DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment presented on the Request for Continuing Evaluation (RCE) dated April 28, 2022.
In the presented on the Request for Continuing Evaluation (RCE) dated on April 28, 2022, claim 1 have been amended, and all other claims are previously presented.
Claim 13 have been canceled.
Claims 1-8, 10-12 and 14-20 are allowed.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 04/28/2022 has been entered.

Response to Arguments
Previous claim rejections under U.S.C. 112(a) are withdrawn as Applicant’s amendments, filed on April 28, 2022, are found persuasive.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephonic interview with Mr. Frank Shieh on August 10, 2022.
The Examiner’s Amendment is made to the claims of the request for continued examination amendment dated on 04/28/2022, as follows:
Claim 1 (Currently Amended):
“A system comprising: 
a hardware client device;
an authenticator of the client device to securely store authentication data including one or more verifiable claims received from one or more claim providers, each verifiable claim having attributes associated therewith, wherein the authenticator is to perform a key derivation operation based on a master secret key and a claim provider public key to generate a secret key;
claim/attribute processing logic of the authenticator to generate a first verifiable claim binding for a first verifiable claim issued by the claim provider, the first verifiable claim received by the authenticator through secure communications established with the claim provider using the secret key, wherein the authenticator is to transmit a first signature assertion to a first relying party to authenticate with the first relying party, the first signature assertion including an attribute extension containing data associated with the first verifiable claim binding; and
blockchain authentication logic of the authenticator to authenticate a block of a blockchain, wherein the authenticator comprises a new authenticator, the new authenticator to use a blockchain entry to allow verifiable claims that have been issued for an older authenticator to be carried over to the new authenticator.”

Claim 2 (Original):
“The system of claim 1 wherein the authenticator further includes signature generation logic to generate a first signature over the first verifiable claim issued by the claim provider, the claim/attribute processing logic to include the first signature in the attribute extension.”

Claim 3 (Original):
“The system of claim 1 further comprising: verification logic of the first relying party to verify the first verifiable claim by, at least in part, verifying the first signature.”

Claim 4 (Original):
“The system of claim 1 wherein the claim/attribute processing logic is further configured to generate a second verifiable claim binding for a second verifiable claim issued by the claim provider; 
wherein the authenticator is to transmit a second signature assertion to a second relying party to authenticate with the second relying party, the second signature assertion including an attribute extension containing data associated with the second verifiable claim binding.”

Claim 5 (Original):
“The system of claim 4 wherein the first verifiable claim and the second verifiable claim comprise a claim that a user of the client device is associated with a particular online entity or other organization.”

Claim 6 (Original):
“The system of claim 1 wherein the claim/attribute processing logic comprises Direct Anonymous Attestation (DAA) logic to communicate with the claim provider in accordance with a DAA protocol.”

Claim 7 (Original):
“The system of claim 6 wherein the DAA protocol comprises Elliptic Curve DAA (ECDAA).”

Claim 8 (Original):
“The system of claim 7 wherein the authenticator is to use different ECDAA private keys to maintain privacy when communicating with different claim providers.”

Claim 9 (Canceled)

Claim 10 (Previously Presented):
“The system of claim 1 wherein the authenticator is to perform a join operation including transmission of a join request to the claim provider.”

Claim 11 (Original):
“The system of claim 10 wherein the join operation is performed in accordance with an enhanced Elliptic Curve Direct Anonymous Attestation (ECDAA) Join protocol.”

Claim 12 (Previously Presented):
“The system of claim 1 further comprising: an attestation module of the authenticator or coupled to the authenticator, the attestation module to generate a signature using the block and a private key, the signature usable to attest to the authenticity of the block by a device having a public key corresponding to the private key.”

Claim 13 (Canceled)

Claim 14 (Previously Presented):
“A method comprising: performing, at an authenticator, a key derivation operation based on a master secret key of the authenticator and a claim provider public key of a first claim provider to generate a secret key; 
receiving, at the authenticator, a first verifiable claim from the first claim provider through secure communications established between the authenticator and the first claim provider using the secret key; 
securely storing authentication data on a client device including one or more verifiable claims received from one or more claim providers, including the first verifiable claim issued by the first claim provider, each verifiable claim having attributes associated therewith; 
generating on the client device a first verifiable claim binding for the first verifiable claim issued by first the claim provider; 
transmitting a first signature assertion to a first relying party to authenticate with the first relying party, the first signature assertion including an attribute extension containing data associated with the first verifiable claim binding; 
authenticating, by blockchain authentication logic of the authenticator, a block of a block chain; and 
using a blockchain entry to allow verifiable claims that have been issued for the authenticator to be carried over to a new authenticator.”

Claim 15 (Previously Presented):
“The method of claim 14 further comprising generating a first signature over the first verifiable claim issued by the claim provider and including the first signature in the attribute extension.”

Claim 16 (Previously Presented):
“The method of claim 14 further comprising verifying the first verifiable claim by the first relying party via, at least in part, verifying the first signature.”

Claim 17 (Previously Presented):
“The method of claim 14 further comprising generating a second verifiable claim binding for a second verifiable claim issued by the claim provider; 
wherein the authenticator is to transmit a second signature assertion to a second relying party to authenticate with the second relying party, the second signature assertion including an attribute extension containing data associated with the second verifiable claim binding.”

Claim 18 (Original):
“The method of claim 17 wherein the first verifiable claim and the second verifiable claim comprise a claim that a user of the client device is associated with a particular online entity or other organization.”

Claim 19 (Previously Presented):
“The method of claim 14 further comprising communicating with the claim provider in accordance with a Direct Anonymous Attestation (DAA) protocol.”

Claim 20 (Previously Presented):
“The method of claim 19 wherein the DAA protocol comprises Elliptic Curve DAA (ECDAA).”

ALLOWED CLAIMS
Claims 1-8, 10-12 and 14-20.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
Independent Claims 1 and 14 are allowable based on the amendment presented in the request for continued examination (RCE) dated on April 28, 2022 and the examiner’s amendment dated on August 10, 2022. In particular, the examiner’s amendment dated on June 30, 2022, has the independent claims amended to provide the necessary clarification and description that the client device is a hardware element.
Specifically, the independent claim 1 now recites limitations as follows: 
“A system comprising: a hardware client device; 
an authenticator of the client device to securely store authentication data including one or more verifiable claims received from one or more claim providers, each verifiable claim having attributes associated therewith, wherein the authenticator is to perform a key derivation operation based on a master secret key and a claim provider public key to generate a secret key; 
claim/attribute processing logic of the authenticator to generate a first verifiable claim binding for a first verifiable claim issued by the claim provider, the first verifiable claim received by the authenticator through secure communications established with the claim provider using the secret key, wherein the authenticator is to transmit a first signature assertion to a first relying party to authenticate with the first relying party, the first signature assertion including an attribute extension containing data associated with the first verifiable claim binding; and 
blockchain authentication logic of the authenticator to authenticate a block of a blockchain, wherein the authenticator comprises a new authenticator, the new authenticator to use a blockchain entry to allow verifiable claims that have been issued for an older authenticator to be carried over to the new authenticator.”
The cited reference by Bjones et al. (US 2014/0090088), discloses facilitating claim use in an identity framework. In aspects, a definition of a trust framework may be received and stored. A graphical interface may display a plurality of trust frameworks and allow an administrator to select which trust framework to instantiate. The graphical interface may also allow the administrator to define which rules of the trust framework to use in the instance of the trust framework. After receiving this information, the instance of the trust framework may be instantiated and configuration data provided to the administrator to allow the administrator to configure a Web service to invoke the instance of the trust framework to grant or deny access to the Web service.
The cited reference by Matsuda et al. (US 2014/0086413), discloses an information processing device (i.e. authenticator) including a secret key generator that generates a secret key from a random number received from an external device (i.e. identity provider) that provides a service, and a given value, a public key generator that generates a public key on the basis of the secret key by using a function identically set in a plurality of the services, a transmitter that transmits the public key to the external device, and an authentication processor that conducts authentication with the external device using the secret key.
The cited reference by Gentry (WO 2006/024042), discloses A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes.
The cited reference by Novak et al. (US 2013/0205360), discloses protecting user credentials from a computing device establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.
The combination of the above-mentioned references teaches the various claimed unit from the systemin the independent claim 1. However, each of the cited references or references from the updated searches, at least, fails to teach or suggest the limitations regarding “… blockchain authentication logic of the authenticator to authenticate a block of a blockchain, wherein the authenticator comprises a new authenticator, the new authenticator to use a blockchain entry to allow verifiable claims that have been issued for an older authenticator to be carried over to the new authenticator,” in combination with the rest of the limitations recited in the independent claim 1. That is, neither the previous cited prior-art references nor reference(s) identified from the updated search would, either singularly or in combination, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 25 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claim 14 is a method claim of above system claim 1, and therefore, it is also allowed.
Claims 2-8 and 10-12 depend on claim 1, and claims 15-20 depend on claim 14; therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.D.C./Examiner, Art Unit 2498        

/JOHN B KING/Primary Examiner, Art Unit 2498