DETAILED ACTION
Claims 1, 16-20 and 22-23 are amended.
Claims 10-11 are cancelled.
The objection to claim 1 is withdrawn based on the claim amendments.
The double patenting rejection is withdrawn based on the filed and approved terminal disclaimer.
Claims 1-9 and 12-23 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s Remarks filed on 6/2/2022 have been fully considered however they are moot in view of the new grounds of rejection necessitated by the claim amendments.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 12 and 15-23 are rejected under 35 U.S.C. 103 as being unpatentable over High et al (US Pub.No.2018/0167394) in view of Liebl et al (US Pub. No.2015/0288694) and further in view of Ebrahimi et al (US Pub. No. 2017/0257358).

Re Claim 1. High teaches a system for credential authentication, comprising: an interface configured to: receive a request for authorization to access from an application (i.e. authenticating, by the processor, a receiving device in response to a request from the receiving device to gain access to the locked space) [High, para.0006]; and  a processor configured to: determine a set of credentials that can enable authorization to access; generate a proof request challenge (i.e. controlling access to a locked space may begin at step 301 wherein an access code and a private key are generated by the computing system 120. Step 302 hashes the access code so that a size of the data can be uniform, or a fixed size. Step 303 encrypts the hashes access code with a public key to create a digital signature. The digital signature may be stored on the blockchain, to ensure that the hashed access code is not modified. Step 304 authenticates a receiving device 112 that is requesting permission to access a locked space. Authentication may include accessing the authentication database 113 and/or accessing the publicly distributable transactions ledger 113 (i.e. blockchain). Step 305 transmits the private key and digital signature to authenticated receiving device 112) [High, para.0045, para.0030]; receive a proof response from an authentication device (i.e. The receiving device 112 may then obtain the hashed access code, and then transmit the hashed access code to the computing system 120) [High, para.0046], wherein the proof response comprises a credential of the set of credentials  (i.e. Embodiments of the access code may be text, a song or clip thereof, a book or excerpt thereof, a movie clip, digits, bytes, binary digits, bits, characters, an image, a noise, a biological signature (e.g. biometric of owner of the locked space), DNA sequence, a famous quote, a unique identifier, or any indicia or password or code that is computer readable) [High, para.0030], 
	High does not explicitly disclose whereas Liebl does: wherein the credential is selected from credentials of the set of credentials (i.e. A credential may include one or more encrypted signature entries, scores, factors of authentication, user financial data (e.g., credit card information), and/or data defined by a resource control entity (e.g., user email addresses). A signature entry may be user provided data corresponding to a factor of authentication, which is scored (e.g., based on a scoring policy of a resource control entity) by the credential application. The signature entry and the corresponding score may be added to the credential by the credential application. A factor of authentication may be a specified type of data that must be authenticated as at least a part of a user authentication process. Examples of factors of authentication include, but are not limited to, passwords, pin numbers, responses to secret questions, various motions/gestures, spoken words or phrases, biometric data, and/or image data) [Liebl, para.0021] stored on the authentication device (i.e. a credential is a collection of information stored on a user device (100) by a credential application) [Liebl, para.0020], and wherein the credential indicates at least one of 1) a user of the authentication device is a current employee of a company, 2) the user of the authentication device is employed in an organization of the company, 3) the user of the authentication device is employed in a location of the company, 4) the user of the authentication device has required training, and 5) the user of the authentication device has an outside credential issued by an outside credential issuer (i.e. credential may include, along with one or more signature entries, other user data such as, for example, user identifiers (e.g., one or more usernames, user synonyms, user aliases, etc.), user financial transaction information (e.g., credit card information), ledger cluster synonyms identifying a ledger associated with user data, and/or organizational synonyms related to an organization (e.g., an employer) associated with a user) [Liebl, para.0022];
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High with Liebl because Liebl allows the user to determine the validity of the ledger: send, to the user, a ledger authentication token (LAT), where the credential application uses the LAT to verify that the ledger is a valid ledger [Liebl, para.0004].
 	High further discloses: determine that the proof response is valid based at least in part on information stored in a distributed ledger (i.e. Prior to communicating with the locking mechanism 111 to unlock the locked space, the computing system 120 may access the blockchain to confirm that the hashed access code received from the receiving device matches the hashed access code stored on the blockchain ) [High, para.0046]; 
Although High generates and transmits a signal [High, para.0028], High in view of Liebl does not explicitly disclose: generate a token; and provide the token. However Ebrahimi does teach: generate a token; and provide the token (i.e. a session ID is generated by web server 320, which may be generated in response to the request for the login web page, or may be generated in anticipation of a login request (e.g., such as at a login kiosk). As shown, a factor in the authentication and login process is the use of the session ID, such that the session ID is used throughout the authentication and login process, thereby connecting the devices used in the process. The session ID is associated with a communication session that will be established after successful login of the user. In addition, web data may be generated by the web server 320 to include one or more of the session ID, a timeout for the session ID, URL web address for the web server…………… web server 320 generates a scannable code (e.g., QR code), which includes at least one of the envelope ID, URL of the web server 320, and a login challenge asking whether a login process is further requested. The scannable code is included in the login page……………… the web server delivers the login web page to the first device 310 of the user 5. At operation 420, the first device 310 of user 5 displays the login web page that includes the scannable code, ………………… if the scannable code is able to include the entire data identified in block 405, it may not be necessary to create an envelope and an envelope ID—the scannable code in this case would have the entire data) [Ebrahimi, para.0067-0071].  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Liebl with Ebrahimi because It would be advantageous to have a more secure system and method for managing the identity of users and of identifying users to third parties, such as when performing login or user authentication [Ebrahimi, para.0004].

Re Claims 22 and 23. These claims recite features similar to those recited in claim 1 and therefore they are rejected in a similar manner.

Re Claim 2. High in view of Liebl and Ebrahimi discloses the system of claim 1, High further discloses: wherein generating the proof request challenge is based upon a configured set of proof request challenge rules, wherein the configured set of proof request challenge rules comprise one or more criteria which determine the set of credentials that can enable authorization to access (i.e. The access code may be valid forever or may be valid for a limited time, and may be regenerated after each time the space is accessed. Embodiments of the access code may be text, a song or clip thereof, a book or excerpt thereof, a movie clip, digits, bytes, binary digits, bits, characters, an image, a noise, a biological signature (e.g. biometric of owner of the locked space), DNA sequence, a famous quote, a unique identifier, or any indicia or password or code that is computer readable. The access code may be generated based on an algorithm for outputting random combinations of characters, digits, symbols, etc…) [High, para.0030].  

Re Claim 3. High in view of Liebl and Ebrahimi discloses the system of claim 1, High further discloses: wherein the proof request challenge is provided to a digital identity app (i.e. step 306 instructs the authenticated receiving device 112 to decrypt the digital signature the authenticated using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system 120) [High, para.0046], (i.e. The user defined parameters may be retrieved from a server services an application running on the user's smartphone) [High, para.0030].  

Re Claim 4. High in view of Liebl and Ebrahimi discloses the system of claim 3, Ebrahimi further discloses: wherein the proof request challenge is provided to the digital identity app using a URI that points to the proof request challenge (i.e. At operation 417, the web server delivers the login web page to the first device 310 of the user 5. At operation 420, the first device 310 of user 5 displays the login web page that includes the scannable code,) [Ebrahimi, para.0070], (i.e. For example, the QR code 760 contains a session ID and the URL of the web server 320 requiring a response to a login challenge………..The user scans the QR code 760 to retrieve the referring URL, as well as the session ID. The session ID may be digitally signed by the web server 320 to provide that it was generated by the service provider (e.g., web server 320) that the user intended to interact with. As such, the user can verify the signature using the public key of that service provider. The verification step is optional. Additionally, the QR code may contain other information, including codes that indicate that this is a login request or challenge. In particular, the a first scannable code (e.g., QR code 760) is scanned on a login web page 750 of a web server 320,) [Ebrahimi, para.0103-0104].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 5. High in view of Liebl and Ebrahimi discloses the system of claim 3, High further discloses: wherein the digital identity app is on a mobile device (i.e. The user defined parameters may be retrieved from a server services an application running on the user's smartphone) [High, para.0030].  
  
Re Claim 6. High in view of Liebl and Ebrahimi discloses the system of claim 5, Ebrahimi further discloses: wherein the proof request challenge is provided to the mobile device using a push notification (i.e. causes the browser or portal to send the username entered to its server that then looks up the reference-ID to the user associated with the username. It then sends a request to a server that is able to send direct or vendor specific push notifications to the user's mobile app requesting authentication) [Ebrahimi, para.0095].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 7. High in view of Liebl and Ebrahimi discloses the system of claim 6, Ebrahimi further discloses: wherein the mobile device is identified for the push notification using a secure cookie stored during a previous execution (i.e. If the signature is verified, the web server 320 knows that the user 5 in possession with the private key did indeed sign the session ID (along with the data in the envelope), that was previously generated by the web server 320. That is, the session ID can be trusted.) [Ebrahimi, para.0108-0110].  
The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 8. High in view of Liebl and Ebrahimi discloses the system of claim 5, Ebrahimi further discloses: wherein the proof request challenge is provided to the mobile device using a QR code, which comprises a URI that points to the proof request challenge  (i.e. In particular, web server 320 generates a scannable code (e.g., QR code), which includes at least one of the envelope ID, URL of the web server 320, and a login challenge)[Ebrahimi, para.0069], (i.e. For example, the QR code 760 contains a session ID and the URL of the web server 320 requiring a response to a login challenge) [Ebrahimi, para.0103].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.
  
Re Claim 9. High in view of Liebl and Ebrahimi discloses the system of claim 8, Ebrahimi further discloses: wherein the QR code is scanned by the mobile device to access the proof request challenge (i.e. web server 320 generates a scannable code (e.g., QR code), which includes at least one of the envelope ID, URL of the web server 320, and a login challenge……………………………….. In block 423 various operations are performed, including configuring and/or operating the second device 11 to scan the scannable code. In that manner, the envelope ID can be extracted, and used to access the first envelope of data) [Ebrahimi, para.0069-0071].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 12. High in view of Liebl and Ebrahimi discloses the system of claim 1, High further discloses: wherein the proof response is signed using a private key of an identity key pair (i.e. The access code or the hashed access code may be encrypted with a public key (or private key in some embodiments) to create a digital signature. The private key and the public key may be generated by the encryption module 131 at the same time. The public key and the private key may be generated along with a generation of the access code, or in response to the generation of the access code. Embodiments of the private key and the public key may be cryptographic keys. The private key may be unique to one device, person, account, etc. In one embodiment, the access code or hashed access code may be encrypted with the public key to create a digital signature. In other embodiments, the access code or hashed access code may be encrypted with the private key to create a digital signature) [High, para.0031].  

Re Claim 15. High in view of Liebl and Ebrahimi discloses the system of claim 1, Ebrahimi further discloses: wherein the proof response is encrypted using a per channel key (i.e. By optionally encrypting the package in block 440, the user can ensure that the only entity able to read its response to the login request is the intended Web server and that the package being delivered remains unmodified. The signature of the user in the package can provide the Web server an assurance that this particular user has indeed composed the entire data and response being sent back. Because the data being signed also includes a unique one-time session ID, the protocol ensures that the users' response cannot be re-used for another login session using the users' credentials) [Ebrahimi, para.0074].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 16. High in view of Liebl and Ebrahimi discloses the system of claim 1, Ebrahimi further discloses: wherein determining that the proof response is valid comprises determining that the proof response comprises one or more credentials of the set of credentials (i.e. The user uses his/her mobile application designed to comprehend the contents of the QR code and determines that this is an authentication badge for login. The application presents the user with a question to determine if the user chooses to login and pass his/her credentials. This process may request an additional form of authentication on the mobile device such as a finger thumbprint Id (e.g., touch ID, and/or other biometric identification), or a PIN passcode. Once the user authenticates himself/herself, a message is sent to the server specified in the QR code encoding and the server is able to authenticate the user and allow the user to login on the website……………….the authentication and login process outlined in FIGS. 4A-4D can be modified and/or applied to a use case wherein login to a physical port is performed using a QR code. In particular, a user may wish to gain access to a physical portal such as a door that is locked, enter a gym where he/she has an active membership, or enter company premises. At a point of entry, the user scans a QR code that is electronically generated. The message is sent to the server processing authentication. Once the user is authenticated, the server allows access for the user. If the user is at a physical portal, such a locked door, the server may send an authenticated request to the lock box to have it electronically opened. If the user is at a physical portal guarded by an operator, such as a gym-club staff member, the server may send a message with identifying information such as the person's name that was authenticated, their picture and other information and confirm their authentication so they are allowed access) [Ebrahimi, para.0092-0093.  
	The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 17. High in view of Liebl and Ebrahimi discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises one or more of: determining that the credential is not expired (i.e. wherein the locked space is accessible for a limited time, and when the limited time passes, the private key is no longer valid to gain access to locked space) [High, claim 3], determining that the credential includes a valid signature, and/or determining that a credential decentralized identifier matches a key holder associated with request (i.e. the digital signature represents an encrypted hashed access code……………..the receiving device 112 may transmit the hashed access code to the decryption module 133. The decryption module 133 may compare the received hashed access code to the hashed code stored on the blockchain, and if the received hashed access code is the same as the hashed access code stored on the blockchain, then the computing system 120 may allow access to the locked space) [High, para.0037].  

Re Claim 18. High in view of Liebl and Ebrahimi discloses the system of claim 1, High further discloses: wherein determining that the proof response is valid comprises determining that the credential is not revoked (i.e. a new transaction may be generated on the blockchain that the receiving device gained access to the locked space on the blockchain using the private key. This may prevent the receiving device 112 from using the same hashed code than once in situations where access may be granted for a single time only) [High, para.0033].    

Re Claim 19. High in view of Liebl and Ebrahimi discloses the system of claim 18, High further discloses: wherein determining that the credential of the proof response is not revoked comprises querying a revocation registry of the distributed ledger (i.e. a new transaction may be generated on the blockchain that the receiving device gained access to the locked space on the blockchain using the private key. This may prevent the receiving device 112 from using the same hashed code than once in situations where access may be granted for a single time only. The computing system 120 can treat the hashed access code as one cryptocurrency unit, and when the hashed access code is sent to the computing system 120, the lone cryptocurrency unit is spent. Any attempt to resend the hashed access code will not be successful in gaining access because the computing system 120 will access the blockchain, which by virtue of the distributed ledger, will not issue a consensus that the receiving device 112 has a remaining cryptocurrency to spend on gaining access to a particular locked space) [High, para.0033].      

Re Claim 20. High in view of Liebl and Ebrahimi discloses the system of claim 1, Ebrahimi further discloses: wherein the token authorizes access to the application for the user (i.e. the user……………….can scan a code enabling the application to allow the scanning device to communicate directly with the service provider during the login process)[Ebrahimi, para.0099].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.

Re Claim 21. High in view of Liebl and Ebrahimi discloses the system of claim 1, Ebrahimi further discloses: wherein the processor is further configured to provide a secure cookie for device identification during a future execution (i.e. If the signature is verified, the web server 320 knows that the user 5 in possession with the private key did indeed sign the session ID (along with the data in the envelope), that was previously generated by the web server 320. That is, the session ID can be trusted.) [Ebrahimi, para.0108-0110].  
The motivation to modify with Ebrahimi, as in claim 1, applies.

Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over High in view of Liebl and Ebrahimi as applied to claim 1, and further in view of Lu (US Pub.No.2017/0180128).

Re Claim 13. High in view of Liebl and Ebrahimi discloses the system of claim 12, High in view of Liebl and Ebrahimi does not explicitly disclose whereas Lu does: wherein the private key is decrypted using a mobile encryption key (i.e. the user device may comprise a request agent similar to the one described above and a ciphering agent configured to generate a secret key and to generate an encrypted identity by encrypting the received user's trusted identity with the generated secret key. The ciphering agent is also configured to generate an encrypted key e_K by encrypting the secret key K using a key encryption key) [Lu, para.0076].  
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify High in view of Liebl and Ebrahimi with Lu because there is a need to develop new methods and devices allowing to prevent several people from claiming a same trusted identity [Lu, para.0003].

Re Claim 14. High in view of Liebl and Ebrahimi and Lu discloses the system of claim 13, Ebrahimi further discloses: wherein the mobile encryption key is accessed using a biometric (i.e. The second device 11 is configured to sign the hash value with a private key of the user e.g., producing <signed.hash.userdata>. The signature process may be authorized by the user for example using TouchID) [Ebrahimi, para.0074, see also 0098, Note: signature with an encryption key being authorized only using a TouchID biometric discloses the claimed features].  
	The motivation to modify with Ebrahimi, as in claim 1, applies.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285. The examiner can normally be reached Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434