Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the continuation filed on 07/15/2022.
In the instant Amendment, claims 7, 15, and 20 have been cancelled; claims 1, 5-6, 8-9, 13, and  18-19 have been amended; and claims 1, 13, and 18 are independent claims. Claims 1- 6, 8-14, 16-19 have been examined and are pending. 
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 07/15/2022 has been entered.
Response to amendment
This is a non-final Office action in response to applicant's remarks/arguments filed on 07/15/2022. 
The objections to claims 1, 13, and 19 are withdrawn as the claims have been amended.
The rejection of claims 1- 6, 8-14, 16-19 under 35 U.S.C. 112(b) is withdrawn as the claims have been amended.
The amendment overcomes the prior art rejections of claims 1- 6, 8-14, 16-19 under 35 U.S.C 103. However, upon further consideration, a new ground(s) of rejection is made in view of Bhansali et al. (U.S. 20180337907 A1) in view of  Avetisov et al. (U.S. 20200067907A1), and further in view of McDill et al (U.S. 8682866 B1) necessitated by the claim amendment.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-6, 8, 10, 13-14, and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Bhansali et al. (U.S. 20180337907 A1; Hereinafter “Bhansali”) in view of  Avetisov et al. (U.S. 20200067907A1; Hereinafter “Avetisov”), and further in view of McDill et al (U.S. 8682866 B1; Hereinafter “McDill”). 
Regarding claim 1, Bhansali teaches a system for creating global identity contexts across different information technology (IT) systems, the system comprising (Bhansali: Para[0026],[0159], “techniques for cloud-based or on-premise identity authentication via communication networks, systems and methods providing strong identity authentication and access management for integration with web, client, and mobile apps, and techniques for one-click authentication”): 
a first server device (OD server 300) configured to implement an account management application, responsive to execution by the first server device, is configured to: wherein the account management application configured to: register for each constituent in a plurality of constituents, one or more accounts for the constituent (Bhansali: Para [0068] fig. 2, OD server 300 “For the OD server 300 to provide the client 100 authentication, an enrollment procedure is carried out. In some configurations, a client 100 initiates enrollment by inputting his/her fingerprint into the local device 110 (e.g., fingerprint reader), which stores the print data locally with the client.”, “a website or application developer or administrator that seeks to add user authentication, authorization and identity management to an application or website, the ODW Management User Interface 1910 may be used to create an account and then create a definition profile for his 3rd party application/website”); 
a second server device  configured to implement an identity management application, wherein the identity management application, responsive to execution by the second server device, is configured to (Bhansali: para [0079-0080], “The Client Side 100 comprises: Functional Client Components 110—these components present different authentication, endpoint security and identity management related functionalities to the user on electronic device (e.g. personal computer, mobile phone, internet of things (IoT) device, etc.).”, “The communication with the server 300 the Service Client components 140 may be conducted via an application program interface (e.g. REST API) 170 or other internet Application Programming Interfaces (API) protocols. Service Client Components (ServiceBlkC) 140—these components perform the processing on the client electronic device for user authorization, endpoint device management and user identity management.” See also para [0132]):
 perform individualization to establish an individual identifier (user1 key site1/data1) for each unique constituent based on one or more attributes (data) (Bhansali: Para [0098-0099] “This configuration may entail the exchange of secret test and unique identifiers for identifying the user as described for other configurations disclosed herein. At point 1, a Website 200 (e.g. an online commercial vendor) requests data from a User/Client 100 (e.g., a customer's credit card number), using an HTML page 210 and browser 4115 of User/Client 100. At point 2, the Website 200 sends data to the OD server 300 (e.g., OD SecureData plugin 4332 tied to FIDO) to protect the information. At point 3.1, the Website 200 requests for the OD server 300 to create a new encrypted key pair and the Website 200 encrypts the data with the public key. At point 3.2, the key pair is stored in the OD server 300 (e.g., database 4340) under the user profile and associated with the specific website request (hence the illustrated format “user1 key site1/data1,” etc. of the stored key and associated data 4342”),
wherein the first server device and the second server device are communicatively coupled to an API gateway via a network (Bhansali: para[007], [0158], fig. 20 “The system comprises a security database and a gateway. The security database is communicatively coupled to a client device via a client communication link to pass client data therebetween. The security database is communicatively coupled to the website via a website communication link to pass secure information therebetween. The client device is communicatively coupled to authentication hardware to receive client input from a client.”).
Bhansali does not explicitly teach wherein each account of the one or more accounts is associated with a local identifier that identifies the constituent within a context of a particular service; and map each account of the one or more accounts to a particular individual identifier and one or more local identifiers. 
In an analogous art, Avetisov teaches wherein each account of the one or more accounts is associated with one or more local identifier that identifies the constituent within a context of a particular service (Avetisov: para [0100-0111], “In some embodiments, a UID Record 151 for a particular user may be created for a particular relying party or used across multiple relying parties. For example, a given user may have a different UID Record 151 associated with the different relying parties utilizing the authentication system and which the user engages.”, “Information associated with a particular user in a UID Record 151 may include one or more user identifiers that user uses with a relying party, such as a username, email address, employee ID, etc. The user identifiers may also be representations of user identifies, such as cryptographic hashes of user identifiers, and the cryptographic hashing function may be specific to a given relying party.”); and 
map each account of the one or more accounts to a particular individual identifier and the one or more local identifiers (Bhansali: [0186- 0190], [0099-0100];[0200 -02005], “In some embodiments, a user may associate user accounts with a user identity established on a blockchain. For example, a user may associate one or more user accounts (e.g., UAC A 21, UAC B 31) with a Net ID 271 of the user established within a directed acyclic graph 205. For example, in block 22, a transaction record, Tx2, is shown to include user account A, UAC A 21, and a transaction record, Tx3, is shown to include user account B, UAC B 31. The respective transaction records may associate those user accounts with the Net ID 271. As such, those user accounts may be considered federated under the Net ID 271 based on the respective transaction records, all of which are examples of user identity records according to some embodiments.”). 
Therefore, it would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Avetisov into the system of  Bhansali to include wherein each account of the one or more accounts is associated with a local identifier that identifies the constituent within a context of a particular service; and map each account of the one or more accounts to a particular individual identifier and one or more local identifiers because it will improve the system by increasing security, offload authentication burden, and reducing storage of user specific data (Avetisov: para [0118]).
Bhansali in view of Avetisov does not explicitly teach wherein performing individualization comprises: receiving a transaction record from a system of record; processing the transaction record to generate a standard record that contains at least some attributes from the transaction record; matching the standard record to one or more keys; generating a list of candidates by comparing the one or more keys to a plurality of golden records matching unique individuals.
However in an analogous art, McDill teaches wherein performing individualization comprises: receiving a transaction record(input file 202) from a system of record (McDill: fig. 2. Column 10 line 1-6“an input file 202 may contain millions of data records 206. Also, in the preferred embodiment, the input file 202 is contained on a remote storage device, e.g., optical disk.”); 
processing the transaction record to generate a standard record (data record 206)  that contains at least some attributes from the transaction record (McDill: column 10 line 29-34“Once an input file 202 and one or more reference files 204a-c are selected, and the search key 214 computed, the method 202 repeatedly reads, or retrieves, a data record 206 from the input file 202 and processes that data record 206 against all of the reference files 204a-c, thereby generating a cleansed data record 210.”); 
matching the standard record (data record 206) to one or more keys(search keys 1-N) (McDill: column 14 line 4-101, fig. 6 “the matcher-1 208a accesses the multiple selected keys 602, such as those examples above (search key-1 602a, search key-2 602b, and search key-N 602c) sequentially one at a time to find data records in the reference file-1 204a.”); and 
generating a list of candidates (candidate data record list)  by comparing the one or more keys to a plurality of golden records matching unique individuals (McDill: column 14 line 20-25, “Once the candidate data record list is generated by processing all of the multiple search keys 602, the matcher-1 208a goes through the data records of the candidate data record list to find a good single matching data record that matches the current data record 206 from the input file 202 that is being processed”).
Therefore, it would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of McDill into the modified teaching of Bhansali to include the individualization process of processing, matching and  generating because it will provide a secure reporting of data usage and improve the performance of the process (McDill: column 62 line 65-67).
Regarding claim 2, Bhansali in view of  Avetisov and further in view of McDill teaches the independent claim 1. Bhansali additionally teaches wherein the plurality of constituents includes at least one consumer constituent that comprises one of an individual associated with demographic information (Bhansali: Para [0078] “a repository 40 (see FIG. 2) in the OD server 300 can be populated with each client's 100 personal information (e.g., name, address, credit card data, etc.). With such configurations, a client 100 customer to a third-party site 200 online retailer can be authenticated”);
or an entity associated with a group of one or more individuals (Bhansali: Para[0113] “all the operations of method 800 may be performed by one or more devices of a single entity, while in other cases, different ones of the operations may be performed by different devices of different entities”).
Regarding claim 3, Bhansali in view of Avetisov  and further in view of McDill teaches the independent claim 2. Bhansali additionally teaches wherein the demographic information comprises one or more of a name of the consumer constituent (Bhansali: Para [0186] “an organization model may contain links to one or more user data models 2240 depending on the type of the organization (business or individual). The user data model 2240 may store authentication, authorization and identity information about the user such as the user's name, addresses, telephone numbers, date of birth, authentication templates (e.g. fingerprint template), public and private cryptographic keysets, and role information for a given application.”);
a date of birth of the consumer constituent (Para [0186], “date of birth,”); 
a gender of the consumer constituent (Para [0186]); 
an identifier for the consumer constituent (Para [0186], “authorization and identity information about the user such as the user's name, addresses, telephone numbers, date of birth, authentication templates (e.g. fingerprint template), public and private cryptographic keysets, and role information for a given application.”)
an address of the consumer constituent ((Para [0186], “addresses”); 
or a relationship of the consumer constituent with a consumer application (Para [0186]).
Regarding claim 4, Bhansali in view of Avetisov and further in view of McDill teaches the independent claim 1. Bhansali additionally teaches wherein registering an account for a constituent comprises: receiving credentials to associate with the account (Bhansali: Para [0068]figure 2 “providing the OD server 300 the personal identifying information (e.g., name, address, phone number, credit card data, etc.);
creating the account in an account directory (Bhansali: Para[0068] “the OD server 300 compiles a library or database of the different clients' 100 public keys and personal identifying information”); 
providing one or more vetting questions to a client device (Bhansali: Para [0068] For added security, the OD server 300 may send the client 100 a secret test identifier to be encrypted by the client using his private key and then sent back to the server, whereupon the identifier is decrypted by the server using the public key it received from the client; 
receiving a vetting response provided by the constituent from the client device (Bhansali: Para [0068] “then sent back to the server, whereupon the identifier is decrypted by the server using the public key it received from the client”); 
transmitting a request to an identity management application programming interface (API) deployed on the API gateway to verify the vetting response (Bhansali: Para [0144] “calls the server through REST APIs to get information about the user who is trying to enroll or be verified.”); 
receiving a response from the identity management API deployed on the API gateway that verifies the vetting response (Bhansali: Para [0144] “The server consults its database 1615 and returns this user information back to the OmniDefend Login or Enrollment page 1610 as shown in step 2. This information could also be in the form of a challenge that needs to be signed or verified.”); and 
registering the account in an account directory as a vetted account (Para [0144).
Regarding claim 5, Bhansali in view of Avetisov and further in view of McDill teaches the dependent claim 4. Bhansali additionally teaches responsive to authentication of the client device based on the credentials: wherein the account management application is further configured to: transmit a user session token associated with a corresponding account to a first consumer application (Bhansali: Para [0154] figure 18A“the login flow is initiated between the client software 1810 and the OD CVS server 1820. At point 2, login is initiated between the OD CVS server 1820 and the OD IAAM server 1830. At point 3, the OD IAAM server 1830 returns the user token and id (for the user who is logging in) to the OD CVS server 1820.”); and 
Avetisov teaches wherein the identity management application is further configured to: receive, via the API gateway, a request for the one or more local identifiers associated with the account corresponding to the user session token, authenticate information included in the session token, and transmit the one or more local identifiers to the first consumer application (Avetisove: Para[011], “UID Records 151 may be created by the authorization server 155 when a given user elects to use an authentication application for user authentication to access assets of the relying party. Alternatively, UID Records 151 may be created by the authentication server 155 upon request by a relying party. The request may include user provided account information for generation of a UID Record.”).
Regarding claim 6, Bhansali in view of Avetisov further in view of McDill teaches the dependent claim 4. Bhansali additionally teaches wherein the first consumer application forwards the user session token to a second consumer application in response to a connection established between the client device and the second consumer application during the duration of a user session associated with the user session token (Bhansali: Para [0154] fig 15 “the OD IAAM server 1830 returns the user token and id (for the user who is logging in) to the OD CVS server 1820. At point 4, the OD CVS server makes an entry in an event log and returns the token to the calling software (client software 1810”).
Regarding claim 8, Bhansali in view of  Avetisov and further in view of McDill further in view of McDill teaches the independent claim 1.  McDill teaches wherein the at least some attributes include demographic information (McDill: column 9 line 39-46, “a complete database containing contact and identification information on both persons and businesses, e.g., name, address, telephone number(s), social security number, date-of-birth, etc., as well as, application specific information contained in a new-data database, e.g., marketing demographics, account information, tax information, consumer information, etc. (reference files).”), and 
wherein performing individualization further comprises: matching the standard record to the one or more keys by comparing the demographic information in the standard record to demographic information associated with the one or more keys (McDill: column 23 line 59-66 “In one embodiment, the demographic file 1104 used by the matcher-1 208a preferably contains historic COA information, e.g., a COA reference file. Also as described above, the process 1100 may use multiple matchers 208, e.g., matcher-2 208b, as well as additional demographic files, e.g., demographic file-2 1106. Thus, each matcher 208 appends new demographic values to the reference file 204, thereby generating an updated reference file data record 1112 which is written to an updated reference file 1114 on remote storage.”).
Regarding claim 10, Bhansali in view of Avetisov further in view of McDill teaches the independent claim 1. Avetisov teaches wherein mapping each account of the one or more accounts to the particular individual identifier and the one or more local identifiers comprises: retrieving, from a first table, the particular individual identifier based on an account identifier for the account (Avetisov: Para [0095],[0260] “In some embodiments, the smart contract may perform one or more API requests to other entities to retrieve some of the information described below for processing. For example, a request may specify storage locations of some information and the smart contract may be configured to retrieve that data, such as by a reference, like a cryptographic hash pointed to a prior authentication record or a user identity record. All or a subset of the information may also be provided in a request.”); and 
retrieving, from a second table, the one or more local identifiers based on the particular individual identifier (Avetisov: para[0095], “In some embodiments, when executed or processed, the retrieved data may cause the application 110 to automatically collect or transmit other identifying data corresponding to the user or client device 135 with the credentials 111. For example, the application 110 may collect or generate identifying data about the user-client device 135 combination in the form of cookie, log, token, or other data. In addition, or alternatively, the application 110 may collect identifying data about the user-client device combination, such as by querying the runtime environment on the client device. All or a subset of the above information may be transmitted to one or more of servers 145 or 155”). 
Regarding claim 13, Bhansali teaches a method for creating global identity contexts across different information technology (IT) systems, the method comprising (Bhansali: Para[0026],[0159], “techniques for cloud-based or on-premise identity authentication via communication networks, systems and methods providing strong identity authentication and access management for integration with web, client, and mobile apps, and techniques for one-click authentication”):
 registering, by a first server device, for each constituent in a plurality of constituents, one or more accounts for the constituent(Bhansali: Para [0068] fig. 2, OD server 300 “For the OD server 300 to provide the client 100 authentication, an enrollment procedure is carried out. In some configurations, a client 100 initiates enrollment by inputting his/her fingerprint into the local device 110 (e.g., fingerprint reader), which stores the print data locally with the client.”, “a website or application developer or administrator that seeks to add user authentication, authorization and identity management to an application or website, the ODW Management User Interface 1910 may be used to create an account and then create a definition profile for his 3rd party application/website”), 
performing, by a second server device, individualization to establish an individual identifier for each unique constituent based on one or more attributes (Bhansali: Para [0098-0099] “This configuration may entail the exchange of secret test and unique identifiers for identifying the user as described for other configurations disclosed herein. At point 1, a Website 200 (e.g. an online commercial vendor) requests data from a User/Client 100 (e.g., a customer's credit card number), using an HTML page 210 and browser 4115 of User/Client 100. At point 2, the Website 200 sends data to the OD server 300 (e.g., OD SecureData plugin 4332 tied to FIDO) to protect the information. At point 3.1, the Website 200 requests for the OD server 300 to create a new encrypted key pair and the Website 200 encrypts the data with the public key. At point 3.2, the key pair is stored in the OD server 300 (e.g., database 4340) under the user profile and associated with the specific website request (hence the illustrated format “user1 key site1/data1,” etc. of the stored key and associated data 4342”); and 
wherein the first server device and the second server device are communicatively coupled to an application programming interface (API) gateway via a network (Bhansali: para[007], [0158], fig. 20 “The system comprises a security database and a gateway. The security database is communicatively coupled to a client device via a client communication link to pass client data therebetween. The security database is communicatively coupled to the website via a website communication link to pass secure information therebetween. The client device is communicatively coupled to authentication hardware to receive client input from a client.”).
Bhansali does not explicitly teach wherein each account of the one or more accounts is associated with one or more local identifiers that identifies the constituent within a context of a particular service; mapping, by the second server device, each account of the one or more accounts to a particular individual identifier and the one or more local identifiers. 
In an analogous art, Avetisov teaches wherein each account of the one or more accounts is associated with one or more local identifier that identifies the constituent within a context of a particular service (Avetisov: para [0100-0111], “In some embodiments, a UID Record 151 for a particular user may be created for a particular relying party or used across multiple relying parties. For example, a given user may have a different UID Record 151 associated with the different relying parties utilizing the authentication system and which the user engages.”, “Information associated with a particular user in a UID Record 151 may include one or more user identifiers that user uses with a relying party, such as a username, email address, employee ID, etc. The user identifiers may also be representations of user identifies, such as cryptographic hashes of user identifiers, and the cryptographic hashing function may be specific to a given relying party.”); and 
mapping each account of the one or more accounts to a particular individual identifier and the one or more local identifiers (Bhansali: [0186- 0190], [0099-0100];[0200 -02005], “In some embodiments, a user may associate user accounts with a user identity established on a blockchain. For example, a user may associate one or more user accounts (e.g., UAC A 21, UAC B 31) with a Net ID 271 of the user established within a directed acyclic graph 205. For example, in block 22, a transaction record, Tx2, is shown to include user account A, UAC A 21, and a transaction record, Tx3, is shown to include user account B, UAC B 31. The respective transaction records may associate those user accounts with the Net ID 271. As such, those user accounts may be considered federated under the Net ID 271 based on the respective transaction records, all of which are examples of user identity records according to some embodiments.”). 
Therefore, it would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Avetisov into the system of  Bhansali to include wherein each account of the one or more accounts is associated with a local identifier that identifies the constituent within a context of a particular service; and map each account of the one or more accounts to a particular individual identifier and one or more local identifiers because it will improve the system by increasing security, offload authentication burden, and reducing storage of user specific data (Avetisov: para [0118]).
Bhansali in view of Avetisov does not explicitly teach wherein performing individualization comprises: receiving a transaction record from a system of record; processing the transaction record to generate a standard record that contains at least some attributes from the transaction record; matching the standard record to one or more keys; and generating a list of candidates by comparing the one or more keys to a plurality of golden records matching unique individuals. 
However in an analogous art, McDill teaches wherein performing individualization comprises: receiving a transaction record(input file 202) from a system of record (McDill: fig. 2. Column 10 line 1-6“an input file 202 may contain millions of data records 206. Also, in the preferred embodiment, the input file 202 is contained on a remote storage device, e.g., optical disk.”); 
processing the transaction record to generate a standard record (data record 206)  that contains at least some attributes from the transaction record (McDill: column 10 line 29-34“Once an input file 202 and one or more reference files 204a-c are selected, and the search key 214 computed, the method 202 repeatedly reads, or retrieves, a data record 206 from the input file 202 and processes that data record 206 against all of the reference files 204a-c, thereby generating a cleansed data record 210.”); 
matching the standard record (data record 206) to one or more keys(search keys 1-N) (McDill: column 14 line 4-101, fig. 6 “the matcher-1 208a accesses the multiple selected keys 602, such as those examples above (search key-1 602a, search key-2 602b, and search key-N 602c) sequentially one at a time to find data records in the reference file-1 204a.”); and 
generating a list of candidates (candidate data record list)  by comparing the one or more keys to a plurality of golden records matching unique individuals (McDill: column 14 line 20-25, “Once the candidate data record list is generated by processing all of the multiple search keys 602, the matcher-1 208a goes through the data records of the candidate data record list to find a good single matching data record that matches the current data record 206 from the input file 202 that is being processed”).
Therefore, it would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of McDill into the modified teaching of Bhansali to include the individualization process of processing, matching and  generating because it will provide a secure reporting of data usage and improve the performance of the process (McDill: column 62 line 65-67).
Regarding claim 14, claim 14 is rejected under the same rational as claim 4.
Regarding claim 16, claim 16 is rejected under the same rational as claim 8.
Regarding claim 17, claim 17 is rejected under the same rational as claim 10.
Regarding claim 18, A non-transitory computer-readable medium storing instructions that (Bhansali: para [0267], “items such as applications, modules, components, etc., may be implemented as software constructs stored in a machine accessible storage medium, such as an optical disk, a hard disk drive, etc., and those constructs may take the form of applications, programs, subroutines, instructions, or any other suitable form of control logic; such items may also be implemented as firmware or hardware, or as any combination of software, firmware and hardware.”), when executed by a processor, cause the processor to create global identity contexts across different information technology (IT) systems by performing steps comprising (Bhansali: Para[0026],[0159], “techniques for cloud-based or on-premise identity authentication via communication networks, systems and methods providing strong identity authentication and access management for integration with web, client, and mobile apps, and techniques for one-click authentication”): 
registering, for each constituent in a plurality of constituents, one or more accounts for the constituent(Bhansali: Para [0068] fig. 2, OD server 300 “For the OD server 300 to provide the client 100 authentication, an enrollment procedure is carried out. In some configurations, a client 100 initiates enrollment by inputting his/her fingerprint into the local device 110 (e.g., fingerprint reader), which stores the print data locally with the client.”, “a website or application developer or administrator that seeks to add user authentication, authorization and identity management to an application or website, the ODW Management User Interface 1910 may be used to create an account and then create a definition profile for his 3rd party application/website”), 
performing individualization to establish an individual identifier for each unique constituent based on one or more attributes(Bhansali: Para [0098-0099] “This configuration may entail the exchange of secret test and unique identifiers for identifying the user as described for other configurations disclosed herein. At point 1, a Website 200 (e.g. an online commercial vendor) requests data from a User/Client 100 (e.g., a customer's credit card number), using an HTML page 210 and browser 4115 of User/Client 100. At point 2, the Website 200 sends data to the OD server 300 (e.g., OD SecureData plugin 4332 tied to FIDO) to protect the information. At point 3.1, the Website 200 requests for the OD server 300 to create a new encrypted key pair and the Website 200 encrypts the data with the public key. At point 3.2, the key pair is stored in the OD server 300 (e.g., database 4340) under the user profile and associated with the specific website request (hence the illustrated format “user1 key site1/data1,” etc. of the stored key and associated data 4342”); and
wherein each account of the one or more accounts is associated with one or more local identifiers that identifies the constituent within a context of a particular service (Bhansali: para[007], [0158], fig. 20 “The system comprises a security database and a gateway. The security database is communicatively coupled to a client device via a client communication link to pass client data therebetween. The security database is communicatively coupled to the website via a website communication link to pass secure information therebetween. The client device is communicatively coupled to authentication hardware to receive client input from a client.”).
Bhansali does not explicitly teach wherein each account of the one or more accounts is associated with one or more local identifiers that identifies the constituent within a context of a particular service; mapping, by the second server device, each account of the one or more accounts to a particular individual identifier and the one or more local identifiers. 
In an analogous art, Avetisov teaches wherein each account of the one or more accounts is associated with one or more local identifier that identifies the constituent within a context of a particular service (Avetisov: para [0100-0111], “In some embodiments, a UID Record 151 for a particular user may be created for a particular relying party or used across multiple relying parties. For example, a given user may have a different UID Record 151 associated with the different relying parties utilizing the authentication system and which the user engages.”, “Information associated with a particular user in a UID Record 151 may include one or more user identifiers that user uses with a relying party, such as a username, email address, employee ID, etc. The user identifiers may also be representations of user identifies, such as cryptographic hashes of user identifiers, and the cryptographic hashing function may be specific to a given relying party.”); and 
mapping each account of the one or more accounts to a particular individual identifier and the one or more local identifiers (Bhansali: [0186- 0190], [0099-0100];[0200 -02005], “In some embodiments, a user may associate user accounts with a user identity established on a blockchain. For example, a user may associate one or more user accounts (e.g., UAC A 21, UAC B 31) with a Net ID 271 of the user established within a directed acyclic graph 205. For example, in block 22, a transaction record, Tx2, is shown to include user account A, UAC A 21, and a transaction record, Tx3, is shown to include user account B, UAC B 31. The respective transaction records may associate those user accounts with the Net ID 271. As such, those user accounts may be considered federated under the Net ID 271 based on the respective transaction records, all of which are examples of user identity records according to some embodiments.”). 
Therefore, it would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Avetisov into the system of  Bhansali to include wherein each account of the one or more accounts is associated with a local identifier that identifies the constituent within a context of a particular service; and map each account of the one or more accounts to a particular individual identifier and one or more local identifiers because it will improve the system by increasing security, offload authentication burden, and reducing storage of user specific data (Avetisov: para [0118]).
Bhansali in view of Avetisov does not explicitly teach wherein performing individualization comprises: receiving a transaction record from a system of record; processing the transaction record to generate a standard record that contains at least some attributes from the transaction record; matching the standard record to one or more keys; and generating a list of candidates by comparing the one or more keys to a plurality of golden records matching unique individuals. 
However in an analogous art, McDill teaches wherein performing individualization comprises: receiving a transaction record(input file 202) from a system of record (McDill: fig. 2. Column 10 line 1-6“an input file 202 may contain millions of data records 206. Also, in the preferred embodiment, the input file 202 is contained on a remote storage device, e.g., optical disk.”); 
processing the transaction record to generate a standard record (data record 206)  that contains at least some attributes from the transaction record (McDill: column 10 line 29-34“Once an input file 202 and one or more reference files 204a-c are selected, and the search key 214 computed, the method 202 repeatedly reads, or retrieves, a data record 206 from the input file 202 and processes that data record 206 against all of the reference files 204a-c, thereby generating a cleansed data record 210.”); 
matching the standard record (data record 206) to one or more keys(search keys 1-N) (McDill: column 14 line 4-101, fig. 6 “the matcher-1 208a accesses the multiple selected keys 602, such as those examples above (search key-1 602a, search key-2 602b, and search key-N 602c) sequentially one at a time to find data records in the reference file-1 204a.”); and 
generating a list of candidates (candidate data record list)  by comparing the one or more keys to a plurality of golden records matching unique individuals (McDill: column 14 line 20-25, “Once the candidate data record list is generated by processing all of the multiple search keys 602, the matcher-1 208a goes through the data records of the candidate data record list to find a good single matching data record that matches the current data record 206 from the input file 202 that is being processed”).
Therefore, it would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of McDill into the modified teaching of Bhansali to include the individualization process of processing, matching and  generating because it will provide a secure reporting of data usage and improve the performance of the process (McDill: column 62 line 65-67).
Regarding claim 19, claim 19 is rejected under the same rational as claim 4. 
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Bhansali et al. (U.S. Application 20180337907 A1; Hereinafter “Bhansali”) in view of Avetisov et al. (U.S. Application 20200067907A1; Hereinafter “Avetisov”), in view of McDill et al (U.S. 8682866 B1; Hereinafter “McDill”), and further in view of Manning et al. (U.S. Application 20190079937 A1; Hereinafter “Manning”).	
Regarding claim 9, Bhansali in view of  Avetisov and further in view of McDill teaches the independent claim 1.  
Bhansali in view of  Avetisov and further in view of McDill does not explicitly teach Manning teaches wherein performing individualization further comprises: generating a score for each candidate in the list of candidates based on a heuristic algorithm.
However in an analogous art, Manning teaches wherein performing individualization further comprises: generating a score for each candidate in the list of candidates based on a heuristic algorithm (Manning: para [0170] “Illustratively, any graph clustering or community detection algorithm may be used to identify clusters without departing from the scope of the present disclosure”); and 
removing candidates with having score below a threshold value from the list of candidates (Para [0174] “These records may be analyzed as described above to produce the candidate name “J,” which may be discarded as unviable. Candidate names may be considered unviable if, for example, the length of the name falls below a threshold, or if the candidate name fails to meet other specified criteria.”).
Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Bhansali et al. (U.S. Application 20180337907 A1; Hereinafter “Bhansali”) in view of Avetisov et al. (U.S. Application 20200067907A1; Hereinafter “Avetisov”), in view of McDill et al (U.S. 8682866 B1; Hereinafter “McDill”), and further in view of Sallaka et al. (U.S. Application 20110197254 A1; Hereinafter “Sallaka”).
Regarding claim 11, Bhansali in view of  Avetisov and further in view of McDill teaches the system of claim 1. 
Bhansali in view of  Avetisov and further in view of McDill does not explicitly teach wherein each constituent is associated with one or more identities based on a relationship, and wherein the one or more identities can include: a consumer identity; an employee identity; a provider identity; or a broker identity.
In an analogous art, Sallaka teaches wherein each constituent is associated with one or more identities based on a relationship, and wherein the one or more identities can include: a consumer identity; an employee identity; a provider identity; or a broker identity (Para [0048] “In operation, the policy logic 44 may reference identity information, such as roles associated with a particular user context, e.g., manager, executive, partner, customer, and so on, for a particular resource. Para [0030] “to users of the system 10, i.e., computing environment. Users of the system 10 may include human resources managers, newly hired employees, corporate partners, suppliers, contractors, customers, and so on.”)
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of invention was effectively filed to combine the teaching of Sallaka into the modified method of Bhansali to include wherein each constituent is associated with one or more identities based on a relationship, and wherein the one or more identities can include: a consumer identity; an employee identity; a provider identity; or a broker identity because it will improve overall efficiency of the system (Sallaka et al. para [0076]).
Regarding claim 12, Bhansali in view of  Avetisov, in view of McDill, and further in view of Sallaka teaches the dependent claim 11. Sallaka teaches wherein each identity of a constituent is associated with one or more accounts based on a vetting process, and wherein the one or more identities associated with the constituent comprise a global identity context for the constituent (Sallaka: para [0050] “a newly hired human resources manager may be allocated one or more roles that specify that the manager should have access to HCM software. The policy logic 44 may then determine what if any permissions must be obtained before a given resource can be allocated to the newly hired manager.”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 US 8572681 B2, Methods And Systems For Identity Verification.
US 9824199 B2, Multi-factor Profile And Security Fingerprint Analysis. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/L.L.N./Examiner, Art Unit 2437  
/KRISTINE L KINCAID/            Supervisory Patent Examiner, Art Unit 2437