DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	The amendment filed August 09 2022 has been entered. Applicant amended claims 1, 3, 4, and 7-10. Applicant cancelled claims 2, 11, and 13-15. Accordingly, claims 1, 3-10 and 12 remain pending.
	Applicant’s amendment to the abstract and specification overcomes the abstract and specification objections of May 19 2022. Therefore, the abstract and specification objections of May 19 2022 are withdrawn.
	Applicant’s amendment to the claims overcomes the 35 USC 112(b) rejection of May 19 2022; therefore, the 35 USC 112(b) rejection of May 19 2022 is withdrawn.


Response to Arguments
Applicant's arguments filed August 09 2022 with regards to Avetisov and Swerdlow references have been fully considered but they are not persuasive.
On page 13, Applicant alleges “[i]n direct contrast to Avetisov, Applicant’s invention discloses a system serving metadata and authorization of personas that is configurated to support specific tool signatures by consumer credential provider…Avetisov fails to disclose a system for simplifying and controlling digital participation of a plurality of personas.” The examiner respectfully disagrees. It is understood that credential provider collects/obtains user’s credentials for authentication. Personas is understood to be archetypical user(s) of systems, or type of consumers that interact with the system, such as user(s) accounts. Applying the broadest reasonable interpretation, Avetisov teaches a system and process of providing consumer/user authentications to web services (abstract), where the system controls/provides a single-sign on (thus simplifying digital participation) to a plurality of services or online applications (paragraphs 9 and 165). Thus, Avetisov teaches simplifying /controlling digital participation of a plurality of personas( via providing a single-sign to a plurality of online applications/services). Furthermore, Avetisov system provides metadata and authorization of personas configured  to support tool signatures by a CCV. In paragraph 115, Avetisov describes a relying party that consists of a UID repository  which stores information about consumers/users and clients. The UID repository of the relaying party includes identifying tokens (these identifying tokens per paragraph 219 may include tokenMetadata), identifying information, and credentials/authorizations data of customers/users. Thus, the relying party functions as a CCV since there is a collection of user credentials for authentication. Paragraphs 59-60 of Avetisov provides background of the user/consumer credentials which include cryptographic signed data that the relying party obtain for authentication methods; therefore, the relying party supports these tool signatures of the consumer(s). Furthermore, Swerdlow was relied upon to further teach simplifying and controlling digital participation of a plurality of personas (paragraphs 35-37).

On page 13, Applicant further alleges, “[i]n contrast [to Avetisov], Applicant’s invention discloses a system controlling provider resources and credential metadata by a repository authorization section, wherein the credential metadata is controlled by registering and validating providers configured to support the delegation information of the acquired resources including appropriate persona.” The examiner respectfully disagrees. Applying the broadest reasonable interpretation, paragraph 118 of Avetisov discloses that the relying party controls provider resources and controls/regulate credential metadata by performing verification tasks to user/consumer credentials to determine whether user has access to a provider’s  asset/resource. Paragraphs 119-125 provide further details of the relying party interaction with the authorization server. This authorization server has access to authorization repository. Thus, Avetisov teaches a system for controlling provider resources and credential metadata by a repository authorization section.
Paragraph 150 of Avetisov provides details of the web-service providers. The authentication server establishes one or more certificates with a web-service provider or service provider and provides an identity service trusted by the web-service provider. When a certificate is established, a private key and a self-signed certificate is generated. Therefore, the authorization server is registering certificate data and validating certificate data of/ for the web-service providers. Paragraph 180 reveals that the authentication server stores data for authentication operations in an authorization repository which includes UID records that has information associated with a particular user and the devices associated with the user. The UID record has records that indicates one or more web-services to which the user is permitted to access. Thus, Avetisov teaches controlling access to web-service provider resources and credential metadata is controlled/established via the authentication server which support the delegation of information via the relying party for the acquired assets/resources including appropriate personas.

On page 14, Applicant alleges, “[i]n contrast [to Avetisov], Applicant’s invention discloses a system supporting single sign-on or consolidated authorization concept where an individual persona links other persona under a single management persona leveraging repository management section.” The examiner respectfully disagrees. Avetisov teaches a single sign-on concept via the teachings of logging into a network domain which provides users to access multiple services. The single sign-on by a user links and provides access to other personas/services, and this is performed under a single management persona leveraging repository management section (reference numbers 145/165) shown in Figure 1B and paragraphs 9 and 165.

On page 14,  Applicant alleges, “[i]n contrast [to Avetisov], Applicant’s invention discloses a system verifying metadata for consumers by integrating with the CCV and a controller by a user interface.” This examiner respectfully disagrees. The examiner must construe claims terms in the broadest reasonable manner. Integrate is understood to amalgamate/combine/unite/join.   Avetisov system provides metadata and authorization of personas configured  to support tool signatures by CCV. In paragraph 115, Avetisov describes a relying party that consists of a UID repository  which stores information about consumers/users and clients. The UID repository of the relaying party includes identifying tokens (these identifying tokens per paragraph 219 may include tokenMetadata), identifying information, and credentials/authorizations data of customers/users. Thus, the relying party functions as a CCV since there is a collection of user credentials for authentication. Paragraphs 59-60 of Avetisov provides background of the user/consumer credentials which include cryptographic signed data that the relying party obtain for authentication methods; therefore, the relying party supports these tool signatures of the consumer(s). Paragraph 118 of Avetisov discloses that the relying party controls provider resources and controls/regulates credential metadata by performing verification tasks to user/consumer credentials to determine whether user has access to a provider’s  asset/resource. Figure 1B of Avetisov shows that the relying party is connected/linked with the mobile device. This mobile device, which has a user interface, is integrated with/joined with/ is connected to the CCV and controller over a network.  

Furthermore, on pages 14-15, Applicant alleges, “[i]n contrast [to Avetisov], Applicant’s invention discloses a system accepting controller credentials based on a registered context object by an adapter, wherein the adapter is coupled with the controller.” The examiner respectfully disagrees. An adapter is understood to be a device/server that receives data from a device or system. As stated above and shown in Figure 1B, Avetisov teaches the relying party server, which is the adapter, accepts credentials from a user via a user device. This user device has a controller . The relying party server is wirelessly/electrically coupled with the controller of the mobile device via the network. 

On page 15, Applicant alleges, “[i]n contrast [to Avetisov], Applicant’s invention discloses a system coordinating all event triggering of tools and configured through registration and acquisition by the controller.” The examiner respectfully disagrees. It is understood, that a controller is a hardware device or a software program that manages the flow of data between two entities. The mobile device 101 of the user (shown in Figure 1B of Avetisov) has a processor/controller. The relying party server 145 and the authorization sever 155 in Figure 1B also consists of servers which includes computers and thus controllers. Paragraphs 126-131 of Avetisov describes authorization server coordinates/handle user’s registration. Base on the user’s registration, authorization server coordinates/provides/triggers access to the services/secure assets/resources to the user. This access to the service provider’s services/resources by the authorization server encompass all event triggering of tools, wherein the tools are the application/software/controller package of the authorization server that manages the user’s credentials and coordinates user’s access to services.    

On page 15, Applicant further alleges “[i]n contrast [to Avetisov], Applicant’s invention discloses a system  with CCV comprises two components that are an identity provider and persona credential metadata repository.” This is not persuasive. In paragraph 115, Avetisov describes a relying party (as well as the authentication server in paragraphs 126-127 ) that consists of a UID repository  which stores information about consumers/users and clients. The UID repository of the relaying party includes identifying tokens (these identifying tokens per paragraph 219 may include tokenMetadata) and identifying information and credentials/authorizations data of customers/users. Thus, the relying party/authentication server functions as a CCV since there is a collection of user credentials for authentication. The UID includes persona credential metadata and thus serves as a persona credential metadata repository. Paragraph 413 of Avetisov also reveal that the authentication server is an identity provider. Thus, Avetisov teaches the two components of CCV.

On pages 15-16, Applicant also alleges, “Avetisov fails to disclose a persona management that allows only personal personas to manage other personas and it allows an authorized persona to authenticate with their personal account and switch to other registered personas, permitting access on a tool/resource level.” This is not persuasive. Avetisov was not relied upon to teach this limitation. Swerdlow teaches in paragraph 37 personal management system that allows a personal user to manages and link/switch to their other personas, which permits access on a tool/resource level. 

On page 16, Applicant alleges, “Avetisov merely discloses an authentication server that publishes a smart contract...Applicant’s invention discloses a system publishing asset with supporting capabilities and policies of usage by publishing tool. The registering to use the assets is done by an acquisition.  The instant disclosure is an authorization space as oppose to Avetisov which is only in an authentication space”. This is not persuasive. Paragraph 203-204 and 211 of Avetisov describe published smart contracts, and paragraph 225 that the smart contract provides details on  a process which involves authentication of user based on stored records, process the request, retrieve information from UID record to a transaction record, and governs access to assets.  In addition to smart contact, Avetisov also describes the publishing/releasing/storage of policy(ies) which govern access to webservices/relying devices and access to encrypted data corresponding to credentials, see paragraph 12 and 372. Paragraph 372 further describes that the smart contract may be configured to publish a record and a policy governing access to the relying device. The smart contract provides details on issuing a session for verification or one or more records and rules of a policy that is associated with a record, such as a record of a registered user or mobile device, and verifying the device is authentic by the relying device according to the policy or an issued token. The steps of authentication to provide authorization to assets is shown in Figure 6 and paragraph 335-339 of Avetisov. Figure 7 and paragraphs 440-443 provide details on registering mobile device for authentication and authorization to use assets. According to paragraph 339, once the user credential is verified, the relying party(publishing tool) provides access to secure assets. Thus the user is authorized to have access to the secure access according to authentication. Thus, Avetisov teaches a system publishing asset with supporting capabilities and policies of usage by publishing tool. The registering involves receiving authentication to use assets, and to provide authorization to the assets.

On page 16, Applicant further alleges, “Avetisov merely discloses digital rights management techniques that have been implemented to protect native applications, software assets, and other media from unauthorized access where the DRM perform authentication checks that occur at time of access of an asset. The relying devices are associated with users to be tracked through UID record. In contrast, Applicant’s invention discloses a system configuring relationships and track assets by a consumer or enterprise administration tool.” Avetisov discloses and Applicant admits that Avetisov discloses digital rights management techniques that protect native applications, software assets, and other media from unauthorized access (paragraph 51). Thus, applying the broadest reasonable interpretation, this reads on tracking/protecting assets by an enterprise administration tool. Avetisov further teaches configuring security relationships by the enterprise management tool, in paragraph 51. In paragraph 51, Avetisov discloses digital rights management tool is implemented to protect/monitor software assets which , again include tracking assets by authentication checks that occur at time of access of an asset, and monitoring/configuring relationships between user credentials and the application/asset for access.

On pages 16-17, Applicant further alleges, “Avetisov merely discloses a decentralized computing architecture with single central authority leveraging position of power over the computing architecture. The UID records with specific permissions to restrict use of those relying devices of user or such that only registered devices may access secure assets. Yet, in contrast, Applicant’s invention discloses a system leveraging registered data to build the credential for the resource by a configured execution environment. The execution environment leverages the registered data based on the request received from the consumer.”  This is not persuasive, again, applying the broadest reasonable interpretation, Avetisov describes in paragraph 51 server tool that has digital rights management tool to protect assets/resources, and support/leverage registered user data by building/collecting and storing user credential to access resources based on user attempt/request to access an application. 

On page 17, Applicant  alleges, “[i]n contrast, Applicant’s invention discloses a publication tool which is defined with a tool signature having the details including attribute name, domain specific attributes, category of the asset, and classification of the asset”. Please see paragraph 96 of Avetisov which provide details on registration of the user via the  server’s authentication application. The server is the publication tool that stores the user credential in the UID database. The server’s authentication application, which is the tool signature establishes identifying information about the user, which includes one or more keys, a digital signature of data based on the key, credential information, and policy information. Paragraph 116 of Avetisov further provides details of the credential information that the server which has the tool signature maintains/collects which the digital signature is based on. This credential information  include user identifier, email which is domain specific attribute, username which is attribute name, and other identifying information about the user, device information include device identifier, MAC address, IMEI number, application version which is classification of the assert/category of the asset, and operating system version and type.

On page 17, Applicant further alleges, “Applicant’s invention discloses  an acquisition tool that is configured to assign a correct persona selected from a list of defined personas for the asset. The consumer or enterprise administration tool determines an authorized asset and possible persona and sets one or more parameters of the authorization.” This is not persuasive, paragraph 131 of Avetisov reveal that an administrator of the relying party, the acquisition tool, may register the client device with specific permissions to access secure assets. Thus, this teaches on an enterprise administration tool that determines an authorized asset and possible persona/client device , and sets one or more restrictions authorization of the client device to the assets. This the administration tool of Avetisov teaches that the administrator assign correct personas/client device for the asset. Paragraph 130 provides details of the administrator selecting which users/client devices have access to the assets/resources., thus selection from a list of defined users/personas for the asset is established.

On pages 17-18, Applicant also alleges, “[t[]here is nothing in Swerdlow that remedies the aforementioned deficiencies found in Avetisov…Swerdlow fails to disclose a system that serves a consume credential provider, in which metadata and authorization of the personas are configured to support specific tool signatures…”. This is not, persuasive, Avetisov was relied upon to teach the limitations presented in the argument. Please see paragraphs above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).


On page 18, Applicant alleges, “Swerdlow fails to disclose a system controlling a repository delegated authorizations section provider resources and credential metadata given to a consumer by an administrator, wherein the delegated authorizations are authorization given to the persona by another persona and supporting a repository persona management section, or a single sign-on concept.” This is not, persuasive, Avetisov was relied upon to teach the limitations presented in the argument. Please see paragraphs above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On page 18, Applicant alleges, “Swerdlow fails to disclose….where an individual persona links other persona under a single management persona.” This is not persuasive, paragraphs 35-37 of Swerdlow discloses a user account that links and manages multiple personas under a single management account. 

On page 18, Applicant alleges, “Swerdlow fails to disclose a system, which includes an adapter, and controller credentials based on registered context object, wherein the adapter is coupled with the controller….Swerdlow further fails to disclose CCV which comprises two components including an identity provider and a personal credential metadata repository.” This is not, persuasive, Avetisov was relied upon to teach the limitations presented in the argument. Please see paragraphs above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On page 19, Applicant alleges, “Swerdlow fails to disclose a persona authorization comprising metadata to support specific tool signatures and the delegated authorization comprising metadata to support specific tool signatures and capabilities on other personas resources.” This is not, persuasive, Avetisov was relied upon to teach the limitations presented in the argument. Please see paragraphs above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On page 19, Applicant alleges, “Swerdlow fails to disclose the system publishing assets with supporting capabilities and policies of usage by a publishing tool, registering to use the assets by an acquisition tool….” This is not, persuasive, Avetisov was relied upon to teach the limitations presented in the argument. Please see paragraphs above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On pages 19-20, Applicant alleges, “Swerdlow fails to disclose a publication tool which is defined with a tool signature having details including attribute name, domain specific attributes, category of the asset, and classification of the assets….In contrast, Applicant’s invention discloses an acquisition tool that is configured to assign a correct persona selected from a list of defined personas for the asset” This is not, persuasive, Avetisov was relied upon to teach the limitations presented in the argument. Please see paragraphs above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On pages 20-22, Applicant further alleges, “[t]he proposed combination of the cited prior art reference, combination of Avetisov and Swerdlow, would change the principle of operation of the invention being modified…No combination of these two prior references renders the instant claims obvious” This is not persuasive, for the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, paragraph 29 of Swerdlow provide the motivation of management of persona accounts.

On page 25, Applicant alleges, “…the combination of Avetisov and Swerdlow does not render the instant claims as obvious, as the combination fails to support any of these rationales.” This is not persuasive, for the examiner’s presented reasons as to the teachings of the limitations disclosed by Avetisov and Swerdlow, presented in the above paragraphs.  Furthermore,  the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).

On page 25, Applicant also alleges, “[a] PHOSITA would not have recognized that the results of the combination were predictable, and indeed there would have been no reasonable expectation of success to arrive at the present invention by combining the teachings of Avetisov… and Swerdlow….Applicants respectfully point out that a prior art reference must be considered in its entirety…” Again, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In addition, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).

On page 25-26, Applicant alleges, “[Avetisov] does not teach or suggest in any way the invention as presently claims, which explicitly requires, for example a system for simplifying and controlling digital participation of a plurality of personas….” This is not persuasive. Please see examiner’s remarks in the preceding paragraphs which discusses why Avetisov in view of Swerdlow teaches the limitations recited in the claims. 

On page 26, Applicant alleges, “… there is no teaching, suggestion, or motivation in Swerdlow or in the prior art that would have led one of ordinary skill to modify Avetisov’s profile management techniques with Swerdlow’s disclosure of persona management…Therefore, for at least this reason, Swerdlow cannot therefore compensate for the deficiencies in the teachings of Avetisov.” In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  Avetisov teaches a profile management application. Avetisov lacks the teaching in which the profile management application incorporates an individual persona/user account that is linked to other personas under a single management persona.  Swerdlow was relied upon to further teach the deficiencies of Avetisov’s profile management system, wherein the motivation is provided in paragraph 29, which permits the use and control of secure data. 

On page 26, Applicant alleges, “[i]t is impermissible to engage in a hindsight reconstruction of the claimed invention by using the applicant’s structure as a template  and selecting elements from references to fill in the gaps.” This is not persuasive, for the examiner must construe claims terms in the broadest reasonable manner. As discussed above and in this office action, Avetisov in view of Swerdlow teaches the Applicant’s claimed invention. In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).

On page 27, Applicant states, “[f]or the reasons stated above and amendment made to the claims, Applicant respectfully request withdrawal of the rejection of independent claims 1 and 10…” This is not persuasive, please see the examiner’s remarks above as to Avetisov in view of Swerdlow teaching the limitations recited in the claims. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-10, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Avetisov et al US 20210044976 (hereinafter Avetisov) in view of Swerdlow et al US 20140108371 (hereinafter Swerdlow).

As to claim 1, Avetisov teaches  system (Figure 12; abstract and paragraph 2 discuss management techniques of  leveraging mobile devices of users to authentication of web services), comprising:
 (a) a computing device (Figure 12, reference number 1000 “Computer System”) having a memory (Figure 12, reference number 1020 “System Memory”) and a processor (Figure 12, reference number 1010 “Processor”), wherein the computing device is in communication with a server via an executed service (Figure 12 and paragraph 479 disclose the computing system is in communication with network via network interface and paragraph 69 discloses the computing  system is in communication with a server via trusted execution environment) ; 
(b) a data store (Figure 12, reference number 1110) in communication with the server (paragraph 69 discloses the computing  system is in communication with a server via trusted execution environment) configured to store one or more configurations executable by the processor (paragraph 471 disclose the processor), wherein the processor executes the configurations to perform an operation (paragraph 471 disclose the processor executes program instructions) comprising: 
serving, by a consumer credential provider (CCV) , metadata and authorization of the personas configured to support specific tool signatures (Paragraph 115 describes a relying party that consists of a UID repository  which stores information about consumers/users and clients. The UID repository of the relaying party includes identifying tokens (these identifying tokens per paragraph 219 may include tokenMetadata), identifying information, and credentials/authorizations data of customers/users. Thus, the relying party functions as a CCV since there is a collection of user credentials for authentication. Paragraphs 59-60 of Avetisov provides background of the user/consumer credentials which include cryptographic signed data that the relying party obtain for authentication methods; therefore, the relying party supports these tool signatures of the consumer(s)), wherein the CCV comprises two components including an identity provider features and a persona credential metadata repository(Avetisov: paragraph 115 discloses the relying party, the CCV, includes a user identification repository, user identifiers, and identifying information of clients.  In paragraph 115, Avetisov describes a relying party (as well as the authentication server in paragraphs 126-127 ) that consists of a UID repository  which stores information about consumers/users and clients. The UID repository of the relaying party includes identifying tokens, identifying information, and credentials/authorizations data of customers/users. Thus, the relying party/authentication server functions as a CCV since there is a collection of user credentials for authentication. The UID includes persona credential metadata and thus serves as a persona credential metadata repository. Paragraph 413 of Avetisov also reveal that the authentication server is an identity provider. Thus, Avetisov teaches the two components of CCV), wherein the CCV is configured to perform the following operations: 
supporting, by a repository authentication section, consumer authentication fulfilling administrative authority (paragraph 115, the UID repository of the CCV, relying party, supports user/customer authentication credentials, and paragraph 89 discloses the credentials/authentication is based on/subjected to policies implemented by an authorization server which is the authorization authority); 
controlling, by a repository authorization section, provider resources and credential metadata (Paragraph 118 of Avetisov discloses that the relying party controls provider resources and controls/regulate credential metadata by performing verification tasks to user/consumer credentials to determine whether user has access to a provider’s  asset/resource. Paragraphs 119-125 provide further details of the relying party interaction with the authorization server. This authorization server has access to authorization repository. Thus, Avetisov teaches a system for controlling provider resources and credential metadata by a repository authorization section), wherein the credential metadata is controlled by registering and validating providers configured to support delegation information for an acquired resource including appropriate persona (paragraph 150 discloses authentication server establishes certificates  with a web-service provider, these established certificates entails registering and verifying providers that support assets. Paragraph 150 of Avetisov also provides details of the web-service providers. The authentication server establishes one or more certificates with a web-service provider or service provider and provides an identity service trusted by the web-service provider. When a certificate is established, a private key and a self-signed certificate is generated. Therefore, the authorization server is registering certificate data and validating certificate data of/ for the web-service providers. Paragraph 180 reveals that the authentication server stores data for authentication operations in an authorization repository which includes UID records that has information associated with a particular user and the devices associated with the user. The UID record has records that indicates one or more web-services to which the user is permitted to access. Thus, Avetisov teaches controlling access to web-service provider resources and credential metadata is controlled/established via the authentication server which support the delegation of information via the relying party for the acquired assets/resources including appropriate personas. Paragraph 180 discloses UID record that provide the acquired resources is establish for different providers and their respective persona, which may be an employer, providers of software services, or financial institutions); 
controlling, by a repository authorizations section, provider resources and credential metadata given to a consumer by an administrator configured to support sub-delegation information for acquired resources including appropriate persona (paragraphs 125-126 disclose an authorization repository that controls providers UID records and resources/assets provided to users. UID records is created by the authorization server or relaying party administrator when a given user elects to use an authentication application for user authentication to access provider asset/resource information. The relying party administrator may also provide or create specified account information for the consumer/user/employee. See also paragraph 117) ; 
controlling, by a repository delegated authorizations section, provider resources and credential metadata given to a consumer by an administrator (paragraphs 117 and 126 disclose the relying party server and authorization server creates and controls the UID Record that contains the credential data and provider online resources, wherein the online resources is accessed by the user/consumer. The relying party administrator may also provide or create specified account information for the consumer/user/employee), wherein the repository delegated authorizations section are authorization credential given to the persona by another persona (paragraph 123 discloses the authentication server perform operations to authenticate users and provides authentication results that  include whether a user is authenticated. The authentication results may be used by other parties); 
supporting, by a repository persona management section, a single sign-on concept (paragraph 137 and claim 21 disclose a single sign on operation that provides access to a plurality of services; this single sign on operation is supported by authenticator, which may be repository persona management section, see also paragraph 171. Thus, Avetisov teaches a single sign-on concept via the teachings of logging into a network domain which provides users to access multiple services. The single sign-on of a user links and provides access to other personas/services, and this is performed under a single management persona leveraging repository management section (reference numbers 145/165) shown in Figure 1B and paragraphs 9 and 165)  ;
verifying, by a user interface (UI), metadata for consumers   by integrating with the CCV and a controller (paragraphs 96 and 134 disclose that verification is established via a mobile device that has a user interface. The user interface is used to initiate login process by which users authenticate to access resources, Figure 1A shows the processor of the mobile device is integrated/coupled with the relying party, the CCV,  via a network. As stated above, the relying party functions as a CCV since there is a collection of user credentials for authentication. Paragraph 118 of Avetisov discloses that the relying party controls provider resources and controls/regulate credential metadata by performing verification tasks of user/consumer credentials to determine whether user has access to a provider’s  asset/resource. Figure 1B of Avetisov shows that the relying party is connected/linked with the mobile device. This mobile device, which has a user interface, is integrated with/joined with/ is connected to the CCV and controller over a network); 
accepting, by an adapter, controller credentials based on a registered context object, wherein the adapter is coupled with the controller (Figures 1A and 12 and paragraph 470 disclose the computing device of Figure 12 which can be the mobile device in Figure 1A  includes a network adapter that provides connection of the computer device with the network, the network adapter is thus coupled with the controller, microcontroller/processor, paragraph 69 discloses the computing devices in Figure 1A include the elements referenced to Figure 12; the adapter accepts credentials based on registered user data from the mobile device credentials 116 or the client device credentials received by the server 155, see paragraph 110. In addition, an adapter is understood to be a device/server that receives data from a device or system. As stated above and shown in Figure 1B, Avetisov teaches the relying party server, which is the adapter, accepts credentials from a user via a user device. This user device has a controller . The relying party server is wirelessly/electrically coupled with the controller of the mobile device via the network), and
 coordinating, by the controller, all event triggering of tools and configured through registration and acquisition (paragraphs 110-111, once successful log-in/registration has been verified, the application 110 may transmit data corresponding to the credentials input by the user. The coordinated method of transmitting the received credentials to the server  such that the application accesses online resources/secure assets is the coordination of all event triggering of tools. The mobile device 101 of the user (shown in Figure 1B of Avetisov) has a processor/controller. The relying party server 145 and the authorization sever 155 in Figure 1B also consists of servers which includes computers and thus controllers. Paragraphs 126-131 of Avetisov describes authorization server coordinates/handle user’s registration. Base on the user’s registration, authorization server coordinates/provides/triggers access to the services/secure assets/resources to the user. This access to the service provider’s services by the authorization server encompass all event triggering of tools, wherein the tools are the application/software/controller package of the authorization server that manages the user’s credentials and coordinates user’s access to services).
Avetisov does not teach a system for simplifying and controlling digital participation of a plurality of personas wherein an individual persona links other persona under a single management persona.
Swerdlow teaches a system for simplifying and controlling digital participation of a plurality of personas (Figures 1 and 3 discloses a persona management system that simplifies and controls a plurality of personas) wherein an individual persona links other persona under a single management persona (paragraph 35 discloses user’s identity account 101 links and manages multiple personas under a single management account; paragraph 37 discloses details on a persona management system where a user interface include details of user identity account persona that links other personas under the persona management account).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Avetisov’s system with Swerdlow’s teaching of a single management persona to simplify management of persona accounts and allows the user to use and securely control existing data (paragraph 29 of Swerdlow). 
As to claim 3, the combination of Avetisov in view of Swerdlow teach wherein the CCV further comprises one or more features including a persona identity, a persona authorization, a delegated authorization, cross persona delegation, and a persona management (Avetisov: paragraph 115 discloses relying party includes credentials associated with users and clients, identifying tokens of user, and user identifiers). 

As to claim 4, the combination of Avetisov in view of Swerdlow teach wherein the persona identity comprises the metadata for the persona configured to serve IdP functionality (Avetisov: paragraph 115 discloses the user/persona identity data comprises identifying tokens for users which per paragraph 219 includes tokenMetadata; and paragraph 116  discloses the user identifier include information such as email and employeeID).

As to claim 5, the combination of Avetisov in view of Swerdlow teach wherein the persona authorization comprises the metadata to support specific tool signatures (Avetisov: paragraph 116 discloses persona credential comprises tokens or hashes to support submission of credentials, which can be tool signatures; paragraph 219 disclose tokens include tokenMetadata, paragraph 222 discloses hashes are used for verification of signatures).

As to claim 6, the combination of Avetisov in view of Swerdlow teach wherein the delegated authorization comprises the metadata to support specific tool signatures and capabilities on other personas resources (Avetisov: paragraphs 116 and 118 disclose the UID repository which contains the delegated authorization, may store credential information that support user and access to different assets, the access to different assets are capabilities on other personas resources that are delegated).

As to claim 7, the combination of Avetisov in view of Swerdlow teach wherein the persona management consolidated sign-on across personas (Avetisov :claim 21 discloses a single sign on to a plurality of services; Swerdlow: paragraphs 35 and 37 disclose a persona management system which allows a single sign on to user identity account and provide access to multiple personas).

As to claim 8, the combination of Avetisov in view of Swerdlow teach wherein the persona management allows only personal personas to unify other personas (Swerdlow: paragraph 37 discloses personal management system that allows a personal user to manages/unify their other personas by linking other persona accounts).

As to claim 9, the combination of Avetisov in view of Swerdlow teach wherein the persona management allows an authorized persona to authenticate with a personal persona and switch to other unified personas(Swerdlow: paragraphs 36-37 disclose a persona management system that allows for an authorized user to log-in/authenticate to his/her account and select/switch from the primary persona to a different registered persona).

As to claim 10, Avetisov teaches(Figure 12)  a system (abstract and paragraph 2 discuss management techniques of  leveraging mobile devices of users to authentication of web services), comprising a computing device(Figure 12, reference number 1000 “Computer System”) having a memory (Figure 12, reference number 1020 “System Memory”) and a processor(Figure 12, reference number 1010 “Processor”), wherein the computing device is in communication with a server via an executed service(Figure 12 and paragraph 479 disclose the computing system is in communication with network via network interface and paragraph 69 discloses the computing  system is in communication with a server via trusted execution environment), a datastore(Figure 12, reference number 1110) in communication with the server(paragraph 69 discloses the computing  system is in communication with a server via trusted execution environment) configured to store one or more configurations executable by the processor(paragraph 471 discloses a processor), wherein the processor executes the one or more configurations to perform an operation (paragraph 471 disclose the processor executes program instructions) comprising: 
publishing, by a publishing tool, assets with supporting capabilities and policies of usage (paragraph 201 discloses publishing a smart contract/policy by an authentication server, this smart contract includes details on a process that involves authentication of user based on records,  process request to store information from a UID record, per paragraph 225, policy governing access to a device/asset, per paragraph 372, access to webservices. In addition, paragraph 203-204 and 211 of Avetisov describe published smart contracts, and paragraph 225 reveal that the smart contract provides details on  a process which involves authentication of user based on stored records, a process of the request, a retrieval of information from UID record to a transaction record, and governs access to assets.  In addition to smart contact, Avetisov also describes the publishing/releasing/stores policy(ies) which govern access to webservices and/or relying devices and access to encrypted data corresponding to credentials, see paragraph 12 and 372. Paragraph 372 further describes that the smart contract may be configured to publish a record and a policy governing access to the relying device. The smart contract provides details on issuing a session for verification or one or more records and rules of a policy that is associated with a record, such as a record of a registered user or mobile device, and verifying the device is authentic by the relying device according to the policy or an issued token. The steps of authentication to provide authorization to assets is shown in Figure 6 and paragraph 335-339 of Avetisov. Figure 7 and paragraphs 440-443 provide details on registering mobile device for authentication and authorization to use assets. According to paragraph 339, once the user credential is verified, the relying party(publishing tool) provides access to secure assets. Thus the user is authorized to have access to the secure access according to authentication. Thus, Avetisov teaches a system publishing asset with supporting capabilities and policies of usage by publishing tool. The registering involves receiving authentication to use assets, and to provide authorization to the assets), wherein the publication tool is defined with a tool signature having details including attribute name, credential attributes, category of the asset, and classification of the asset(paragraph 96 discloses the digital tool signature include details such as user/device specific information, credential information, and policy information; paragraph 116 discloses the credential information include user identifier, email which is domain specific attribute, username which is attribute name, and other identifying information about the user; device information include device identifier, MAC address, IMEI number, application version which is classification of the asset/category of the asset, and  operating system version and type); 
registering, by an acquisition tool, to use the assets (paragraph 128 discloses registration process via the authentication server to use different secured assets); 
configuring relates and track assets by a consumer administration tool(paragraph 51 discloses digital rights management tool is implemented to protect/monitor software assets which include tracking assets by authentication checks that occur at time of access of an asset and monitoring/configuring relationships between the user and the application), wherein the consumer administration tool determines an authorized asset and the possible personas(by policy), and sets one or more parameters (credentials) of the authorization (paragraph 131 discloses the administrator may register the client device with specific permissions to restrict use to a specified subset of users to access secure assets, see also paragraph 119. Paragraph 131 of Avetisov reveal that an administrator of the relying party, the acquisition tool, may register the client device with specific permissions to access secure assets. Thus, this teaches on an enterprise administration tool that determines an authorized asset and possible persona/client device , and sets one or more restrictions authorization of the client device to the assets. This the administration tool of Avetisov teaches that the administrator assign correct personas/client device for the asset. Paragraph 130 provides details of the administrator selecting which users/client devices have access to the assets/resources., thus selection from a list of defined users/personas for the asset is established) ; 
configuring security relationship and track assets by an enterprise administration tool, (paragraph 51 discloses digital rights management tool is implemented to protect/monitor software assets which include tracking assets by authentication checks that occur at time of access of an asset and monitoring/configuring relationships between the user  credentials and the application), wherein the enterprise administration tool determines authorized enterprise asset and possible persona, and sets one or more parameters of the authorization(paragraph 131 discloses the administrator may register the client device with specific permissions to restrict use to a specified subset of users to access secure assets, see also paragraph 119) and 
Page 34 of 37Attorney Docket No.: 01416-21101 leveraging registered data to build the credential for a tool signature by an execution tool, (paragraph 51 discloses a server tool that has a digital rights management tool to protect assets/resources, and support/leverage registered user data by building/collecting and storing user credential to access resources based on user attempt/request to access an application), wherein the execution tool leverages the registered data based on a request received from the consumer (Avetisov :paragraph 126 discloses the authorization server, which is the execution tool, pushes/leverages UID Record  upon request by a relying party. Furthermore, Avetisov describes in paragraph 51 server tool that has digital rights management tool to protect assets/resources, and support/leverage registered user data by building/collecting and storing user credential to access resources based on user attempt/request to access an application).
Avetisov does not teach a system for simplifying and controlling digital participants.
Swerdlow teaches a system for simplifying and controlling digital participants (Figures 1 and 3 discloses a persona management system that simplifies and controls a plurality of personas).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Avetisov’s system with Swerdlow’s teaching of management persona system to simplify management of persona accounts and allows the user to use and securely control existing data (paragraph 29 of Swerdlow). 

As to claim 12, the combination of Avetisov in view of Swerdlow teach wherein the acquisition tool is configured to assign a correct persona selected from a list of defined personas for the asset (Avetisov :paragraph 131 discloses the client device  may be assigned to a particular employee by an administrator of a relying party. The administrator may register the client device with specific permissions to restrict use to a specified subset of users from a set of users to access secure assets).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/               Examiner, Art Unit 2437       

/KRISTINE L KINCAID/               Supervisory Patent Examiner, Art Unit 2437