Meghji teaches systems and methods for securing access rights to resources using cryptography and the blockchain. (Meghji, Title) (emphasis added)
a device to be authenticated, wherein the device accesses the blockchain through a network connection,
Meghji teaches the use of a public network that provides communication between the ACL device (“device”), where every ACL may be a node in the blockchain. (Meghji, last three sentences [0006])
Meghji also teaches the following, except for the underlined portions,
wherein the blockchain stores a commitment including an identity of the device to authenticate, an identity of a user of the device, a pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device, and a challenge;
Meghji teaches one ledger of the distributed ledgers is updated after an entry event is detected at a single ACL device, the remaining ACL devices may automatically update their corresponding ledger (“commitment”) in response to the detected entry event without needing to access a central server. (Meghji, second half [0014]) The examiner interprets the updating of data on the blockchain, including the load data 1020 (discussed below), as corresponding to “a commitment.”
Meghji teaches that load data 1020 can include an identification of the user device (“identity of the device”) or corresponding information, such as a name (“identity of the user”), email, profile, device identifier (“identity of the device”) or phone number of a corresponding user. (Meghji, last two sentences [0213]) (emphasis added) Meghji then teaches that the load management system 1140, which includes load data 1020, may be part of the distributed ledger (i.e., blockchain system 1150). (Meghji, [0225]) Thus, the load data 1020 is generated and stored in the blockchain. 
Meghji teaches access right slots to identify time and location of when a resource is available (“pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device”). (Meghji, [0210]) (emphasis added)  Additionally, as discussed below, the access code is stored in the blockchain which is associated with the resource / event at a specific time and place.
As stated above, Meghji fails to teach the above underlined portions,
However, Zhang teaches the above underlined portions,
Zhang teaches a hash value (“calculated challenge”) of the information stored in a block of the blockchain. The hash value (“calculated challenge”) may itself be stored in the blockchain. (Zhang, [0110])
Additionally, Zhang teaches a newly created block 450 may broadcast  to the blockchain peers of the blockchain network for validation and commitment (“generating and storing in a blockchain, a commitment”) to their respective blockchain ledgers. (Zhang, last sentence [0076]) (emphasis added)
Meghji teaches the following features, 
a public key and a private key of the device for encryption and decryption that are stored in the device and in the blockchain;
Meghji teaches “access code encryption engine 1230 may use the access code as input into a key derivation function to generate a resource-specific key pair, which includes a resource-specific private key (“private key of the device”), from which a resource-specific public key is derived. The resource-specific public key (“a public key of the device”) can be used to encrypt the access code.” (Meghji, second half [0235])
Meghji teaches CL devices can securely receive a resource-specific private key that can be used to decode the encrypted access codes stored on the distributed ledger. (Meghji, [0007]) 
Meghji also teaches ACL scanner will have already downloaded the resource-specific key pair from a secure keystore server and synchronized the latest distributed ledger.
Meghji fails to teach the following,
a public key and a private key of the user for encryption and decryption that are stored in the blockchain; and
However, Guan teaches the above features,
Guan teaches creating the plurality of blockchain addresses respectively in association with the one or more local accounts further comprises: for each of the plurality of blockchain addresses, storing the encrypted private key in a Key Management System (KMS). (Guan, [0019]) Guan further teaches creating the plurality of blockchain addresses respectively in the one or more blockchains, in association with the one or more local accounts and the plurality of public keys of the plurality of public-private key pairs further comprises: for each of the plurality of blockchain addresses, storing the encrypted private key in a Key Management System (KMS). (Guan. Claim 4) Thus, Guan teaches storing multiple key pair in a blockchain, such as public and private keys of a user and keys of a device.
Meghji teaches the following features, except the underlined features,
a scheduler to generate a visual code of the device to carry an answer to the challenge, … 
As stated above, regarding the “challenge” and “answer,” the invention describes the “answer” as being based on the visual code. Thus, the “visual code” corresponds to the “answer.”
Meghji teaches that ACL device (“device”) which retrieves data from another device (see “mobile device” of claim 4) using optical scanning (“generating a visual code”) or short-range radio communication (e.g., Bluetooth, Zigbee, NFC, RFID, etc.). (Meghji, fourth from last sentence [0006]) (emphasis added) Meghji also teaches a unique access-enabling code (e.g., a barcode) (“visual code”) that is later scanned to grant access to a resource / event). (Meghji, first two sentences [0037])  
However, Meghji does not teach the “device” displaying the code, but instead teaches a mobile device that displays the visual code the “device.”
However, Green teaches the above underlined feature of, 
Green teaches a user device (“mobile device” of claim 4) capturing a visual code [when the user device is located] at a terminal (“device”) for authentication. (Green, Abstract) Green also teaches terminal information, such as a terminal detail record, can be provided to user device 200 (“mobile device” of claim 4) via a visual code displayed by terminal 212 (“generating a visual code of the device”). (Green, 3rd sentence of [0045]) 
Green teaches a hash (“challenge”) of the terminal information (“answer”), which is information included in the visual code, and the hash of the terminal information is performed by the terminal (“device”). (Green, sixth sentence of [0045])
Meghji teaches the following features,
… to encrypt the generated visual code with the public key of the device, wherein the encrypted visual code may only be decrypted with a private key of the device, and … 
Meghji teaches “access code encryption engine 1230 may use the access code as input into a key derivation function to generate a resource-specific key pair, which includes a resource-specific private key(“may only be decrypted with a private key of the device”), from which a resource-specific public key is derived. The resource-specific public key (“generated visual code with a public key of the device”) can be used to encrypt the access code (“visual code”).” (Meghji, second half [0235])
to store the encrypted visual code in the blockchain.
Meghji also teaches that the encrypted access code (“visual code”) (encrypted by access code encryption engine 1230) representing the user's access right may be stored in a distributed ledger (“storing the encrypted visual code in the blockchain”) represented across blockchain system 1150.  (Meghji, [0236], see also [0006])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Zhang, which teaches a blockchain that stores a hash (“calculated challenge”) for the purpose of confirming the authenticity of data in the blockchain. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to store authenticity information in the blockchain. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Green, which teaches a mobile device reading a visual code from a client / terminal, where the visual code is used for authentication, where the exchange of information includes a hash to verify authenticity. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to have a device (client) display a code to a personal device (mobile device) for the purpose of authentication and the use of a hash to verify authenticity, as taught in Green.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Meghji, which teaches a visual code, which is stored in a blockchain, that includes information used for authentication,  with Guan, which teaches storing multiple public-private key pairs in a blockchain. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to the system of Meghji to store multiple public-private key pairs in a blockchain for added security.

Regarding claim 20, Meghji and Green teach the following,
The system of claim 19, further comprising
a mobile device to capture an image of a decrypted visual code and …
This is similar to the rejection of claim 4.
Green teaches a user device (“mobile device” of claim 4) capturing a visual code (“capturing the image of the visual code”) [when the user device is located] at a terminal (“device”) for authentication. (Green, Abstract)
Green teaches terminal information, such as a terminal detail record, can be provided to (“capturing an image”) user device 200 (“using a mobile device”) via a visual code displayed by terminal 212 (“device”). (Green, 3rd sentence of [0045]) 
…. generate a message including the commitment with a location of the mobile device, the identity of the device obtained from the extracted visual code, and a current time.
Meghji teaches after a predefined time period, such as within a defined period from a resource time; and/or when a user device 1026 crosses a geofence corresponding to a resource, and/or when a user device 1026 receives input or a site-controller request indicating that access data is to be transmitted to a nearby site controller), user device 1026 may retrieve the first access code data and transmit it (e.g., via a short-range communication) to a first site controller 712a. (Meghji, [0221])

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495