Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
Claims 1, 3, 5-7, 9, 10, 13-16, 18, 20-22, 24, 25, and 28-38 are all the claims pending in the application. 
Claims 2, 4, 17, and 19 are cancelled.
Claims 35-38 are new.
Claims 1, 5-7, 10, 13, 14, 16, 20-22, 29, 31, 33, and 34 are amended.
Claims 1, 3, 5-7, 9, 10, 13-16, 18, 20-22, 24, 25, and 28-38 are rejected.
The following is a Final Office Action in response to amendments and remarks filed June 9, 2022.

Response to Arguments
Regarding the 112 rejections, all previous 112 rejections are withdrawn in light of the amendments to the claims.

Regarding the 101 rejections, the rejections are withdrawn under Step 2A Prong 2.  That is, Examiner finds under Step 2A Prong 1 the claims recite an abstract idea (i.e. following rules or instructions).  Examiner further finds under Step 2A Prong 2 the additional elements, when considered in combination, reflect an integration of the abstract idea into a practical application (i.e. a specific method managing and validating credentials).  Accordingly, the 101 rejections are withdrawn.

Regarding the 103 rejections of the independent claims, the rejections are withdrawn because the cited references do not teach a filtering rule that relates to something other than whether the virtualized credential is valid.  Please see below for the new rejections of the claims as amended.
Regarding the rejections of claim 2, Applicant asserts Saylor does not teach a distance between the parties' devices.  Examiner respectfully does not find this assertion persuasive because Saylor explicitly contemplates making credentials available based on users being in a given location, e.g. Col. 6, ll. 20-30, for example within one mile, Col. 6, ll. 49-55.
In response to arguments in reference to any other depending claims that have not been individually addressed, all rejections made towards these dependent claims are maintained due to a lack of reply by Applicant in regards to distinctly and specifically pointing out the supposed errors in Examiner's prior office action (37 CFR 1.111).  Examiner asserts that Applicant only argues that the dependent claims should be allowable because the independent claims are unobvious and patentable over the prior art.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 3, 5-7, 9, 10, 13-16, 18, 20-22, 24, 25, and 28-38 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
Regarding the independent claims, claims 1, 16, and 31 are rejected under 112(a) because the claims recite the newly amended limitation "…wherein the filtering rule relates to something other than merely whether the virtualized credential is valid…"  This limitation is rejected under 112(a) because it is a negative limitation or exclusionary proviso.  Negative limitations and exclusionary proviso must have basis in the original disclosure, see MPEP 2173.05(i).  However there is no discussion, throughout the entirety of the specification and drawings, of the filtering rule relating to something other than whether the virtualized credential is valid.  The Specification only states an issuing authority may store the filtering rules, e.g. pg. 6 ll. 10-15 of the Specification as filed.  As such, the Examiner asserts this as evidence that the newly amended claims are new matter.
Accordingly, claims 1, 16, and 31 are rejected under 112(a).  Claims 3, 5-7, 9, 10, 13-15, 18, 20-22, 24, 25, 28-30 and 32-38 do not correct this issue and accordingly are rejected under 112(a) due to their dependencies.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 5-7, 9, 13-16, 18, 20-22, 24, and 28-38 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saylor et al, US Pat. No. 9,160,727, herein referred to as “Saylor” in view of Gaddam et al, US Pub. No. 2015/0269566, herein referred to as “Gaddam”, further in view of Torrenegra, US Pub. No. 2009/0287596, herein referred to as "Torrenegra".
Regarding claim 1, Saylor teaches:
A method of providing a virtualized credential of a holder using a computer infrastructure comprising a computer processor and a computer-readable storage medium (processor and memory, Col. 4, ll. 54-58.  Additionally, please note, Examiner finds the claim limitation "providing a virtualized credential of a holder" does not further limit the scope of the claim because it is only reciting the intended use of the claim, see MPEP 2111.02.II.), 
the computer infrastructure facilitating communication between a device of the holder and a device of a relying party (communication system, Fig. 2 and Col. 8, ll. 38-57), 
the relying party being different from the holder (first user's credentials are provided to a second user, e.g. Fig. 3 and Col. 1, ll. 36-44), 
and the virtualized credential comprising credential data, the method comprising (data is indicative of credentials, e.g. Abstract):
receiving, at the computer infrastructure and storing in the computer-readable storage medium, a filtering rule from an issuing authority that issued the virtualized credential (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid), and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials),
for determining which data of the valid credential data is to be sent to the device of the relying party (users then send out their available credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11; see also Col. 10, ll. 40-57 discussing users' credentials being in their accounts)
wherein the filtering rule depends on at least one of a role of the relying party, a selection by the holder, and contextual data of the holder or relying party (availability of the credential is based on the user being able to adequately verify themselves, Col. 11, ll. 5-44); 
providing the device of the relying party with a verification app, to be installed as software thereon the verification app configured to verify information received from the computer infrastructure (system is implemented as a mobile device-based application, Col. 6, ll. 20-30; see also e.g. Col. 10, l. 58 – Col. 11, l. 19 discussing verification),
and to generate a user interface for displaying at least a portion of the virtualized credential (user interface displays a selected credential, Fig. 5 and Col. 12, ll. 46-59; see also , Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15 discussing displaying credentials); 
receiving, at the computer infrastructure, a request from the verification app installed on the device of the relying party for the virtualized credential corresponding to the holder (user selects desired credentials they wish to view, Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 11-18); 
providing, by the computer infrastructure, the verification app installed on the device of the relying party with at least some of the credential data according to the filtering rule (identifies users with selected credentials, Col. 7, ll. 9-32; Col. 23, ll. 11-28), 
and causing the verification app to verify the at least some of the credential data (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid), and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials); 
and, after verification of the at least some of the credential data, to generate the user interface to display at least a subset of the credential data received by the verification app from the computer infrastructure on a screen of the device of the relying party (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15).  
However Saylor does not teach but Gaddam does teach:
storing first cryptographic information in the computer-readable storage medium (encryption key is stored on device, ¶¶[0035]-[0036]); 
providing, by the computer infrastructure, the device of the relying party with a cryptogram (sends token, ¶¶0057]-[0058])
the cryptogram generated as a function of the first cryptographic information (token is generated based on key stored on device, ¶¶[0035]-[0036]). 
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
However the combination of Saylor and Gaddam does not teach but Torrenegra does teach:
wherein the filtering rule relates to something other than merely whether the virtualized credential is valid (sets filtering rules regarding the minimum qualifications, e.g. ¶¶[0052], [0122]).
Further, it would have been obvious at the time of filing to combine the encrypted credential management of Saylor and Gaddam with the filtering rules based on minimum qualifications as taught by Torrenegra because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F.  That is, Saylor teaches a system for managing credentials, e.g. Abstract.  One of ordinary skill would have recognized users of a system for managing credentials may wish to have credentials filtered based on minimum qualifications (e.g. ensuring only relevant licenses are shown to various other users and filtering out irrelevant unlicensed users), i.e. as taught by Torrenegra.
Regarding claim 3, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
wherein the role of the relying party is provided by the device of the relying party, and the role of the relying party is provided in a verifiable format (provides information about role like alumni status, which has been verified by the university, Col. 8, ll. 18-27).
Regarding claim 5, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
wherein the verification app is provided with pseudo data in places of at least some of the credential data (sends credential data about the user (i.e., that the user is a certified lifeguard) instead of sending personal information about the user, e.g. Col. 18, ll. 29-48).
Regarding claim 6, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Gaddam further teaches:
wherein the verification app is configured to verify the at least some of the credential data by presenting the cryptogram to a verification service (the access device sends the token to the token vault computer for validation, ¶[0057]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 7, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Gaddam further teaches:
wherein the verification app is configured to verify the at least some of the credential data by applying second cryptographic information to the cryptogram, the second cryptographic information corresponding to the first cryptographic information, wherein the first cryptographic information includes a first cryptographic key and the second cryptographic information includes a second cryptographic key (the access device sends the token to the token vault computer for validation, ¶[0057], and token vault computer may stores the encryption key to validate the token, ¶[0036]; see also ¶¶[0035]-[0036] noting encryption key is stored on device and token vault computer stores the encryption key to validate the token).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 9, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Gaddam further teaches:
wherein the cryptogram includes a variable component corresponding to at least one of: time, a counter or a randomly generated nonce (uses time as a variable input when encrypting, ¶[0055]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 13, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 6 and Saylor further teaches:
where in the verification app is configured to communicate with an intermediary service that directs to a particular one of a number of possible verification services (connects users with credential management server and multiple systems operated by credential granting authorities, Col. 8, ll. 38-57, Col. 10, ll. 11-30; see also Fig. 2, to verify the credentials, Col. 10, l. 58 - Col. 11, l. 19).
However Saylor does not explicitly teach:
wherein the verification app communicates with an intermediary service that directs the verification app.
Nevertheless, it would have been obvious to modify the teachings of Saylor to have the relying party to present the credentials to a verification service because the rearrangement of parts is obvious, see MPEP 2144.04.VI.C.  Saylor teaches the system contacting the credential granting authority to request the credentials be verified, Col 10, l. 58 – Co. 11, l. 19, and the user who provides their credentials contacting the credential granting authority to request the credentials be verified, Col. 11, ll. 20-44.  One of ordinary skill would have recognized that other users would also be interested in verifying the providing user’s credentials and would have modified Saylor to enable other users to verify the user’s credentials by presenting the credentials to the credential granting authority for verification as well.
Regarding claim 14, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
further comprising receiving a condition from the holder for determining which data of the credential data is to be sent to the device of the relying party, wherein the condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party (users define what credentials they wish to make available, e.g. Col. 7, l. 62 – Col. 8, l. 17, Col. 16, ll. 15-29 and Fig. 11).  
Regarding claim 15, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
wherein the filtering rule from the issuing authority cannot be overridden by the holder for at least some of the credentials (if the user’s credentials are invalid, system does not allow user to add the credentials to their account, Col. 11, ll. 13-16 and Col. 11, ll. 37-44).

Regarding claim 35, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
wherein the filtering rule depends on the contextual data of the holder or relying party and the contextual data comprises a distance between the device of the relying party and the device of the holder (credentials available based on users being in a given location, e.g. Col. 6, ll. 20-30, for example within one mile, Col. 6, ll. 49-55; see also, e.g. Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 50-56 discussing credentials transmission can be based on contextual data like location of the parties).  
Regarding claim 36, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
wherein the filtering rule depends on the contextual data of the holder or relying party and the contextual data comprises a privacy level setting (user selects what credentials are to be made available to others, Col. 12, ll. 1-11).  

Regarding claim 16, Saylor teaches:
A non-transitory computer-readable medium containing software (machine readable storage device and software, Col. 24, l. 55 – Col. 25, l. 10):
that provides a virtualized credential of a holder, the virtualized credential comprising credential data (provides information about a credential held by a user, e.g. Abstract), 
the software comprising executable code, that when executed by one or more processors, causes the software to facilitate communication between a device of the holder and a device of a relying party (communication system, Fig. 2 and Col. 8, ll. 38-57), 
the relying party being different from the holder, and to (first user's credentials are provided to a second user, e.g. Fig. 3 and Col. 1, ll. 36-44): 
facilitate setting, and storing in the computer-readable medium, of a filtering rule from an issuing authority that issued the virtualized credential (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid), and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials),
for determining which data of the credential data is to be sent to the device of the relying party (users then send out their available credentials to other users, e.g. Col. 13, ll. 1-25, Col. 16, ll. 15-24, and Figs. 6, 7 and 11; see also Col. 10, ll. 40-57 discussing users' credentials being in their accounts), 
wherein the filtering rule depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party (availability of the credential is based on the user being able to adequately verify themselves, Col. 11, ll. 5-44); 
provide a verification app on the device of the relying party configured to verify information received from the computer infrastructure (system is implemented as a mobile device-based application, Col. 6, ll. 20-30; see also e.g. Col. 10, l. 58 – Col. 11, l. 19 discussing verification),
and to generate a user interface for displaying at least a portion of the virtualized credential (user interface displays a selected credential, Fig. 5 and Col. 12, ll. 46-59; see also , Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15 discussing displaying credentials);
provide, in response to receiving a request from the device of the relying party for the virtualized credential corresponding to the holder, at least some of the credential data to the verification app according to the stored filtering rule (first user selects desired credentials, Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 11-18, and system identifies users with selected credentials, Col. 7, ll. 9-32; Col. 23, ll. 11-28), 
applying the verification app on the device of the relying party to verify the at least some of the credential data (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid), and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials; see also, Col. 6, ll. 20-30 noting system is implemented as a mobile device-based application); 
generate via the verification app, after verification of the at least some of the credential data, a user interface for displaying at least a subset of the credential data received by the verification app on a screen of the device of the relying party (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15).  
However Saylor does not teach but Gaddam does teach:
store first cryptographic information in the computer-readable medium (encryption key is stored on device, ¶¶[0035]-[0036]); 
providing a cryptogram (sends token, ¶¶0057]-[0058])
the cryptogram generated as a function of the first cryptographic information (token is generated based on key stored on device, ¶¶[0035]-[0036]); 
applying the verification app of the device of the relying party to the cryptogram (devices receives and validates token, e.g. ¶¶[0036], [0048]). 
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
However the combination of Saylor and Gaddam does not teach but Torrenegra does teach:
wherein the filtering rule relates to something other than merely whether the virtualized credential is valid (sets filtering rules regarding the minimum qualifications, e.g. ¶¶[0052], [0122]).
Further, it would have been obvious at the time of filing to combine the encrypted credential management of Saylor and Gaddam with the filtering rules based on minimum qualifications as taught by Torrenegra because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F.  That is, Saylor teaches a system for managing credentials, e.g. Abstract.  One of ordinary skill would have recognized users of a system for managing credentials may wish to have credentials filtered based on minimum qualifications (e.g. ensuring only relevant licenses are shown to various other users and filtering out irrelevant unlicensed users), i.e. as taught by Torrenegra.
Regarding claim 18, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Saylor further teaches:
wherein the role of the relying party is provided by the device of the relying party, and the role of the relying party is provided in a verifiable format (provides information about role like alumni status, which has been verified by the university, Col. 8, ll. 18-27).
Regarding claim 20, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Saylor further teaches:
wherein the verification app is provided with pseudo data in places of at least some of the credential data (sends credential data about the user (i.e., that the user is a certified lifeguard) instead of sending personal information about the user, e.g. Col. 18, ll. 29-48). 
Regarding claim 21, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Gaddam further teaches:
wherein applying the verification app on the device of the relying party to the cryptogram to verify the at least some of the credential data causes the cryptogram to be presented to a verification service (the access device sends the token to the token vault computer for validation, ¶[0057]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 22, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Gaddam further teaches:
wherein applying the verification app on the device of the relying party to the cryptogram to verify the at least some of the credential data causes second cryptographic information to be applied to the cryptogram, the second cryptographic information corresponding to the first cryptographic information, wherein the first cryptographic information includes a first cryptographic key and the second cryptographic information includes a second cryptographic key (the access device sends the token to the token vault computer for validation, ¶[0057], and token vault computer may stores the encryption key to validate the token, ¶[0036]; see also ¶¶[0035]-[0036] noting encryption key is stored on device and token vault computer stores the encryption key to validate the token).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 24, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Gaddam further teaches:
wherein the cryptogram includes a variable component corresponding to at least one of: time, a counter or a randomly generated nonce (uses time as a variable input when encrypting, ¶[0055]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 28, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 21 and Saylor further teaches:
communicates with an intermediary service that directs to a particular one of a number of possible verification services (connects users with credential management server and multiple systems operated by credential granting authorities, Col. 8, ll. 38-57, Col. 10, ll. 11-30; see also Fig. 2, to verify the credentials, Col. 10, l. 58 - Col. 11, l. 19).
However Saylor does not explicitly teach:
wherein the verification app communicates with an intermediary service that directs the verification app.
Nevertheless, it would have been obvious to modify the teachings of Saylor to have the relying party to present the credentials to a verification service because the rearrangement of parts is obvious, see MPEP 2144.04.VI.C.  Saylor teaches the system contacting the credential granting authority to request the credentials be verified, Col 10, l. 58 – Co. 11, l. 19, and the user who provides their credentials contacting the credential granting authority to request the credentials be verified, Col. 11, ll. 20-44.  One of ordinary skill would have recognized that other users would also be interested in verifying the providing user’s credentials and would have modified Saylor to enable other users to verify the user’s credentials by presenting the credentials to the credential granting authority for verification as well.
Regarding claim 29, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Saylor further teaches:
the software further comprising executable code that facilitates setting a condition from the holder for determining which data of the credential data is to be sent to the device of the relying party, wherein the condition depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the holder or relying party (users define what credentials they wish to make available, e.g. Col. 7, l. 62 – Col. 8, l. 17, and the system only allows virtualized credentials to be added to the user’s account if the credentials are verified, Col. 10, l. 58 – Col. 11, l. 19 and selection of credentials can be based on contextual data like location, e.g. Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 50-56).  
Regarding claim 30, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Saylor further teaches:
wherein the filtering rule set by the issuing authority cannot be overridden by the holder for at least some of the credentials (if the user’s credentials are invalid, system does not allow user to add the credentials to their account, Col. 10, l. 58 – Col. 11, l. 19).

Regarding claim 37, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 16 and Saylor further teaches:
wherein the filtering rule depends on the contextual data of the holder or relying party and the contextual data comprises a distance between the device of the relying party and the device of the holder (credentials available based on users being in a given location, e.g. Col. 6, ll. 20-30, for example within one mile, Col. 6, ll. 49-55; see also, e.g. Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 50-56 discussing credentials transmission can be based on contextual data like location of the parties).  
Regarding claim 38, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 1 and Saylor further teaches:
wherein the filtering rule depends on the contextual data of the holder or relying party and the contextual data comprises a privacy level setting (user selects what credentials are to be made available to others, Col. 12, ll. 1-11).  

Regarding claim 31, Saylor teaches:
providing a virtualized credential of a holder (provides information about a credential held by a user, e.g. Abstract)
from a device of the holder to a device of a relying party (communication system, Fig. 2 and Col. 8, ll. 38-57), 
the relying party being different from the holder (first user's credentials are provided to a second user, e.g. Fig. 3 and Col. 1, ll. 36-44), 
and the virtualized credential comprising credential data, the method comprising (data is indicative of credentials, e.g. Abstract): 
receiving a verification app at the device of the relying party for installation thereon, the verification app configured to verify information received from the device of the holder (system is implemented as a mobile device-based application, Col. 6, ll. 20-30; see also e.g. Col. 10, l. 58 – Col. 11, l. 19 discussing verification),
and to generate a user interface for displaying at least a portion of the virtualized credential (user interface displays a selected credential, Fig. 5 and Col. 12, ll. 46-59; see also , Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15 discussing displaying credentials); 
sending, to the device of the holder, a request from the verification app installed on the device of the relying party for the virtualized credential corresponding to the holder (user selects desired credentials they wish to view, Col. 6, l. 49 – Col. 7, l. 8; and Col. 22, ll. 11-18); 
receiving, at the verification app, from the device of the holder, at least some of the credential data (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15),
according to a filtering rule from an issuing authority that issued the virtualized credential  
the filtering rule determining which data of the credential data is to be sent to the device of the relying party, and depends on at least one of: a role of the relying party, a selection by the holder, and contextual data of the holder or relying party (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid), and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials), 
applying the verification app to the cryptogram to verify the at least some of the credential data (credential granting authority determines if user is entitled to the credential and system makes the credential unavailable if the user is not entitled to it (i.e. if the credential is invalid), and adds the credentials to the user's account if the credential is valid, Col. 11, ll. 5-44; see also Col. 11, ll. 45-67 discussing verification states of credentials; and Col. 17, ll. 42-54 discussing storing availability data of users' credentials); 
and generating via the verification app, after verification of the at least some of the valid credential data, the user interface for displaying at least a subset of the credential data received by the verification on a screen of the device of the relying party (displays credentials, Col. 7, ll. 9-41; Col. 23, l. 29 – Col. 24, l. 11 and Figs. 1 and 15).  
However Saylor does not teach but Gaddam does teach:
receiving, at the verification app, from the device of the holder, a cryptogram (encryption key is stored on device, ¶¶[0035]-[0036], and sends token, ¶¶0057]-[0058]);
and wherein the cryptogram is generated as a function of first cryptographic information stored on the device of the holder (token is generated based on key stored on device, ¶¶[0035]-[0036]);;
applying the verification app to the cryptogram devices receives and validates token, e.g. ¶¶[0036], [0048]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
However the combination of Saylor and Gaddam does not teach but Torrenegra does teach:
wherein the filtering rule relates to something other than merely whether the virtualized credential is valid (sets filtering rules regarding the minimum qualifications, e.g. ¶¶[0052], [0122]).
Further, it would have been obvious at the time of filing to combine the encrypted credential management of Saylor and Gaddam with the filtering rules based on minimum qualifications as taught by Torrenegra because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F.  That is, Saylor teaches a system for managing credentials, e.g. Abstract.  One of ordinary skill would have recognized users of a system for managing credentials may wish to have credentials filtered based on minimum qualifications (e.g. ensuring only relevant licenses are shown to various other users and filtering out irrelevant unlicensed users), i.e. as taught by Torrenegra.
Regarding claim 32, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 31 and Saylor further teaches:
wherein the filtering rule from the issuing authority cannot be overridden by the holder (if the user’s credentials are invalid, system does not allow user to add the credentials to their account, Col. 11, ll. 13-16 and Col. 11, ll. 37-44).
Regarding claim 33, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 31 and Gaddam further teaches:
wherein applying the verification app to the cryptogram to verify the at least some of the credential data comprises presenting, by the verification app, the cryptogram to a verification service (the access device sends the token to the token vault computer for validation, ¶[0057]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.
Regarding claim 34, the combination of Saylor, Gaddam, and Torrenegra teaches all the limitations of claim 31 and Gaddam further teaches:
wherein applying the verification app to the cryptogram to verify the at least some of the credential data comprises applying second cryptographic information to the cryptogram, the second cryptographic information corresponding to the first cryptographic information (the access device sends the token to the token vault computer for validation, ¶[0057], and token vault computer stores the encryption key to validate the token, ¶[0036]).
Further, it would have been obvious at the time of filing to combine the credential management system of Saylor with the encryption of Gaddam because Gaddam suggests using tokens to limit exposure if the information is obtained by an unauthorized person, ¶[0002], see MPEP 2143.I.G.

Claims 10 and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saylor, Gaddam, and Taylor in view of Vercher, Brady “Protect Your Products and Improve Your Systems with Signed URLs” BlazerSix Engage Blog, May 16, 2013, herein referred to as “Vercher”.
Regarding claim 10, the combination of Taylor, Gaddam, and Torrenegra teaches all the limitations of claim 6 and does not teach but Vercher teaches:
providing, by the computer infrastructure a Uniform Resource Locator (URL) of the verification service to the device of the relying party (hands out a URL, pg. 1).
Further, it would have been obvious at the time of filing to combine the encrypted credential management system of Saylor and Gaddam with the signed URLs of Vercher because Vercher suggests using signed URL to protect downloadable information, pg. 1; see also MPEP 2143.I.G.

Regarding claim 25, the combination of Taylor, Gaddam, and Torrenegra teaches all the limitations of claim 21 and does not teach but Vercher teaches:
the software further comprising executable code that provides a Uniform Resource Locator (URL) of the verification service to the verification app (hands out a URL, pg. 1).
Further, it would have been obvious at the time of filing to combine the encrypted credential management system of Saylor and Gaddam with the signed URLs of Vercher because Vercher suggests using signed URL to protect downloadable information, pg. 1; see also MPEP 2143.I.G.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRENDAN S O'SHEA whose telephone number is (571)270-1064. The examiner can normally be reached Monday to Friday 10-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on (571) 272-6782. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/BOS/Examiner, Art Unit 3629                                                                                                                                                                                                        

/ANDREW B WHITAKER/Primary Examiner, Art Unit 3629