Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 06/22/2021 and 12/30/2021 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) have been considered by the examiner.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7, 9, 11-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2020/0127847 to Yang et al. (hereinafter Yang) in view of US 11,146,552 to Ferenczi (hereinafter Ferenczi) (hereinafter Ferenczi). 
Regarding claim 1, Yang teaches,
A method for verifying digital identity, executed by a decentralized identity (DID) wallet , the method comprising: 
Yang teaches that an ecosystem for decentralized identity management (“DID wallet”) that may provide unique and verifiable identities to entities. (Yang, first sentence [0048])
Yang teaches a method for authenticating a decentralized identifier using DID authentication services. (Yang, first sentence [0082] describing fig. 7)
acquiring target login information of a target verifier, in response to a login operation of a target user on the target verifier; 
Yang in fig. 5 teaches a verifier agent 413 and verifier application 532 (“target verifier”) that interact with each other. (Yang, second half [0078])
Yang teaches at step 702, the verifier 532 (“target verifier”) may obtain the DID provided by a purported owner. (Yang, second sentence [0083]) The examiner interprets the providing of the DID to the verifier 532 necessarily requires that information regarding the location / address (“target login information of a target verifier”) of the verifier 532 be acquired in order to provide the DID to the verifier 532.    
Yang also teaches that fig. 7, illustrates a method for authenticating a decentralized identifier using DID authentication services (i.e., login operations) in accordance with some embodiments. (Yang, first sentence [0082])
Yang teaches the following, except for the underlined portions,
sending, based on the target login information, a login request including a target user DID of a target user to the target verifier, to authorize the target verifier to acquire a target claim of the target user from an identity hub of the target user and verify the target user DID and the target claim; and 
As stated above, Yang teaches at step 702, the verifier 532 may obtain the DID provided by a purported owner (“sending, … , a login request including a target user DID of a target user to the target verifier”). (Yang, second sentence [0083] describing fig. 7)
Yang in fig. 5 teaches a user agent 411, a verifiable data registry 521 and DID hub 522 (“identity hub”) that stores Verifiable Claims (VC) (“target claim”). The owner may grant certain other entities (e.g., institutions issuing verifiable claims) access to data stored in the DID hub 522 (Yang, first half [0077])   
Yang teaches that verifier application 532 (“target verifier”) may correspond to an entity (e.g., service provider, credit issuer) needing to verify verifiable claims (“to authorize the target verifier to acquire a target claim of the target user … and verify … the target claim.”) to ascertain a user's information (e.g., identity, age, credit score). (Yang, middle [0078] describing fig. 5)
Yang also teaches verifier 532 (e.g., a service provider needing to verify information of a customer) may initiate a DID authentication process (“and verify the target user DID”) using an SDK 312. (Yang, first sentence [0083])
However, Ferenczi teaches the above underlined features,
Ferenczi teaches a hosted application 119 (“target verifier”) that verifies the authenticity of a user. (Ferenczi, Col. 3, lines 34-36 (16) and fig. 1)
Ferenczi then teaches the identity hub 110 (“identity hub”) providing identity keys 159 (“user DID”) to the hosted application 119 (“target verifier”). (Ferenczi, Col. 8, lines 31-40 (40) and fig. 1) Ferenczi teaches that the identity key 159 is a decentralized identifier (DID). (Ferenczi, Col. 5, lines 23-30 (23-24))
Ferenczi then teaches that the verified claims 173 [in the identity hub of fig. 1] (“target claim”) is provided to the hosted application 119 (“target verifier”). (Ferenczi, Col. 8, lines 41-47 (41))
Similarly, Yang also teaches that a request, it may be fed to a user agent 411 (“identity hub”) for performing operations such as creation and authentication of DIDs or an issue agent 412 for performing operations such as issuance of VCs. The requests from a party desiring to verify a VC may be fed to the verifier agent 413 (“target verifier”). (Yang, [0073]) (emphasis added) 
Yang teaches the following,
logging in to the target verifier using the target user DID, in response to the target user DID and the target claim passing the verification.
	Yang teaches if the response is determined to be correct, the SDK 312 may return a message to the verifier 532 (“target verifier”) indicating the DID is a valid proof of identity of the user (“logging in to the target verifier using the target user DID”) at step 732. At step 734, the verifier 532 may notify the user as to the validity of the DID. (Yang, last two sentences of [0084])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, with Ferenczi,  which also teaches an address of an identifier hub that may be used to specify data and to provide identity keys (DIDs) to a verifier. One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to use an address of an identifier hub that may be used to specify data and to provide identity keys (DIDs) to a verifier.

	Regarding claim 2, Yang teaches the following,
The method according to claim 1, wherein the acquiring the target login information of the target verifier, in response to the login operation of the target user on the target verifier, comprises: 
acquiring the target login information including at least a target verifier DID in response to the login operation of the target user on the target verifier, for acquiring, from a blockchain network, a DID document associated with the target verifier DID based on the target verifier DID.
Yang teaches operations may comprise creating a new DID, storing a DID document, updating a DID document, identifying a DID document (“DID document”) based on a DID (“target verifier DID”), storing information associated with a VC. (Yang, middle [0072]) Yang also teaches a DID document may be created and stored on the blockchain 330 (“for acquiring, from a blockchain network, a DID document”). (Yang, first sentence [0100])

Regarding claim 3, Yang teaches the following, except for the underlined features,
The method according to claim 1, wherein the authorize the target verifier to acquire the target claim of the target user from the identity hub of the target user, comprises: 
sending a target site address storing the target claim in the identity hub to the target verifier, to authorize the target verifier to access a target site of the identity hub based on the target site address to acquire the target claim.
Yang in fig. 5 teaches a verifiable data registry 521 and DID hub 522 (“identity hub”) that stores Verifiable Claims (VC). (Yang, first half [0077]) Yang in fig. 5 teaches a verifiable data registry 521 and DID hub 522 (“identity hub”) that stores Verifiable Claims (VC) (“target claim”). (Yang, first half [0077])   
 	However, Ferenczi teaches the above underlined features,
	Ferenczi teaches the identity key 159 might instead specify the address of the identity hub 109 (“target site address storing the target claim”) and the unique identifier of the identity document 163. (Ferenczi, Col. 5, lines 40-43 (end of (24)).  Ferenczi also teaches that it is possible to retrieve one or more verified claims 173 from the vault 169 of the identity hub 109 (“storing the target claim in the identity hub”).   (Ferenczi. Col. 8, lines 41-47 (41)) 
	
	Regarding claim 4, Ferenczi teaches the following,
The method according to claim 3, wherein, before sending the target site address storing the target claim in the identity hub to the target verifier, the method further comprises: 
encrypting the target claim based on a proxy re-encryption mechanism.
	Ferenczi also teaches data stored in the vault 169 can be stored in an encrypted form … where the vault may include verified claims 137. (Ferenczi, Col. 5, lines 57-65 (27))

Regarding claim 7, Yang teaches the following,
The method according to claim 1, wherein, before the acquiring the target login information of the target verifier, in response to the login operation of the target user on the target verifier, the method further comprises: 
searching for a target issuer that issues a claim, based on service information of issuers in a claim issuer registry; 
Yang teaches the issuer application 531 (“target issuer”) may interact with the layers 510 and 520 via a connection or interface with the issuer agent 412. (Yang, middle of [0078] describing fig. 5) The examiner interprets the actions of the issuer agent 412 as finding the issuer application. 
sending a claim application request to the target issuer, to control the target issuer to generate the target claim of the target user; and 
Yang teaches an issuer application 531 (“target issuer”) may correspond to an entity (e.g., government institution, banks, credit agency) issuing verifiable claims signed or endorsed by the entity for users. (Yang, third sentence [0078]) 
obtaining the target claim issued by the target issuer responding to the claim application request.
	Yang teaches the issuer application 531 may comprise an issuer verifiable claim manager service which may allow an issuer to manage issued VCs, maintain their status (e.g., validity), or perform other suitable operations. (Yang, fifth sentence [0078])

Regarding claim 9, Yang teaches,
The method according to claim 8, wherein, before the accessing, based on the target site address, the target site in the identity hub to obtain the proxy re-encrypted target claim, the method further comprises: 
sending the target user DID to the identity hub, for the identity hub to: 
acquire a DID document associated with the target user DID from a blockchain network, and 
Yang teaches a DID hub (“identity hub”) that stores an owners sensitive data that is provided to perform other functionalities.  (Yang, first half [0077]) Yang also teaches that the DID hub 522 interfaces with the blockchain 330. (Yang, fig. 5 and [0079])
verify a user signature of the target user using a target user public key in the DID document, to verify whether the target user is a holder of the target user DID.
Yang teaches a DID document, provided by a blockchain, that uses a public key from the document to check a digital signature. (Yang, second half [0087]) 

Regarding claim 11, Yang teaches the following,
The method according to claim 1, wherein, before the acquiring the target login information of the target verifier, in response to the login operation of the target user on the target verifier, the method further comprises: 
creating the target user DID and at least one public and private key pair for the target user, in response to a DID creation request of the target user.
Yang teaches creating a DID in fig. 18. (Yang, [0044]) The creation of the DID includes a cryptographic key pair. (Yang, last half [0136])

Regarding claim 12, Yang teaches,
A method for verifying digital identity, executed by a verifier, the method comprising: 
Yang teaches that an ecosystem for decentralized identity management (“DID wallet”) that may provide unique and verifiable identities to entities. (Yang, first sentence [0048])
Yang teaches a method for authenticating a decentralized identifier using DID authentication services. (Yang, first sentence [0082] describing fig. 7)
Yang teaches a verifier 532 (“verifier”) that may obtain the DID. (Yang, second sentence [0083]) The verifier 532 may work with verifier agent 413. (Yang, fig. 5)  
Similarly, Ferenczi teaches a hosted application 119 (“verifier”) that verifies the authenticity of a user. (Ferenczi, Col. 3, lines 34-36 (16) and fig. 1)
Yang teaches the following, except for the underlined portions,
in response to a login request including a target user decentralized identity, DID, of a target user sent by a target DID wallet, acquiring a target claim of the target user from an identity hub of the target user; 
Yang teaches at step 702, the verifier 532 may obtain the DID provided by a purported owner (“in response to a login request including a target user decentralized identity, DID, of a target user sent by a target DID wallet”). (Yang, fig. 7 and [0083])
Yang teaches that DID hub 522 (“identity hub”) may comprise a system in which an owner of a DID stores its sensitive data. The owner may grant certain other entities (e.g., institutions issuing verifiable claims) access to data stored in the DID hub 522. (Yang, middle [0077])
Yang also teacher that a verifier agent 413 [which works with verifier 532 (“verifier”)] may be used by key participants in the network environment associated with DIDs and VCs such as entities able to perform know-your-customer (KYC) authentication or endorsement for users or to issue or verify verifiable claims (“acquiring a target claim of the target user”). (Yang, second to last sentence [0077] describing fig. 5)
However, Ferenczi teaches the above underlined features,
Ferenczi teaches a hosted application 119 (“verifier”) that verifies the authenticity of a user. (Ferenczi, Col. 3, lines 34-36 (16) and fig. 1)
Ferenczi then teaches the identity hub 110 (“identity hub”) providing identity keys 159 (“user DID”) to the hosted application 119 (“verifier”). (Ferenczi, Col. 8, lines 31-40 (40) and fig. 1) Ferenczi teaches that the identity key 159 is a decentralized identifier (DID). (Ferenczi, Col. 5, lines 23-30 (23-24))
Ferenczi then teaches that the verified claims 173 [in the identity hub of fig. 1] (“target claim”) is provided to the hosted application 119 (“verifier”). (Ferenczi, Col. 8, lines 41-47 (41))
Similarly, Yang also teaches that a request, it may be fed to a user agent 411 (“identity hub”) for performing operations such as creation and authentication of DIDs or an issue agent 412 for performing operations such as issuance of VCs. The requests from a party desiring to verify a VC may be fed to the verifier agent 413 (“target verifier”). (Yang, [0073]) (emphasis added) 
Yang teaches the following,
verifying a target user DID and the target claim; and 
As stated above, the verifier agent 413 may work with the verifier 532. Specifically, Yang teaches that the “verifier agent 413 may comprise one or more APIs (e.g., REST API) or SDKs and be configured to verify a verifiable claim (“target claim”) or perform one or more other suitable operations. In some embodiments, the layer 520 may also comprise one or more code libraries (e.g., DID resolve library 523, DID authentication library 524) that can be adopted and used to interact with the DID resolvers 322 (“target user DID”) or directly with the blockchain 330.” (Yang, middle [0077])
determining that the target user successfully logs in using the target user DID, in response to the target user DID and the target claim passing the verification.
As stated above, Yang teaches a verifier agent 413 may be used by key participants in the network environment associated with DIDs (“target user DID”) and VCs  (“target claim”) such as entities able to perform know-your-customer (KYC) authentication or endorsement for users or to issue or verify verifiable claims (“verifying a target user DID and the target claim”). (Yang, second to last sentence [0077] describing fig. 5) (emphasis added) The examiner interprets the passing of the verification of the DID and the claims in Yang as corresponding to “successfully logging in.”
Yang teaches A verifier application 532 may correspond to an entity (e.g., service provider, credit issuer) needing to verify verifiable claims to ascertain a user's information (e.g., identity, age, credit score). (Yang, middle [0078])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, with Ferenczi,  which also teaches an address of an identifier hub that may be used to specify data and to provide identity keys (DIDs) to a verifier. One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to use an address of an identifier hub that may be used to specify data and to provide identity keys (DIDs) to a verifier.

Regarding claim 13, Yang teaches the following,
The method according to claim 12, wherein the acquiring the target claim of the target user from the identity hub of the target user, comprises: 
acquiring a target site address storing the target claim, based on an authorization result of the target DID wallet for the verifier; and 
Yang in fig. 5 teaches a verifiable data registry 521 and DID hub 522 (“identity hub”) that stores Verifiable Claims (VC). (Yang, first half [0077]) Yang in fig. 5 teaches a verifiable data registry 521 and DID hub 522 (“identity hub”) that stores Verifiable Claims (VC) (“target claim”). (Yang, first half [0077])   
 	However, Ferenczi teaches the above underlined features,
	Ferenczi teaches the identity key 159 might instead specify the address of the identity hub 109 (“target site address storing the target claim”) and the unique identifier of the identity document 163. (Ferenczi, Col. 5, lines 40-43 (end of (24)).  
accessing a target site of the identity hub based on the target site address to obtain the target claim.
Ferenczi also teaches that it is possible to retrieve one or more verified claims 173 from the vault 169 of the identity hub 109 (“storing the target claim in the identity hub”).   (Ferenczi. Col. 8, lines 41-47 (41))
Claim 13 is rejected using the same basis of arguments used to reject claim 3 above.

Regarding claim 15, Yang teaches,
The method according to claim 12, wherein the verifying the target user DID and the target claim, comprises: 
verifying whether the target user is a holder of the target user DID, according to a user signature of the target user; and 
Yang teaches a DID document, provided by a blockchain, that uses a public key from the document to check a digital signature. (Yang, second half [0087]) 
in response to verifying that the target user is the holder of the target user DID, verifying the target claim based on at least one of: 
an issuer issuing the target claim, a claim type, a validity period, or a revocation status of the target claim.
Yang teaches the issuer application 531 (“issuer”) may he issuer application 531 may comprise an issuer verifiable claim manager service which may allow an issuer to manage issued VCs, maintain their status (e.g., validity), or perform other suitable operations. (Yang, middle of [0078] describing fig. 5) The examiner interprets the actions of the issuer application 531 as corresponding to issuing a claim.
Claim 15 is rejected using the some of the same basis of arguments used to reject claims 7 and 9 above.

Regarding claim 16, Yang teaches the following,
The method according to claim 15, wherein the verifying whether the target user is the holder of the target user DID, according to the user signature of the target user, comprises: 
acquiring a DID document associated with the target user DID from a blockchain network, based on the target user DID; and 
Yang teaches a DID hub (“identity hub”) that stores an owners sensitive data that is provided to perform other functionalities.  (Yang, first half [0077]) Yang also teaches that the DID hub 522 interfaces with the blockchain 330. (Yang, fig. 5 and [0079])
verifying the user signature of the target user, based on a target user public key in the DID document associated with the target user DID, to verify whether the target user is the holder of the target user DID.
Yang teaches a DID document, provided by a blockchain, that uses a public key from the document to check a digital signature. (Yang, second half [0087]) 
Claim 16 is rejected using some of the same basis of arguments used to reject claim 9 above.

Regarding claim 17, Yang teaches,
An electronic device, comprising: 
at least one processor; and 
a memory, communicatively connected to the at least one processor, the memory, storing instructions executable by the at least one processor, the instructions, when executed by the at least one processor, causing the at least one processor to perform operations, the operations comprising: 
Yang teaches one or more processors, one or more memories, and a computer readable medium. (Yang, [0019-20])
acquiring target login information of a target verifier, in response to a login operation of a target user on the target verifier; 
Yang teaches that an ecosystem for decentralized identity management (“DID wallet”) that may provide unique and verifiable identities to entities. (Yang, first sentence [0048]) Yang teaches a method for authenticating a decentralized identifier using DID authentication services. (Yang, first sentence [0082] describing fig. 7)
Yang in fig. 5 teaches a verifier agent 413 and verifier application 532 (“target verifier”) that interact with each other. (Yang, second half [0078])
Yang teaches at step 702, the verifier 532 (“target verifier”) may obtain the DID provided by a purported owner. (Yang, second sentence [0083]) The examiner interprets the providing of the DID to the verifier 532 necessarily requires that information regarding the location / address (“target login information of a target verifier”) of the verifier 532 be acquired in order to provide the DID to the verifier 532.    
Yang also teaches that fig. 7, illustrates a method for authenticating a decentralized identifier using DID authentication services (i.e., login operations) in accordance with some embodiments. (Yang, first sentence [0082])
Yang teaches the following, except for the underlined portions,
sending, based on the target login information, a login request including a target user DID of a target user to the target verifier, to authorize the target verifier to acquire a target claim of the target user from an identity hub of the target user and verify the target user DID and the target claim; and 
As stated above, Yang teaches at step 702, the verifier 532 may obtain the DID provided by a purported owner (“sending, … , a login request including a target user DID of a target user to the target verifier”). (Yang, second sentence [0083] describing fig. 7)
Yang in fig. 5 teaches a user agent 411, a verifiable data registry 521 and DID hub 522 (“identity hub”) that stores Verifiable Claims (VC) (“target claim”). The owner may grant certain other entities (e.g., institutions issuing verifiable claims) access to data stored in the DID hub 522 (Yang, first half [0077])   
Yang teaches that verifier application 532 (“target verifier”) may correspond to an entity (e.g., service provider, credit issuer) needing to verify verifiable claims (“to authorize the target verifier to acquire a target claim of the target user … and verify … the target claim.”) to ascertain a user's information (e.g., identity, age, credit score). (Yang, middle [0078] describing fig. 5)
Yang also teaches verifier 532 (e.g., a service provider needing to verify information of a customer) may initiate a DID authentication process (“and verify the target user DID”) using an SDK 312. (Yang, first sentence [0083])
However, Ferenczi teaches the above underlined features,
Ferenczi teaches a hosted application 119 (“target verifier”) that verifies the authenticity of a user. (Ferenczi, Col. 3, lines 34-36 (16) and fig. 1)
Ferenczi then teaches the identity hub 110 (“identity hub”) providing identity keys 159 (“user DID”) to the hosted application 119 (“target verifier”). (Ferenczi, Col. 8, lines 31-40 (40) and fig. 1) Ferenczi teaches that the identity key 159 is a decentralized identifier (DID). (Ferenczi, Col. 5, lines 23-30 (23-24))
Ferenczi then teaches that the verified claims 173 [in the identity hub of fig. 1] (“target claim”) is provided to the hosted application 119 (“target verifier”). (Ferenczi, Col. 8, lines 41-47 (41))
Similarly, Yang also teaches that a request, it may be fed to a user agent 411 (“identity hub”) for performing operations such as creation and authentication of DIDs or an issue agent 412 for performing operations such as issuance of VCs. The requests from a party desiring to verify a VC may be fed to the verifier agent 413 (“target verifier”). (Yang, [0073]) (emphasis added) 
Yang teaches the following,
logging in to the target verifier using the target user DID, in response to the target user DID and the target claim passing the verification.
Yang teaches if the response is determined to be correct, the SDK 312 may return a message to the verifier 532 (“target verifier”) indicating the DID is a valid proof of identity of the user (“logging in to the target verifier using the target user DID”) at step 732. At step 734, the verifier 532 may notify the user as to the validity of the DID. (Yang, last two sentences of [0084])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, with Ferenczi,  which also teaches an address of an identifier hub that may be used to specify data and to provide identity keys (DIDs) to a verifier. One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to use an address of an identifier hub that may be used to specify data and to provide identity keys (DIDs) to a verifier.

	Regarding claim 18, Yang teaches the following,
An electronic device, comprising: 
at least one processor; and 
a memory, communicatively connected to the at least one processor, the memory, storing instructions executable by the at least one processor, the instructions, when executed by the at least one processor, causing the at least one processor to perform the method for verifying digital identity according to claim 12.
	Yang teaches one or more processors, one or more memories, and a computer readable medium. (Yang, [0019-20])
Claim 18 is rejected using the same basis of arguments used to reject claim 12 above.
	
Regarding claim 19, Yang teaches the following,
A non-transitory computer readable storage medium, storing computer instructions, the computer instructions, being used to cause the computer to perform the method for verifying digital identity according to claim 1.
Yang teaches one or more processors, one or more memories, and a computer readable medium. (Yang, [0019-20])
Claim 19 is rejected using the same basis of arguments used to reject claim 1 above.

Regarding claim 20, Yang teaches the following,
A non-transitory computer readable storage medium, storing computer instructions, the computer instructions, being used to cause the computer to perform the method for verifying digital identity according to claim 12.
Yang teaches one or more processors, one or more memories, and a computer readable medium. (Yang, [0019-20])
Claim 20 is rejected using the same basis of arguments used to reject claim 12 above.

Claims 5-6, 8, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Yang, in view of Ferenczi, and further in view of US 2016/0119292 to Kaseda et al. (hereinafter Kaseda)
Regarding claim 5, Ferenczi teaches the following, except the underlined portions,
The method according to claim 4, wherein the encrypting the target claim based on the proxy re-encryption mechanism, comprises: 
encrypting the target claim using an advanced encryption standard (AES) key, to obtain an encrypted target claim; 
As stated above, Ferenczi also teaches data stored in the vault 169 can be stored in an encrypted form … where the vault may include verified claims 137 (“encrypted target claim”). (Ferenczi, Col. 5, lines 57-65 (27)).
However, Yang teaches the above features,
Yang teaches the use of AES keys. (Yang, second to last sentence [0070])  
encrypting the AES key using a target user public key, to obtain a symmetric key ciphertext; 
Yang teaches the use of public and private keys. (Yang, last sentence [0070]) The examiner notes that Yang teaches encryption of information (e.g., keys) using the public key, for the purpose of passing a symmetric key to the holder of the private key.
Yang teaches the following, except the underlined features,
calculating to obtain a re-encryption key, based on a target user private key, and a target verifier public key acquired from the DID document associated with a target verifier DID; and
As stated above, Yang teaches public and private keys being used to pass (“obtain”) information in an encrypted form. Yang also teaches public keys in a DID document. (Yang, [0081]) 
However, Kaseda teaches the above underlined features,
Kaseda teaches Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption. (Kaseda, [0059]) Kaseda further teaches a re-encryption key for a symmetric key. (Kaseda, [0094] and [0171])
Ferenczi teaches the following, except the underlined features,
storing the encrypted target claim, the symmetric key ciphertext, and the re-encryption key into the target site address of the identity hub, to control the identity hub to re-encrypt the symmetric key ciphertext using the re-encryption key to generate and store a re-encrypted ciphertext.
	Ferenczi also teaches data stored in the vault 169 can be stored in an encrypted form (“storing in the encrypted target claim”) … where the vault may include verified claims 137. (Ferenczi, Col. 5, lines 57-65 (27))
	However, Kaseda teaches the above underlined features,
	Kaseda teaches proxy re-encryption, where a client apparatus generates and stores symmetric keys and re-encryption keys and stores private keys. (Kaseda, fig. 3) Kaseda further teaches re-encryption of a symmetric key. (Kaseda, [0094]) 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, and also teaches encryption of data, with Kaseda, which teaches the use of proxy encryption and re-encryption of a symmetric key. One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to use proxy encryption / re-encryption of symmetric keys.

Regarding claim 6, Yang and Kaseda teach the following,
The method according to claim 5, wherein the target site address is used by the target verifier  to: 
acquire the encrypted target claim and the re-encrypted ciphertext based on the target site address, and decrypt the re-encrypted ciphertext based on a target verifier private key to obtain a symmetric encryption key, and 
As discussed above, Yang teaches finding a target claim, and Kaseda teaches the use of re-encryption to obtain a symmetric key.
decrypt the encrypted target claim based on the symmetric encryption key to obtain the target claim.
	As discussed above, Yang teaches encrypting a target claim, while Kaseda specifically teaches encryption and decryption using a symmetric key.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, and also teaches encryption of data, with Kaseda, which teaches the use of proxy encryption and re-encryption of a symmetric key.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to use proxy encryption / re-encryption of symmetric keys.
	 
	Regarding claim 8, Yang teaches the following,
The method according to claim 7, wherein the obtaining the target claim issued by the target issuer responding to the claim application request, comprises: 
receiving a target site address fed back by the target issuer responding to the claim application request;   
Yang teaches the information may comprise a network address (e.g., URL) for an issue agent service used by the issuer 531 to keep status of VCs. (Yang, fourth to last sentence [0090])
However, Yang does not teach the following features,
wherein, the target site address is located in the identity hub of the target user for storing a target claim proxy re-encrypted by the target issuer;   
accessing, based on the target site address, a target site in the identity hub to obtain the proxy re-encrypted target claim; and   
Ferenczi teaches the above features,
Ferenczi teaches the identity key 159 might instead specify the address of the identity hub 109 (“target site address”) and the unique identifier of the identity document 163. (Ferenczi, Col. 5, lines 40-43 (end of (24)).  Ferenczi also teaches that it is possible to retrieve one or more verified claims 173 from the vault 169 of the identity hub 109 (“storing the target claim in the identity hub”).   (Ferenczi. Col. 8, lines 41-47 (41))
Ferenczi teaches data stored in the vault 169 can be stored in an encrypted form … where the vault may include verified claims 137 (encrypted “target claim”). (Ferenczi, Col. 5, lines 57-65 (27))
Kaseda and Ferenczi teach the following,
decrypting the proxy re-encrypted target claim using a target user private key to obtain the target claim.
Kaseda teaches proxy re-encryption (Kaseda, [0059]), where a client apparatus generates and stores symmetric keys and re-encryption keys and stores private keys. (Kaseda, fig. 3) Kaseda further teaches re-encryption using a private key. (Kaseda, [0171])
Additionally, Ferenczi teaches, 
Ferenczi, as discussed above teaches encryption and decryption of claims (“target claim”).
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, and also teaches encryption of data, with Kaseda, which teaches the use of proxy encryption and re-encryption of a symmetric key.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to use proxy encryption / re-encryption of symmetric keys.

Regarding claim 14, Ferenczi teaches the following, except the underlined portions,
The method according to claim 13, wherein the accessing the target site of the identity hub based on the target site address to obtain the target claim, comprises: 
accessing the target site of the identity hub based on the target site address, to obtain an encrypted target claim and a re-encrypted ciphertext; 
Ferenczi also teaches that it is possible to retrieve one or more verified claims 173 from the vault 169 of the identity hub 109 (“storing the target claim in the identity hub”).   (Ferenczi. Col. 8, lines 41-47 (41))
However, Kaseda teaches the above underlined portions,
Kaseda teaches proxy re-encryption. (Kaseda, [0059])
Ferenczi and Kaseda teach the following,
wherein the encrypted target claim and the re-encrypted ciphertext are encrypted and generated based on a proxy re-encryption mechanism; 
Ferenczi also teaches data stored in the vault 169 can be stored in an encrypted form … where the vault may include verified claims 137. (Ferenczi, Col. 5, lines 57-65 (27))
decrypting the re-encrypted ciphertext using a verifier private key, to obtain a symmetric encryption key; and 
As stated above, Ferenczi also teaches data stored in the vault 169 can be stored in an encrypted form … where the vault may include verified claims 137 (“encrypted target claim”). (Ferenczi, Col. 5, lines 57-65 (27)). Yang teaches the use of AES keys. (Yang, second to last sentence [0070])  Yang teaches the use of public and private keys. (Yang, last sentence [0070]) The examiner notes that Yang teaches encryption of information (e.g., keys) using the public key, for the purpose of passing a symmetric key to the holder of the private key.
decrypting the encrypted target claim using the symmetric encryption key, to obtain the target claim.
Ferenczi also teaches data stored in the vault 169 can be stored in an encrypted form (“storing in the encrypted target claim”) … where the vault may include verified claims 137. (Ferenczi, Col. 5, lines 57-65 (27))
	However, Kaseda teaches the above underlined features,
	Kaseda teaches proxy re-encryption, where a client apparatus generates and stores symmetric keys and re-encryption keys and stores private keys. (Kaseda, fig. 3) Kaseda further teaches re-encryption of a symmetric key. (Kaseda, [0094]) 
Claim 14 is rejected using some of the same basis of arguments used to reject claim 5 above.


Claim 10 are rejected under 35 U.S.C. 103 as being unpatentable over Yang, in view of Ferenczi, in view of US 2020/0401734 to Murdoch et al. (hereinafter Murdoch).
Regarding claim 10, Murdoch teaches the following,
The method according to claim 7, wherein, after the obtaining the target claim issued by the target issuer responding to the claim application request, the method further comprises: 
acquiring a revocation list address from the target claim; 
Murdoch teaches a DID document 210 that may include a verifiable claim (Murdoch, middle [0060]) Murdoch in fig. 2 teaches the DID document 210, which may be stored in a blockchain 220, includes DID 205 that may be revoked. (Murdoch, last sentence [0080])
accessing the revocation list address and obtaining a revocation list, from a personal revocation service site of the issuer that issues the target claim; and 
querying a revocation status of the target claim based on the revocation list.
	Murdoch teaches a revocation module 370 that may revoke or remove DID 205 from the DID document. (Murdoch, [0083])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Yang, which teaches a system the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub that interacts with a Verifier and Issuer to enroll users and perform authentication, while storing information in a blockchain, with Murdoch,  which also teaches the uses de-identifiers (DID) to store transaction / claim information in a (identifier) DID hub, and further teaches revocation of DIDs. One of ordinary skill in the art would have been motivated to perform such an addition to provide the encryption system of Yang with the ability to revoke DIDs.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495