DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/20/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 48 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 48 recites the limitation "the ledge" in line 1. There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 28-29, 32-41, 44, 46, 49-51, 54 and 56 are rejected under 35 U.S.C. 103 as being unpatentable over Wendt et al. (WO 2010/115607, IDS provided reference, hereinafter Wendt) in view of Smith et al. (Patent No.: US 6,061,448, hereinafter Smith).
Regarding claim 28: Wendt discloses A method of providing user identity authentication information to a service provider, the method comprising: 
receiving, over a first network, identification information comprising at least identity-linked information (Wendt - [0037]: The SDS may require the subscriber to enter a user name (e.g. in the form of a digital ID) and a password into a login window. See also Fig. 1, One or more terminals 106,108 of subscribers may connect to the SDS 102 via one or more communications networks 110 such as the Internet, a local network (LAN) and/or a wide area network (WAN)); 
retrieving, from a hardware security module, a private key associated with the identity-linked information (Wendt - [0037]: By associating the login name of the subscriber to a subscriber ID, the secure data server may retrieve the password-encrypted private key 302 from the PDSU associated with the subscriber ID); 
causing transmission, over a second network to the service provider, of an information preparation notification indicative that an identity message is ready to be accessed based on a session ID (Wendt - [0048]: the SDS may set-up a secure SSL link with the relying party RL using the step-up procedure similar to the scheme described with reference to Fig. 4. [0039]: a set-up procedure 400 as described in Fig. 4 may be started by sending an HTTP request comprising a cookie with the session ID and the session key 402 to the SDS), wherein the identity message is based on the retrieved public certificate information and the retrieved private key (Wendt - [0048]: the requested data are signed by the SDS using the private key. In that case, the public key for verifying the signature may be provided by the SDS sending a digital certificate to the service provider); 
receiving, from the service provider, a request for the identity message, the request for identification comprising at least the session ID (Wendt - [0039]: sending an HTTP request comprising a cookie with the session ID and the session key 402 to the SDS, see also [0048]); 
generating the identity message, wherein the identity message comprises at least an encrypted portion of the identity message encrypted using at least the private key (Wendt - [0048]: the requested data are signed by the SDS using the private key); and 
transmitting the identity message to the service provider (Wendt - [0048]: These data are subsequently sent to the relying party 518 for authentication purposes).
However Wendt doesn’t explicitly teach, but Smith discloses retrieving, from a user certificate repository, public certificate information associated with the identity-linked information (Smith - [Col. 6, Line 43-45]: the Delivery Server contacts a certificate authority data base server, presents information identifying the intended recipient, and asks for the intended recipient's public key. The invention may therefore be used to obtain information from certificate authorities that maintain public key data bases); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt with Smith so that public key information is obtained from a certificate authority. The modification would have allowed the system to acquire a public key from a certificate authority. 
Regarding claim 29: Wendt as modified discloses wherein the first network is an out-of-band from the communications network (Wendt - [0047]: the SDS may initiate a further challenge-response authentication step using an out-of-band communication channel).
Regarding claim 32: Wendt as modified discloses wherein the identification information further comprises the session ID (Wendt - [0039]: a set-up procedure 400 as described in Fig. 4 may be started by sending an HTTP request comprising a cookie with the session ID and the session key 402 to the SDS. Using the session ID).
Regarding claim 33: Wendt as modified discloses further comprising: generating the session ID in response to receiving the identification information (Wendt - [0036]: Upon initiation of the web session, a session identifier is generated, which provides a reference to session information which is stored as a session object in a secure memory location of the SDS. Session information may comprise the subscriber ID and session state information); and wherein causing transmission of the notification to the service provider comprises at least transmitting response information to a user device, the response information comprising at least the generated session ID (Wendt - [0038]: the log in procedure may be completed by storing the encrypted private key 310 as session information in the session object and by sending the session key in a cookie to the client 312).
Regarding claim 34: Wendt as modified discloses wherein transmitting the identity message causes the service provider to decrypt the encrypted portion of the identity message using a public key paired with the private key (Wendt - [0048]: the public key for verifying the signature may be provided by the SDS sending a digital certificate to the service provider. [0030]: the SDS or a separate key server may generate a subscriber certificate signed by the SDS comprising a public-private key pair, e.g. an RSA public-private key pair).
Regarding claim 35: Wendt as modified discloses wherein a portion of the identity message comprises at least one from the set of (1) an empty message, (2) a phone number, (3) a transaction time-stamp, and (4) additional identification information (Wendt - [0037]: The SDS may require the subscriber to enter a user name (e.g. in the form of a digital ID) and a password into a login window).
Regarding claim 36: Wendt as modified discloses wherein the identification information additionally comprises information indicative of a device possession confirmation event (Wendt - [0027]: Access to a PDSU may require a strong authentication scheme, e.g. multi-factor authentication in the form of a challenge-response type scheme using a smart card and/or mobile messaging).
Regarding claim 37: Wendt as modified discloses wherein the identification information additionally comprises a history key, and the method further comprising: receiving the history key (Wendt - [0037]: The SDS may require the subscriber to enter a user name (e.g. in the form of a digital ID) and a password into a login window); validating the history key by decrypting it (Wendt - [0032]: The SDS may store the encrypted password 220 as personal security information in the PDSU. The PUC code may be used by the subscriber to retrieve the password); and using the history key to retrieve the public certificate information from the user certificate repository (Wendt - [0031]: The personal symmetric key is encrypted with the public key and subsequently stored with the subscriber ID, the encrypted private key, the signature of the private key and the public key 210 as personal security information in a personal security information table 224 associated with PDSU 204. The personal security information may only be unlocked by the password of the subscriber).
Regarding claim 38: Wendt as modified discloses wherein the identification information is received in response to accessing a link sent via SMS to a first user device (Wendt - [0027]: the SDS may be connected to one or more authentication servers 114,116, e.g. a SMS,MMS or IVR server used in the multi-factor authentication process), the first user device receiving the link via SMS in response to a request for services sent to the service provider by a second user device associated with the first user device (Wendt - [0027]: the secure data server may comprise an identity provider 118 for associating a subscriber with a digital ID. Such digital ID may have the form of an URL, e.g. my.trust-id.com/name, as defined e.g. in the OpenID standard or in the ENUM standard. When entering a digital ID into an digital ID enabled website of a service provider 120 (the relying party) a subscriber will be redirected to the SDS for authenticating the subscriber).
Regarding claim 39: Wendt as modified discloses wherein the identification information is received in response to a local device message on a first user device (Wendt - [0047]: Having received the authentication request, the SDS may then proceed with the login procedure 506 as described in relation with Fig. 3 . This login procedure may include the steps of associating of the username via an (internal) subscriber ID to the PDSU of the costumer and verifying the password by decrypting the encrypted private key stored in the PDSU using the password), the first user device receiving the local device message in response to a request for services sent to a service provider by a second user device associated with the first user device (Wendt - [0046]: After transmitting the entered data in a request to the service provider, the service provider may transmit a request for authentication 504, comprising at least the username, the password of the consumer and the transaction information).
Regarding claim 40: Wendt as modified discloses wherein receiving the identification information occurs in response to a redirect on a user device (Wendt - [0027]: When entering a digital ID into an digital ID enabled website of a service provider 120 (the relying party) a subscriber will be redirected to the SDS for authenticating the subscriber).
Regarding claim 41: Wendt as modified discloses wherein retrieving the public certificate information further comprises determining the public certificate information is associated with service provider identification information (Wendt - [0028]: the SDS may be a certificate authority (CA) which is authorized (e.g. by a root CA controlled by the government) to validate the identity of subscribers and issue digital subscriber certificates for associating the identity of the subscriber (e.g. a person, an organization, a legal entity, a server, etc.) to a public key in the digital certificate).
Regarding claim 44: Wendt as modified discloses wherein the public certificate information comprises at least one from the group of (1) a name, (2) a social security number. (3) an identification number, and (4) a unique attribute of the user (Wendt - [0028]: the SDS may be a certificate authority (CA) which is authorized (e.g. by a root CA controlled by the government) to validate the identity of subscribers and issue digital subscriber certificates for associating the identity of the subscriber (e.g. a person, an organization, a legal entity, a server, etc.) to a public key in the digital certificate).
Regarding claim 46: Wendt as modified discloses wherein a portion of the identity-linked information comprises at least one from the group of (1) a phone number in plain-text, (2) a phone number in hashed form, and (3) a credit card number (Wendt - [0029]: generates a web form comprising at least a number of registration data fields (e.g. username, password, address, e-mail, telephone number, etc.) . Typically the type of registration data may be determined by the information required by the secure data server to generate a subscriber certificate which may have a X.509 format).
Regarding claim 49: Wendt as modified discloses wherein the identification information further comprises a secret key (Wendt - [0051]: the private authentication key associated with the user may be assigned to the user and encrypted using the personal symmetric key).
Regarding claim 50: Wendt as modified discloses further comprising, before encrypting the portion of identity message decrypting the private key using the additional secret key (Wendt - [0052]: the subsequent set-up procedure in which the personal symmetric key is retrieved in a secure, the HSM may provide a secure authentication process wherein the user may be provided with a private authentication key for signing the data handled during the transaction).
Regarding claim 51: Wendt as modified discloses wherein the public certificate information at least a public key (Wendt - [0010]: The personal security information may comprise private-public key pair (obtained e.g. from a subscriber certificate) which is securely stored in the personal data storage unit), and wherein the identity message comprises the encrypted portion and an unencrypted portion, and wherein the unencrypted portion of the identity message comprises at least the public certificate information (Wendt - [0048]: the requested data are signed by the SDS using the private key. In that case, the public key for verifying the signature may be provided by the SDS sending a digital certificate to the service provider).

Regarding claim 54: Claim is directed to apparatus/device claim and do not teach or further define over the limitations recited in claim 28. Therefore, claim 54 is also rejected for similar reasons set forth in claim 28. 
Regarding claim 56: Claim is directed to computer readable medium claims and do not teach or further define over the limitations recited in claim 28. Therefore, claim 56 is also rejected for similar reasons set forth in claim 28. 

Claims 30-31 are rejected under 35 U.S.C. 103 as being unpatentable over Wendt et al. (WO 2010/115607, IDS provided reference, hereinafter Wendt) in view of Smith et al. (Patent No.: US 6,061,448, hereinafter Smith) and Rowe et al. (Pub. No.: US 2016/0239571, hereinafter Rowe).
Regarding claim 30: Wendt as modified doesn’t explicitly teach but Rowe discloses wherein the first network is a carrier network (Rowe - [0036]: Network 108 may include the Internet and/or other types of data networks, such as a local area network (LAN), a wide area network (WAN), a cellular network); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Rowe so that the network may include carrier network. The modification would have allowed the system to increase flexibility. 
Regarding claim 31: Wendt as modified doesn’t explicitly teach but Rowe discloses the identification information is received over the first network using header enrichment (Rowe - [0037]: the client device may transmit a search query in the body of a packet, with the device identifier included in the header of the packet).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Rowe so that packet header will include identification information. The modification would have allowed the system to increase usability.

Claims 42 and 45 are rejected under 35 U.S.C. 103 as being unpatentable over Wendt et al. (WO 2010/115607, IDS provided reference, hereinafter Wendt) in view of Smith et al. (Patent No.: US 6,061,448, hereinafter Smith) and Panda (Pub. No.: US 2017/0257516).
Regarding claim 42: Wendt as modified doesn’t explicitly teach but Panda discloses further comprising, after transmitting the identity message: 
determining a set of identity verification documents associated with the identity-linked information, wherein the set of identity verification documents is stored in a user identity document repository (Panda - [0006]: receive from a mobile computing device a set request containing identification of the particular user, and configured to provide the particular set of one or more associated document identifiers to the mobile computing device in response to receiving the set request); 
selecting a document in the set of identity verification documents (Panda - [0006]: the image forming apparatus receiving a graphical code image identifying the selected document identifier from the mobile computing device); and 
performing a document action on the selected document (Panda - [0006]: provide a selected document associated with the selected document identifier to the image forming apparatus in response to the document request).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Panda so that a document can be selected from a set of documents linked to the identification and perform an action to the selected document. The modification would have allowed the system to take action on the selected document. 
Regarding claim 45: Wendt as modified doesn’t explicitly teach but Panda discloses further comprising: causing a device possession confirmation event on a user device (Panda - [0139]: the server device 110 may store metadata associated with each document such as authorization information used to confirm user authorization to access and/or print the document).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Panda so that a user authorization event is confirmed. The modification would have allowed the system to increase security. 

Claim 43 is rejected under 35 U.S.C. 103 as being unpatentable over Wendt et al. (WO 2010/115607, IDS provided reference, hereinafter Wendt) in view of Smith et al. (Patent No.: US 6,061,448, hereinafter Smith) and Marien (Pub. No.: US 2013/0198519).
Regarding claim 43: Wendt as modified doesn’t explicitly teach but Marien discloses wherein the identity-linked information is one from the set of (1) a one-time password, (2) a one-time password over SMS, (3) a passcode from a first user device running a time-based one-time-password algorithm, (4) a passcode from a second user device running a time-based one-time-password algorithm, (5) a passcode from a first user device running a HMAC-based one-time-password algorithm, (6) a passcode from a second user device running a HMAC-based one-time-password algorithm, (7) a FIDO key from a first user device, (8) a FIDO key from a second user device, (9) an identifier associated with a device-connected service provider device and service provider attestation information, (10) a biometric indicator, or (11) a phone number associated with a user device (Marien - [0085]: the authentication device may include in the authentication message a one-time password that the authentication device has generated by cryptographically combining a secret data element (that may be shared with e.g. a verifying entity such as an application or authentication server) with one or more values of one or more dynamic variables (such as a real-time clock and/or a counter and/or a challenge and/or transaction data) that the authentication device may have used to generate the input value).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Marien so that a one time password may include in the authentication message. The modification would have allowed the system to authenticate a user. 

Claims 47 and 48 are rejected under 35 U.S.C. 103 as being unpatentable over Wendt et al. (WO 2010/115607, IDS provided reference, hereinafter Wendt) in view of Smith et al. (Patent No.: US 6,061,448, hereinafter Smith) and Forehand (Pub. No.: US 2019/0065733).
Regarding claim 47: Wendt as modified doesn’t explicitly teach but Forehand discloses further comprising generating a transaction report, wherein the transaction report comprises information that uniquely memorializes the transmission of the identity message to the service provider; and storing the transaction report in a ledger (Forehand - [0058]: A transmitting operation 406 transmits/records an attestation transaction to the distributed ledger with attestation information about the storage device. Such attestation information is generated and may include, for example without limitation, component listing (e.g., based on identifying information already recorded to the distributed ledger), device type, device capabilities, serial number, keys, etc).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Forehand so that a transaction report is generated. The modification would have allowed the system to create a transaction record and stored in a ledger.
Regarding claim 48: Wendt as modified doesn’t explicitly teach but Forehand discloses wherein the ledger comprises a blockchain (Forehand - [0017]: the distributed ledger 102 is a blockchain).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Forehand so that the ledger is a blockchain. 

Claim 52 rejected under 35 U.S.C. 103 as being unpatentable over Wendt et al. (WO 2010/115607, IDS provided reference, hereinafter Wendt) in view of Smith et al. (Patent No.: US 6,061,448, hereinafter Smith) and Kiehtreiber et al. (Pub. No.: US 2013/0205362, hereinafter Kiehtreiber).
Regarding claim 52: Wendt as modified doesn’t explicitly teach but Kiehtreiber discloses wherein the public certificate information further comprises certificate validation information such that the certificate validation information can be used to verify the public certificate information was issued from a trusted certificate authority (Kiehtreiber - [0043]: The public key is known to have come from the purported source/signer, and the recipient can independently verify that the public key is indeed issued by the purported source/signer (e.g., by querying a trusted certificate authority or by checking the recipient's own database.)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Wendt and Smith with Kiehtreiber so that a issuer verification for public key can be performed. The modification would have allowed the system to increase security. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Tang et al. (Pub. No.: US 2014/0337234) - Systems and methods for secure communication
UHR et al. (Pub. No.: US 2018/0227293) - Certificate issuing system based on block chain
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437