Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-45 are presented for examination.
Examiner’s Remark
	At the time of writing of the instant action, the Examiner is aware of potential avenues for advancing prosecution and encourages Applicant to contact the Examiner to advance prosecution.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-6 are rejected under 35 U.S.C. 101 because the claims are a system comprising a processor and a memory comprising one or more routines.  The broadest reasonable interpretation of the claimed processor is a software component and the broadest reasonable interpretation of the claimed memory is a signal.  The specification does not appear to provide explicit definitions nor metes & bounds. See Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449 (2007) and In re Warmerdam, 33 F.3d 1354, 1361 (Fed. Cir. 1994). The broadest reasonable interpretation of the recited memory is a signal; the specification appears silent as to the broadest and reasonable interpretation of the recited memory. The broadest reasonable interpretation does not expressly exclude transitory signals. It has been noted that the ordinary and customary meaning of "computer readable storage medium" or a memory, to a person of ordinary skill in the art is broad enough to encompass both non-transitory and transitory media. See Ex parte Mewherter (Appeal 2012-007682) (Precedential). Transitory, propagating signals such as carrier waves are not within any of the four statutory categories (process, machine, manufacture or composition of matter). Therefore, a claim directed to computer instructions embodied in a signal is not statutory under 35 U.S.C. 101. In re Nuijten , 500 F.3d 1346, 1354 (Fed. Cir. 2007). Accordingly, the claims present a scenario where there are multiple covered embodiments, and not all covered embodiments are patent-eligible; those embodiments are potentially directed to both software and signals. The subject matter of the claims permitted within 35 U.S.C. 101 must be a machine, a manufacture, a process, or a composition of matter. "[t]he four categories [of § 101] together describe the exclusive reach of patentable subject matter. If the claim covers material not found in any of the four statutory categories, that claim falls outside the plainly expressed scope of § 101 even if the subject matter is otherwise new and useful.” In re Nuijten, 500 F.3d 1346, 1354 (Fed. Cir. 2007); accord In re Ferguson, 558 F.3d 1359 (Fed. Cir. 2009). “The MPEP instructs that when a claim covers ‘both statutory and non-statutory embodiments,’ it is not eligible for patenting. MPEP § 2106 (9th ed. Mar. 2014.).” quoting Mentor Graphics v. Synopsys (Fed. Cir. Mar. 16, 2017, Precedential).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 6, 29 and 42 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
	Claim 6 recites “the form” and lacks antecedent basis.
	Claim 29 recites “the certificate chain comprises a valid root certificate, signature of the first set of data packets that are issued from a credible root certificate authority, a presence in a whitelist, non-presence in a negative list, web ranking, a check performed by a parser” and it is unclear as to whether the list is complete as there is no conjunction.
	Claim 42 recites “the second and third set of data packets” and it is unclear as to whether such language is referring to the previously recited second and third set of packets or the recited parallel second and third set of data packets; when a claim is amenable to two or plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention.  Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential).
Any claim not specifically addressed above is being rejected as incorporating the deficiencies of a claim upon which it depends.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Rajagopal et al (U.S. Pat App Pub 2013/0340028 A1), hereinafter referred to as Rajagopal, in view of Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, in further view of Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi.
	Re claim 1: Rajagopal teaches a system comprising: a processor; and a memory comprising one or more routines, which when executed by the processor, cause the processor to:
	configure, for a user working on a verification initiator unit (VIU) provided by a relying entity, a first session having a hyperlink [¶13; ¶78 ¶98] that enables instantiation of a second session on a virtual browser [Figs 2 & 9, elts 200, 220, 214 & 226; ¶33; ¶40; ¶64] on the VIU using a web gateway (Fig 3; ¶47-¶64), said second session being partially configured on a remote terminal so as to operatively couple the remote terminal with the first session of the user of a first computing device; and the virtual browser and configure the second session to open, in the virtual browser (Fig 3; ¶64-¶71).
	Blanke teaches configure the second session to open, an independent cryptographically verifiable source (ICVS) to enable said ICVS to authenticate the user; retrieve a first set of data packets pertaining to the user from the ICVS through a secure data channel; bind a second set of data packets that are selected from the first set of data packets with origination information of the ICVS so as to generate a third set of data packets  (Figs 4-6; ¶11-¶13; ¶43-¶67; page 7, claims 1-12).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Rajagopal with the teachings of Blanke, for the purpose of establishing trust using secure transmission protocols using self-signed certificates and user authentication; doing so has the benefit of mutual validation.
	Obaidi teaches retrieve a first set of data packets pertaining to the user from the ICVS through a secure data channel; bind a second set of data packets that are selected from the first set of data packets with origination information of the ICVS so as to generate a third set of data packets; and  provide access of the third set of data packets to the relying entity of the first session (Figs 5-7; ¶61-¶68; pages 7-8, claims 1-12).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Rajagopal and Blanke with the teachings of Obaidi, for the purpose of providing predictable variations in the art of protecting against unauthorized usage of both proprietary telecommunication services and proprietary telecommunication devices (see ¶10).  Doing so has the known benefit of preventing unauthorized tampering with “man in the middle attacks” (¶55).
	Re claim 2: The combination of Rajagopal, Blanke and Obaidi teaches the remote terminal runs on a trusted execution environment (TEE), wherein one or more attributes of the TEE are associated with the third set of data packets (Obaidi: Figs 5-7; ¶61-¶68; pages 7-8, claims 1-12).  
	Re claim 5: The combination of Rajagopal, Blanke and Obaidi teaches the first set of data packets are processed and utilized by the first session so as to match the first set of data packets containing user information with user information available in the first session (Rajagopal: ¶40-¶42; ¶47-¶50; ¶64--¶69).
	Re claim 6: The combination of Rajagopal, Blanke and Obaidi teaches the third set of data packets are shared with one or more second set of relying parties in the form of any or a combination of verifiable claims or credentials, Portable Document File (PDF) file, a decision, a JavaScript Object Notation (JSON), an Extensible Markup Language (XML), an electronic record, and a key (Obaidi: Id).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Rajagopal et al (U.S. Pat App Pub 2013/0340028 A1), hereinafter referred to as Rajagopal, Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, and Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, in further view of Kania, Piotr et al (GB 2508235 A), hereinafter referred as Piotr.
	Re claim 3: The combination of Rajagopal, Blanke and Obaidi teaches all the limitations of claim 1 as previously stated and the virtual browser comprises a plug-in (¶22, ¶24, ¶25).
	Piotr teaches the virtual browser comprises a plug-in that receives at least session parameter that is associated with the first session, wherein said parameter relates to any or a combination of session id, user device, user, ICVS, timestamp, location, and IP address (pages 9-11, 14 & 19).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Rajagopal, Blanke and Obaidi with the teachings of Piotr, for the purpose of authorizing data via plug-ins; doing so has the known benefit of assuring software is up-to-date and uniquely identifying sources of programs.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Rajagopal et al (U.S. Pat App Pub 2013/0340028 A1), hereinafter referred to as Rajagopal, Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, and Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, in further view of Arkhipov (U.S. Pat App Pub 2004/0003248 A1), hereinafter referred to as Arkhipov.
	Re claim 4: The combination of Rajagopal, Blanke and Obaidi teaches all the limitations of claim 1 as previously stated and also teaches the virtual browser is a secure browser (Rajagopal: Figs 2 & 9, elts 200, 220, 214 & 226; ¶33; ¶40; ¶64).
	Arkhipov teaches the virtual browser is a secure browser that does not allow tampering of the first set of data packets beyond what is allowed by the ICVS (¶10; ¶12; ¶25-¶30).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Rajagopal, Blanke and Obaidi with the teachings of Arkhipov, for the purpose of preventing the tampering of web content and to further notify a user when content has been tampered; doing so has the known benefit of preventing access to malicious or malformed content whilst also granting the user the ability to identify false positives when content has not been tampered.

Claims 7-12, 14-17, 25-28, 32, 35, 36 and 43 and 45  rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, and Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, in further view of Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin.
	Re claims 7 and 43: Blanke teaches a method and a device comprising: a processor; and a memory comprising one or more routines, which when executed by the processor, cause the processor to: retrieve a first set of data packets pertaining to a user from an independent cryptographically verifiable source (ICVS) through a secure data channel; bind a second set of data packets that are selected from the first set of data packets with origination information of the ICVS so as to generate a third set of data packets that is processed to generate a cryptographic value pertaining to said third set of data packets (Figs 4-6; ¶11-¶13; ¶43-¶67; page 7, claims 1-12).
	Obaidi teaches a processor running a trusted execution environment (TEE) (Fig 3 and the associated descriptions), bind a second set of data packets that are selected from the first set of data packets with origination information of the ICVS so as to generate a third set of data packets that is processed to generate a cryptographic value pertaining to said third set of data packets (Figs 5-7; ¶61-¶68; pages 7-8, claims 1-12).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke with the teachings of Obaidi, for the purpose of providing predictable variations in the art of protecting against unauthorized usage of both proprietary telecommunication services and proprietary telecommunication devices (see ¶10).  Doing so has the known benefit of preventing unauthorized tampering with “man in the middle attacks” (¶55).
	Anglin teaches store the cryptographic value in an immutable storage (Fig 1B; ¶27-¶29), said cryptographic value being used by a third relying-party to validate integrity of the third set of data packets (Fig 5; ¶36; Fig 6A; ¶38-¶39; Fig 6B: ¶40; page 7, claims 1-7).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke and Obaidi with the teachings of Anglin, for the purpose of providing predictable variations in the art of credential validation via the use of decentralized, distributed storage; doing so has the known benefit of being tamper resistant and having high availability.
Re claim 8: The combination of Blanke, Obaidi and Anglin teaches the ICVS is any or a combination of a secure website, a Near-Field-Communication (NFC) card, a regulatory entity issued document, and a source having a certificate issued by a certified authority (Blanke: ¶25; ¶43; Obaidi: ¶21; ¶26).
	Re claim 9: The combination of Blanke, Obaidi and Anglin teaches when the ICVS is the NFC card, the processor: retrieves, on the device, from receiver of the NFC card, the first set of data packets; and decrypts, on the device, the retrieved first set of data packets to enable selection of the second set of data packets and subsequent binding of the selected second set of data packets with the origination information (Blanke: ¶25; ¶43; Obaidi: ¶21; ¶26; the Examiner notes that when the ICVS is a secure website, this limitation is selectively performed).
	Re claim 10: The combination of Blanke, Obaidi and Anglin teaches the processor is further configured to match, at the device, data packets from any or a combination of the first, second, or third set of data packets with identity data sourced from the device, said identity data pertaining to the user (Blanke: ¶31; ¶33; ¶38; ¶67; Obaidi: Figs 5 & 7 and the associated descriptions; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 11: The combination of Blanke, Obaidi and Anglin teaches the third set of data packets are associated with an identity of the user, said identity being selected from any or a combination of Public WO 2019/202563 PCT/IB2019/05326334 Key Infrastructures (PKIs) associated with the user, password of the user, Personal Identification Number (PIN) of the user, biometrics of the user, behavioral data of the user, non-fungible tokens (NFT) of the user, Fast Identity Online (FIDO) credentials of the user, device attributes of the user, and demographics of the user (Blanke: ¶31; ¶33; ¶38; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 12: The combination of Blanke, Obaidi and Anglin teaches the origination information of the ICVS is based on any or a combination of Secure Sockets Layer (SSL), Transport Layer Security (TLS), NFC information, IP address, domain name, who is information, certificate owner information, IP routes, forensic data pertaining to the ICVS, timestamp, sensor data pertaining to the ICVS, location information of the ICVS, and at least a portion of certificate information of the ICVS (Blanke: ¶42; ¶51-¶55).  
	Re claim 14: The combination of Blanke, Obaidi and Anglin teaches the first set of data packets are retrieved post successful authentication of the user through any or a combination of authenticating at the ICVS, authenticating the user at the device, authenticating using a biometric means, and authenticating using a private key (Blanke: ¶31; ¶33; ¶38; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 15: The combination of Blanke, Obaidi and Anglin teaches the third set of data packets is associated with authentication data pertaining to the user (Blanke: ¶31; ¶33; ¶38; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 16: The combination of Blanke, Obaidi and Anglin teaches the TEE is configured on the device or is configured virtually from the device and is operatively coupled with the device (Obaidi: Figs 5-7; ¶61-¶68; pages 7-8, claims 1-12).  
	Re claim 17: The combination of Blanke, Obaidi and Anglin teaches the immutable storage is selected from any or a combination of a blockchain, Distributed ledger technology (DLT), merkle tree, and a database (Anglin: Figs 1A & 1B and the associated descriptions).  
	Re claim 25: The combination of Blanke, Obaidi and Anglin teaches the cryptographic value is associated with cryptographic signature of the user (Blanke: ¶33-¶34; ¶39; Fig 3; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 26: The combination of Blanke, Obaidi and Anglin teaches wherein the first set of data packets comprises biometric information that is selected from any or a combination of photograph of the user, fingerprint of the user, voice of the user, and iris details of the user, said biometric information being used to authenticate the user (Blanke: ¶33-¶34; ¶39; Fig 3; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 27: The combination of Blanke, Obaidi and Anglin teaches the binding between the second set of data packets with the origination information of the ICVS is performed using any or a combination of checksum, hash function and cryptographic function (Obaidi: Figs 5-7; ¶61-¶68; pages 7-8, claims 1-12)
	Re claim 28: The combination of Blanke, Obaidi and Anglin teaches wherein the third set of data packets comprise or are associated with results of matching biometric information with the user, or results of matching authentication information with the user, or results of matching identity information with the user (Blanke: ¶33-¶34; ¶39; Fig 3; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 32: The combination of Blanke, Obaidi and Anglin teaches wherein user is an entity, a virtual user, a nominated user, or a natural person (Blanke: ¶33-¶34; ¶39; Fig 3; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 35: The combination of Blanke, Obaidi and Anglin teaches wherein the third set of data packets are associated with an identity of the user, said identity also being associated with a corresponding fourth set of data packets that are generated from a second ICVS (Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 36: The combination of Blanke, Obaidi and Anglin teaches wherein the association of the user identity with the fourth set of data packets happens after user authentication that is based on any or a combination of a valid password, knowledge based authentication, biometric authentication, device based authentication, one-time password (OTP) based authentication, PKI based authentication, social authentication, Single-sign-on (SSO)based authentication, or behavioral authentication (Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Re claim 45: The combination of Blanke, Obaidi and Anglin teaches the first set of data packets are retrieved post successful authentication of the user through any or a combination of authenticating at the ICVS, authenticating the user at the device, authenticating using a biometric WO 2019/202563 PCT/IB2019/05326338 means, and authenticating using a private key so that the third set of data packets is associated with the authenticated user (Blanke: ¶31; ¶33; ¶38; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).

Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Smith et al (U.S. Pat App Pub 2018/0082083 A1), hereinafter referred to as Smith.
	Re claim 13: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated and further teaches the origination information of the ICVS comprises any or a combination of cryptographic proof of at least one of operating software and the TEE that is used to generate the third set of data packets, cryptographic proof of the user, cryptographic proof of entity running the TEE, cryptographic proof of verifier, and cryptographic proof of the third relying-party (Blanke: ¶31; ¶33; ¶38; ¶67; Anglin: Figs 5, 6A & 6B and the associated descriptions).  
	Smith also teaches the origination information of the ICVS comprises any or a combination of cryptographic proof of at least one of operating software and the TEE that is used to generate the third set of data packets, cryptographic proof of the user, cryptographic proof of entity running the TEE, cryptographic proof of verifier, and cryptographic proof of the third relying-party (¶12; Figs 2-4; ¶24; ¶28-¶51).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Smith, for the purpose of providing error messages or preventing non-verified software components from loading; doing so provides a chain of trust and preventing unauthorized reconfiguration of software or policy-based actions (¶46 & ¶48).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Kuang et al (U.S. Pat App Pub 2014/0304780 A1), hereinafter referred to Kuang.
	Re claim 18: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated.
	Kuang teaches the cryptographic value is associated with a timestamp that is based on retrieval of the first set of data packets from the ICVS (¶131; ¶133; ¶186).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Kuang, for the purpose of preventing replay attacks via the use of One-Time Authorization codes based on time stamps.

Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Camenisch (U.S. Pat App Pub 2005/0268103 A1), hereinafter referred to as Camenisch.
	Re claim 23: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated.
	Camenisch teaches the device digitally signs the cryptographic value based on any or a combination of hardware security module (HSM) or trusted platform module (TPM) (¶9; ¶11; ¶23-¶24; Figs 1, 3 & 4; ¶44-¶46; ¶49-¶54).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Camenisch for the purpose of uniquely identifying and attesting to the identity of a TPM; doing so has the known benefit of determining the provenance and integrity of a hardware device.

Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Nagelberg et al (U.S. Pat 11186111 B1), hereinafter referred to as Nagelberg.
	Re claim 24: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated.
	Nagelberg teaches the third relying-party, upon receipt of a document whose authenticity is to be verified, generates a second cryptographic value, and matches said second cryptographic value against at least one cryptographic value that is stored in the immutable storage in order to validate the authenticity of the document (Figs 3-5 & 8; col 9, line 52 – col 11, line 32; col 12, line 43 – col 14, line 55).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Nagelberg for the purpose of detecting tampering of documents; such rationale is explicitly taught by Nagelberg.

Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Hua et al (U.S. Pat App Pub 2016/0028701 A1), hereinafter referred to as Hua.
	Re claim 29: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated.
	Hua teaches wherein the ICVS is verified based on any or a combination SSL/TLS certificate where the certificate chain comprises a valid root certificate, signature of the first set of data packets that are issued from a credible root certificate authority, a presence in a whitelist, non-presence in a negative list, web ranking, a check performed by a parser (¶33; ¶36; Figs 1 & 3 and the associated description). WO 2019/202563 PCT/IB2019/05326336  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Hua for the purpose of  “prevent an attacker from stealing data, thereby improving data security” (¶6; ¶19) and preventing tampering of a certificate by an attacker (¶41).

Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Aissi (U.S. Pat App Pub 2004/0034790 A1), hereinafter referred to as Aissi.
	Re claim 30: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated.
	Aissi teaches the ICVS is associated with a parser to generate verifiable claims or credentials (Figs 2 & 4; ¶22; ¶25; page 3, claims 1-3).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Aissi for the purpose of extracting security credentials from a stream of data packets; parsing data packets for specific pieces of data is well known in the art to provide the well known benefit of isolating desired data.

Claims 33 and 34 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Bulleit et al (U.S. Pat App Pub 2018/0060496 A1), hereinafter referred to as Bulleit.
	Re claim 33: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated and further teaches wherein a set of verifiable credentials are generated from any or a combination of the first, second or third set of data packets (Blanke: Id; Anglin: Id).
	Bulleit teaches said set of verifiable credentials comprising any or a combination of source, user identity information, name, address, date of birth, city, unique identifiers, email, phone number, standardized credentials as per World Wide Web Consortium (W3C), and biometric information (¶24; ¶30; ¶34; ¶38; ¶45; ¶63; ¶78; ¶131; ¶136; ¶200; ¶218).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Bulleit for the purpose of managing access permissions with certified self-sovereign identities; doing so has the known benefit of certifying and binding keys to respective users.
	Re claim 33: The combination of Blanke, Obaidi, Anglin and Bulleit teaches  the set of verifiable credentials are associated with users' private key or self-sovereign identity (¶24; ¶30; ¶34; ¶38; ¶45; ¶63; ¶78; ¶131; ¶136; ¶200; ¶218).  

Claims 37-39 are rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Hu et al (U.S. Pat App Pub 2017/0329980 A1), hereinafter referred to as Hu.
	Re claim 37: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 7 as previously stated.
	Hu teaches the third set of data packets are encrypted with a token, said encrypted set of third data packets being stored on a remote server, wherein the token is shared with a plurality of entities and/or the user based on users' consent (¶33; ¶44-¶49; Fig 4; ¶50-¶56; Fig 5; ¶57-¶60).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Hu for the purpose preventing eavesdropping and masquerading attacks of user; such rationale is expressly suggested by Hu.
	Re claim 38: The combination of Blanke, Obaidi, Anglin and Hu teaches the token is encrypted using public key of the user of the respective plurality of entities (Hu: ¶33; ¶44-¶49; Fig 4; ¶50-¶56; Fig 5; ¶57-¶60). WO 2019/202563 PCT/IB2019/05326337  
	Re claim 39: The combination of Blanke, Obaidi, Anglin and Hu teaches token is encrypted using public key of SSL/TLS certificate of the ICVS (Hu: ¶33; ¶44-¶49; Fig 4; ¶50-¶56; Fig 5; ¶57-¶60). WO 2019/202563 PCT/IB2019/05326337    

Claim 44 is rejected under 35 U.S.C. 103 as being unpatentable over Blanke (U.S. Pat App Pub 2016/0219043 A1), hereinafter referred to as Blanke, Obaidi et al (U.S. Pat App Pub 2013/0281058 A1), hereinafter referred to as Obaidi, and Anglin et al (U.S. Pat App Pub 2019/0036698 A1), hereinafter referred to as Anglin, in further view of Rajagopal et al (U.S. Pat App Pub 2013/0340028 A1), hereinafter referred to as Rajagopal.
	Re claim 44: The combination of Blanke, Obaidi and Anglin teaches all the limitations of claim 43 as previously stated.
	Rajagopal teaches the method further comprises: configuring, for the user working on a verification initiator unit (VIU) provided by the third relying entity, a first session having a hyperlink [¶13; ¶78 ¶98] that enables instantiation of a second session on a virtual browser on the VIU using a web gateway (Fig 3; ¶47-¶64), said second session being partially configured on a remote terminal so as to operatively couple the remote terminal with the first session of the user of a first computing device; and configuring the second session to open, in the virtual browser, the ICVS to enable said ICVS to authenticate the user (Fig 3; ¶64-¶71).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Blanke, Obaidi and Anglin with the teachings of Rajagopal, for the purpose of preventing circumventing network access safeguards, unauthorized tampering or access of the TEE partition as taught by Rajagopal.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-45 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Patent No. 11128468. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims are anticipated or obvious in view of the art for the reasons stated supra of which are fully incorporated herein and are not duplicated.
Allowable Subject Matter
Claims 19-22, 31 and 40-42 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form, as well as obviating additional issues set forth supra as per 35 USC 112(2)/112(b), including all of the limitations of the base claim and any intervening claims.
Conclusion
	Examiner's Note: 
The Examiner identified and designated “the particular part[s] [of the references] relied on” as provided in 37 C.F.R § 1.104(c)(2).
A reference is not limited to the disclosure of specific working examples. In re Mills, 470 F.2d 649, 651 (CCPA 1972); In re Fracalossi, 681 F.2d 792, 794 n.1 (CCPA 1982) (A prior art reference’s disclosure is not limited to its examples.). Nor do disclosed examples teach away from a reference’s broader disclosure. In re Susi, 440 F.2d 442, 446 n.3 (CCPA 1971); In re Boe, 355 F.2d 961, 965 (CCPA 1966) (All of the disclosures in a prior art reference “must be evaluated for what they fairly teach one of ordinary skill in the art.”).
“The prima facie case is merely a procedural device that enables an appropriate shift of the burden of production.” Hyatt v. Dudas, 492 F.3d. 1365, 1369 (Fed. Cir. 2007) (citing In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992)). The court has, thus, held that the USPTO carries its procedural burden of establishing a prima facie case when its rejection satisfies the requirements of 35 U.S.C. § 132 by notifying the applicant of the reasons for rejection, “together with such information and references as may be useful in judging of the propriety of continuing the prosecution of [the] application.” See In re Jung, 637 F.3d 1356, 1362 (Fed. Cir. 2011).
MPEP 2123 [R – 08.2012] states: "The use of patents as references is not limited to what the patentees describe as their own inventions or to the problems with which they are concerned. They are part of the literature of the art, relevant for all they contain." In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 1968)). 
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale
A reference may be relied upon for all that it would have reasonably suggested to one having ordinary skill the art, including nonpreferred embodiments. Merck & Co. v. Biocraft Laboratories, 874 F.2d 804, 10 USPQ2d 1843 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989). See also Upsher-Smith Labs. v. Pamlab, LLC, 412 F.3d 1319, 1323, 75 USPQ2d 1213, 1215 (Fed. Cir. 2005) (reference disclosing optional inclusion of a particular component teaches compositions that both do and do not contain that component); Celeritas Technologies Ltd. v. Rockwell International Corp., 150 F.3d 1354, 1361, 47 USPQ2d 1516, 1522-23 (Fed. Cir. 1998) (The court held that the prior art anticipated the claims even though it taught away from the claimed invention. "The fact that a modem with a single carrier data signal is shown to be less than optimal does not vitiate the fact that it is disclosed.").

In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. See: Ralston Purina Co. v. FarMar-Co, Inc., 772 F.2d 1570, 1575 (Fed. Cir. 1985), In re Kaslow, 707 F.2d 1366, 1375 (Fed. Cir. 1983), Ariad Pharmaceuticals, Inc. v. Eli Lilly and Co., 598 F.3d 1336, 1352 (Fed. Cir. 2010), Purdue Pharma L.P. v. Faulding, Inc., 230 F.3d 1320, 1323 (Fed. Cir. 2000), Vas-Cath Inc. v. Mahurkar, 935 F.2d 1555, 1560 (Fed. Cir. 1991) and TurboCare Div. of Demag Delavel Turbomachinery Corp. v. Gen. Elec. Co., 264 F.3d 1111, 1118 (Fed. Cir. 2001)

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850. The examiner can normally be reached 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARREN B SCHWARTZ/Primary Examiner, Art Unit 2435