DETAILED ACTION
This office action is in response to applicant’s amendment filed on 08/23/2022.   Claims 1, 4-5, 10-12, 17, and 20 have been amended.  Claims 1-20 are pending and are directed towards methods and apparatus for Privacy-Preserving Identity Attribute Verification Using Policies Tokens.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 08/23/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claims 1 and 11, that Hodgkinson and Paquin fail to teach “initiating, by the user device, verification of the user with the policy token and the set of identity attributes from the identity token without revealing the identity attributes, wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes” (page 10 of the present response) have been fully considered but they are not persuasive.
	Regarding A) Hodgkinson teaches initiating, by the user device, verification of the user with the policy token and the set of identity attributes from the identity token without revealing the identity attributes (para 49, line 1-19 and para 71, line 1-25; client sends the security token to relying party, where the security token includes information about the user that can satisfy all the requests contained in the security policy and policy token includes data that is derived from a value managed by the identity provider and not a specific datum, such as the actual user age).  Hodgkinson further teaches wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes (para 37, line 1-13 and para 38, line 1-11; the security policy 150 may contain requests for different user information, such as name, mailing address, and Social security number).  In para 52 of the instant specification, a predicate is defined as “may include any data that is used as the basis for other data and can correspond to a query”.  The security policy containing requests for user information in prior art Hodgkinson corresponds to the policy token containing one or more predicates.  Therefore, the prior art at least suggests the features in claimed limitations.
B) Applicant’s arguments, with respect to the amended limitations of claim 5, that Hodgkinson, Paquin, and Avetisov fail to teach “receiving, by the user device, from an identity provider, via the token server computer, a first cryptographic nonce and a public identity provider key; validating, by the user device, the identity provider public key; generating, by the user device, a second random nonce; generating, by the user device, a commitment of a master secret; generating, by the user device, a proof of the commitment; generating, by the user device, a message comprising the commitment, the proof of the commitment, the second random nonce, and a user device public key; encrypting, by the user device, the message using the identity provider public key, thereby generating an encrypted message” (page 11 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
 C) Applicant’s arguments, with respect to the amended limitations of claim 17, that Hodgkinson, Paquin, and Avetisov fail to teach “receiving, by an identity service provider computer, from a user device, a zero-knowledge proof generated at least in part using a policy token and a set of identity attributes stored on the user device, wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes” (page 11 of the present response) have been fully considered but they are not persuasive.
Regarding C) Hodgkinson teaches receiving, by an identity service provider computer, from a user device, a proof generated at least in part using a policy token and a set of identity attributes stored on the user device (para 48, line 1-15 and para 54, line 1-18; client 105 receives security policy 150 and receives a security token from identity provider 135, where the security token includes information about the user that can satisfy all the requests of the relying party).  Hodgkinson further teaches wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes (para 37, line 1-13 and para 38, line 1-11; the security policy 150 may contain requests for different user information, such as name, mailing address, and Social security number).  Hodgkinson and Paquin do not teach the zero-knowledge proof.  Avetisov teaches the zero-knowledge proof (para 27, line 1-33; proving knowledge (e.g., by a zero-knowledge proof)).  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide remote server verifies the identity of the user using the zero-knowledge proof and server may transmit an authentication result to the relying party and relying party may grant or deny client request based on the authentication result.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1, 3-4, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Hodgkinson et al. (US Pub. 2013/0014207), hereinafter Hodgkinson, filed on Sep. 14, 2012 in view of Paquin et al. (US Pub. 2011/0202991), hereinafter Paquin, filed Feb. 18, 2010.
Regarding claim 1, Hodgkinson teaches a method comprising: 
2receiving, by a user device, from a relying entity computer, a policy token 3 (Fig. 3 and para 48, line 1-15; client 105 receives security policy 150 from relying party 130),
Hodgkinson does not teach wherein the token was issued to the relying entity computer from a token server 4computer;
Paquin teaches wherein the token was issued to the relying entity computer from a token server 4computer (Fig. 4 and para 36, line 1-16 and para 37, line 1-18; presentation token is provided to relying party 420 from identity selector 430, where the identity selector includes a token store);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson to incorporate the teachings of Paquin to provide presentation token is provided to relying party from identity selector, where the identity selector includes a token store.  Doing so would allow for privacy-preserving identity system that combines tokens with an identity metasystem to allow proof of a user’s identity, as recognized by Paquin.
Hodgkinson teaches 5determining, by the user device, based on the policy token and an identity 6token corresponding to a user, a set of identity attributes from the identity token, 7wherein the identity token is stored on the user device (para 48, line 1-15 and para 54, line 1-18; client 105 receives security policy 150 and receives a security token from identity provider 135, where the security token includes information about the user that can satisfy all the requests of the relying party); 8and 
9initiating, by the user device, verification of the user with the policy token 10and the set of identity attributes from the identity token without revealing the identity attributes (para 49, line 1-19 and para 71, line 1-25; client sends the security token to relying party, where the security token includes information about the user that can satisfy all the requests contained in the security policy and policy token includes data that is derived from a value managed by the identity provider and not a specific datum, such as the actual user age).
wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes (para 37, line 1-13 and para 38, line 1-11; the security policy 150 may contain requests for different user information, such as name, mailing address, and Social security number).
Regarding claim 3, Hodgkinson and Paquin teaches method of claim 1.
Hodgkinson teaches wherein the identity token is a delegated 2identity token, wherein the user device is a second user device, and wherein the 3method further comprises: 4receiving, by the second user device, the delegated identity token from a 5first user device (para 87, line 1-12 and para 90, line 1-9; a parent may authorize a spouse or children to use a delegation information card, such as to make purchases on-line).
Regarding claim 4, Hodgkinson and Paquin teaches method of claim 1.
Hodgkinson teaches receiving, by the user device, from the token server computer, the identity 3token, the identity token comprising one or more 4identity attribute signatures, wherein the one or more identity attributes and the one or 5more identity attribute signatures correspond to one or more identity providers, wherein 6the one or more identity providers provided the one or more identity attributes and the 7one or more identity attribute signatures to the token server computer (para 39, line 1-18; client receives security token 135 from identity provider 135, where security token 135 includes credential that identifies the user and is encrypted in some manner and perhaps signed and/or time stamped by identity provider 135, so that relying party 130 can be certain that the security token originated with identity provider 135).  
Regarding claim 11, Hodgkinson teaches a user device comprising: 
a processor; and a non-transitory computer readable medium coupled to the processor, the non-transitory computer readable medium comprising code, executable by the processor, for implementing a method comprising (para 141, line 1-20 and para 143, line 1-17; instructions stored in memory which are accessed by a machine containing processor for performing tasks):
receiving from a relying entity computer, a policy token (Fig. 3 and para 48, line 1-15; client 105 receives security policy 150 from relying party 130), 
Hodgkinson does not teach wherein the token was issued to the relying entity computer from a token server 4computer;
Paquin teaches wherein the token was issued to the relying entity computer from a token server 4computer (Fig. 4 and para 36, line 1-16 and para 37, line 1-18; presentation token is provided to relying party 420 from identity selector 430, where the identity selector includes a token store);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson to incorporate the teachings of Paquin to provide presentation token is provided to relying party from identity selector, where the identity selector includes a token store.  Doing so would allow for privacy-preserving identity system that combines tokens with an identity metasystem to allow proof of a user’s identity, as recognized by Paquin.
Hodgkinson teaches determining based on the policy token and an identity token corresponding to a user, a set of identity attributes from the identity token, wherein the identity token is stored on the user device (para 48, line 1-15 and para 54, line 1-18; client 105 receives security policy 150 and receives a security token from identity provider 135, where the security token includes information about the user that can satisfy all the requests of the relying party); and 
initiating verification of the user with the policy token and the set of identity attributes from the identity token without revealing the identity attributes (para 49, line 1-19 and para 71, line 1-25; client sends the security token to relying party, where the security token includes information about the user that can satisfy all the requests contained in the security policy and policy token includes data that is derived from a value managed by the identity provider and not a specific datum, such as the actual user age).
wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes (para 37, line 1-13 and para 38, line 1-11; the security policy 150 may contain requests for different user information, such as name, mailing address, and Social security number).
4.	Claims 2, 7-10, 12-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hodgkinson in view of Paquin and Avetisov et al. (US Pub. 2020/0067907), hereinafter Avetisov, filed Apr. 2, 2019.
Regarding claim 2, Hodgkinson and Paquin teaches method of claim 1.
Hodgkinson teaches the policy token and the token server computer (para 48, line 1-15 and para 54, line 1-18; client 105 receives security policy 150 and receives a security token from identity provider 135)
Hodgkinson and Paquin do not teach wherein the token is cryptographically signed using a private key corresponding to the server computer, and wherein the method further comprises: verifying, by the user device, the token using a public key corresponding to the server computer.  
Avetisov teaches wherein the token is cryptographically signed using a private key corresponding to the server computer, and wherein the method further comprises: verifying, by the user device, the token using a public key corresponding to the server computer (para 32, line 1-32 and para 33, line 1-32; a client and remote server may engage in verification of proof, where the proof or token is signed with a private key and a corresponding public key is used to verify the data was signed by the holder of the private key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide a client and remote server may engage in verification of proof, where the proof or token is signed with a private key and a corresponding public key is used to verify the data was signed by the holder of the private key.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 7, Hodgkinson, Paquin, and Avetisov teach method of claim 1.
Hodgkinson and Paquin do not teach wherein initiating verification of the user comprises the user device generating a zero-knowledge proof and then transmitting the zero-knowledge proof to an identity service provider computer, wherein the identity service provider computer verifies the zero-knowledge proof to verify the user.
Avetisov teaches wherein initiating verification of the user comprises the user device generating a zero-knowledge proof and then transmitting the zero-knowledge proof to an identity service provider computer, wherein the identity service provider computer verifies the zero-knowledge proof to verify the user (para 27, line 1-33 and para 32, line 1-31; user generates a zero-knowledge proof of secret retained values to establish an identity and transmits it to remote server for authentication).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide user generates a zero-knowledge proof of secret retained values to establish an identity and transmits it to remote server for authentication.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 8, Hodgkinson, Paquin, and Avetisov teach method of claim 7.
Hodgkinson and Paquin do not teach wherein the identity service provider computer generates a verification message based on the verification of the zero- knowledge proof, 
wherein the identity service provider computer signs the verification message using an identity service provider computer private key, 
wherein the identity service provider computer transmits the verification message to the relying entity computer, and wherein the relying entity computer evaluates the verification message, then performs an interaction with the user device.
Avetisov teaches wherein the identity service provider computer generates a verification message based on the verification of the zero-knowledge proof (para 32, line para 158, line 1-23; remote server verifies the identity of the user using the zero-knowledge proof and notifications may be received in response), 
wherein the identity service provider computer signs the verification message using an identity service provider computer private key (para 33, line 1-31 and para 158, line 1-23; notification may include signed data using private key from server), 
wherein the identity service provider computer transmits the verification message to the relying entity computer, and wherein the relying entity computer evaluates the verification message, then performs an interaction with the user device (para 102, line 1-30; server may transmit an authentication result to the relying party and relying party may grant or deny client request based on the authentication result).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide remote server verifies the identity of the user using the zero-knowledge proof and server may transmit an authentication result to the relying party and relying party may grant or deny client request based on the authentication result.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 9, Hodgkinson, Paquin, and Avetisov teach method of claim 7.
Hodgkinson teaches wherein the token server computer and the identity service provider computer are parts of a single computer entity (para 39, line 1-18; client receives security token 135 from identity provider 135, where security token 135 includes credential that identifies the user).
Regarding claim 10, Hodgkinson, Paquin, and Avetisov teach method of claim 7.
Hodgkinson teaches wherein the proof corresponds to the one or more predicates and the set of identity attributes (para 38, line 1-11 and para 70, line 1-27; the security token from the identity provider serves as proof of user identity, where the corresponding security policy 150 may request different user information, such as name, mailing address, and Social security number).
Hodgkinson and Paquin do not teach the zero-knowledge proof
Avetisov teaches the zero-knowledge proof (para 27, line 1-33; proving knowledge (e.g., by a zero knowledge proof))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide proving knowledge (e.g., by a zero knowledge proof).  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 12, Hodgkinson and Paquin teach apparatus of claim 11.
Hodgkinson teaches wherein initiating verification comprises:  generating a proof based on the one or more predicates and the set of identity attributes (para 38, line 1-11 and para 70, line 1-27; the security token from the identity provider serves as proof of user identity, where the corresponding security policy 150 may request different user information, such as name, mailing address, and Social security number), and 
Hodgkinson does not teach wherein the token was issued to the relying entity computer from the token server 4computer;
Paquin teaches wherein the token was issued to the relying entity computer from the token server 4computer (Fig. 4 and para 36, line 1-16 and para 37, line 1-18; presentation token is provided to relying party 420 from identity selector 430, where the identity selector includes a token store);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson to incorporate the teachings of Paquin to provide presentation token is provided to relying party from identity selector, where the identity selector includes a token store.  Doing so would allow for privacy-preserving identity system that combines tokens with an identity metasystem to allow proof of a user’s identity, as recognized by Paquin.
Hodgkinson and Paquin do not teach generating a zero-knowledge proof and transmitting the zero-knowledge proof to an identity service provider computer, wherein the identity service provider computer verifies the zero-knowledge proof to verify the user.
Avetisov teaches generating a zero-knowledge proof and then transmitting the zero-knowledge proof to an identity service provider computer, wherein the identity service provider computer verifies the zero-knowledge proof to verify the user (para 27, line 1-33 and para 32, line 1-31; user generates a zero-knowledge proof of secret retained values to establish an identity and transmits it to remote server for authentication).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide user generates a zero-knowledge proof of secret retained values to establish an identity and transmits it to remote server for authentication.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 13, Hodgkinson, Paquin, and Avetisov teach apparatus of claim 12.
Hodgkinson and Paquin do not teach wherein the zero-knowledge proof is additionally based on a cryptographic nonce, and wherein the method further comprises: receiving from the relying entity computer, the cryptographic nonce; and transmitting to the relying entity computer, the cryptographic nonce.
Avetisov teaches wherein the zero-knowledge proof is additionally based on a cryptographic nonce, and wherein the method further comprises: receiving from the relying entity computer, the cryptographic nonce; and transmitting to the relying entity computer, the cryptographic nonce (para 201, line 1-41; zero-knowledge proof may be generated with additional credential value and relying party may receive the additional credential value from user and transmit it to user account).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide zero-knowledge proof may be generated with additional credential value and relying party may receive the additional credential value from user and transmit it to user account.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 14, Hodgkinson, Paquin, and Avetisov teach apparatus of claim 12.
Hodgkinson teaches wherein each predicate of the one or more predicates comprises: one or more target identity attributes; one or more comparison values; and a comparison function (para 71, line 1-25; relying parties are interested in knowing whether a user was born a sufficient number of years ago to meet some requirement and determine if the value meet certain criteria, such as if the customer is 21 years old in order to buy alcohol).
Regarding claim 15, Hodgkinson, Paquin, and Avetisov teach apparatus of claim 14.
Hodgkinson teaches wherein the comparison function comprises an inequality function or a set-membership function (para 71, line 1-25; relying parties are interested in knowing whether a user was born a sufficient number of years ago to meet some requirement and determine if the value meet certain criteria, such as if the customer is 21 years old in order to buy alcohol).  
Regarding claim 16, Hodgkinson, Paquin, and Avetisov teach apparatus of claim 14.
Hodgkinson teaches wherein generating the proof comprises generating one or more sub-proofs corresponding to each predicate of the one or more predicates, wherein the one or more sub-proofs corresponding to each predicate each indicate an output of a corresponding comparison function with inputs comprising: the one or more comparison values; and one or more identity attribute values corresponding to the one or more target identity attributes (para 38, line 1-11 and para 71, line 1-25; security token may include different information about the user requested in the security policy, where relying parties are interested in knowing whether a user was born a sufficient number of years ago to meet some requirement and determine if the value meet certain criteria, such as if the customer is 21 years old in order to buy alcohol or over 25 in order to rent a car).
Hodgkinson and Paquin do not teach the zero-knowledge proof
Avetisov teaches the zero-knowledge proof (para 27, line 1-33; proving knowledge (e.g., by a zero knowledge proof))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide proving knowledge (e.g., by a zero knowledge proof).  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 17, Hodgkinson teaches a method comprising:
Hodgkinson teaches receiving, by an identity service provider computer, from a user device, a proof generated at least in part using a policy token and a set of identity attributes stored on the user device (para 48, line 1-15 and para 54, line 1-18; client 105 receives security policy 150 and receives a security token from identity provider 135, where the security token includes information about the user that can satisfy all the requests of the relying party);
wherein the policy token comprises one or more predicates, wherein each predicate corresponds to one or more identity attributes from the set of identity attributes (para 37, line 1-13 and para 38, line 1-11; the security policy 150 may contain requests for different user information, such as name, mailing address, and Social security number).
Hodgkinson and Paquin do not teach the zero-knowledge proof
verifying, by the identity service provider computer, the zero-knowledge proof; generating, by the identity service provider computer, based on the verification of the zero-knowledge proof, a verification message;
cryptographically signing, by the identity service provider computer, the verification message using a private key corresponding to the identity service provider computer; and 
transmitting, by the identity service provider computer, to the relying entity computer, the verification message, wherein the relying entity computer thereafter performs an interaction with the user device based on the verification message.
Avetisov teaches the zero-knowledge proof (para 27, line 1-33; proving knowledge (e.g., by a zero-knowledge proof))
verifying, by the identity service provider computer, the zero-knowledge proof; generating, by the identity service provider computer, based on the verification of the zero-knowledge proof, a verification message (para 32, line para 158, line 1-23; remote server verifies the identity of the user using the zero-knowledge proof and notifications may be received in response);
cryptographically signing, by the identity service provider computer, the verification message using a private key corresponding to the identity service provider computer (para 33 and para 158, line 1-23; notification may include signed data using private key from server); and 
transmitting, by the identity service provider computer, to a relying entity computer, the verification message, wherein the relying entity computer thereafter performs an interaction with the user device based on the verification message (para 102, line 1-30; server may transmit an authentication result to the relying party and relying party may grant or deny client request based on the authentication result).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide remote server verifies the identity of the user using the zero-knowledge proof and server may transmit an authentication result to the relying party and relying party may grant or deny client request based on the authentication result.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 19, Hodgkinson, Paquin, and Avetisov teach method of claim 17.
 Hodgkinson and Paquin do not teach wherein the relying entity computer verifies the verification message using a public key corresponding to the identity service provider computer.
Avetisov teaches wherein the relying entity computer verifies the verification message using a public key corresponding to the identity service provider computer (para 33, line 1-31 and para 102, line 1-30; relying party may grant or deny client request based on the authentication result, where verification of proof includes verifying using a public key corresponding to the private key of the entity used for signing).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide relying party may grant or deny client request based on the authentication result, where verification of proof includes verifying using a public key corresponding to the private key of the entity used for signing.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Regarding claim 20, Hodgkinson, Paquin, and Avetisov teach method of claim 17.
 Hodgkinson teaches wherein the proof comprises a plurality of sub-proofs, wherein the plurality of sub-proofs comprises one or more sub-proofs corresponding to the one or more predicates from the policy token, and one or more sub-proofs corresponding to one or more identity attribute signatures corresponding to one or more identity attributes, and wherein verifying the proof comprises: verifying, by the identity service provider computer, the plurality of sub- proofs corresponding to the proof using a plurality of sub-verifiers, the plurality of sub-verifiers each corresponding to a sub-proof of the plurality of sub-proofs (para 38, line 1-11 and para 39, line 1-18 and para 71, line 1-25; security token may include different information about the user requested in the security policy, where security token includes credential that identifies the user and is encrypted in some manner and perhaps signed and/or time stamped by identity provider 135, where relying parties are interested in knowing whether a user was born a sufficient number of years ago to meet some requirement and determine if the value meet certain criteria in each audit policy, such as if the customer is 21 years old in order to buy alcohol or over 25 in order to rent a car).
Hodgkinson and Paquin do not teach the zero-knowledge proof
Avetisov teaches the zero-knowledge proof (para 27, line 1-33; proving knowledge (e.g., by a zero knowledge proof))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide proving knowledge (e.g., by a zero knowledge proof).  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
5.	Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Hodgkinson in view of Paquin, Avetisov, and Linton et al. (US Pub. 2020/0169879), hereinafter Linton, filed Nov. 28, 2018.
Regarding claim 5, Hodgkinson and Paquin teaches method of claim 1.
Hodgkinson and Paquin do not teach receiving, by the user device, from an identity provider, via the token server computer, a first cryptographic nonce and a public identity provider key;
validating, by the user device, the identity provider public key; 
generating, by the user device, a second random nonce; 
generating, by the user device, a commitment of a master secret; generating, by the user device, a message comprising the second random nonce, and a user device public key;  
encrypting, by the user device, the message using the identity provider public key, thereby generating an encrypted message;
Avetisov teaches receiving, by the user device, from an identity provider, via the token server computer, a first cryptographic nonce and a public identity provider key (Fig. 1 and para 63, line 1-20 and para 85, line 1-36; client device communicates with TEE 103, where TEE 103 communicates with authentication server 155 for receiving public key and a value that is altered for different data); 
validating, by the user device, the identity provider public key (para 64, line 1-22; client device may use the disseminated public key of the key pair to verify the signature); 
generating, by the user device, a second random nonce (para 63, line 1-20 and para 85, line 1-36; client device communicates with TEE 103 may generate a value that is altered to generate different cryptographic keys for different data); 
generating, by the user device, a commitment of a master secret; generating, by the user device, a message comprising the second random nonce, and a user device public key (para 27, line 1-33 and para 164, line 1-29; user generates a zero-knowledge proof of secret retained values to establish an identity, where the identity may contain one or more cryptographic public keys and a value retained in secret by the user, and may communicate these information through an interface); 
encrypting, by the user device, the message using the identity provider public key, thereby generating an encrypted message (para 27, line 1-33 and para 164, line 1-29; user may use an asymmetric encryption protocol on the provided information, such as a public key verifying the user credentials);       
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide user generates a zero-knowledge proof of secret retained values to establish an identity, where the identity may contain one or more cryptographic public keys and a value retained in secret by the user, and may communicate these information through an interface.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
Hodgkinson, Paquin, and Avetisov do not teach generating, by the user device, a proof of the commitment; generating, by the user device, a message comprising the commitment, the proof of the commitment,
Linton teaches generating, by the user device, a proof of the commitment; generating, by the user device, a message comprising the commitment, the proof of the commitment (para 79, line 1-6 and para 82, line 1-17; user mobile device 60 creates a message using a secret of the user, a commitment of the user secret, and a zero-knowledge proof of the knowledge of the user secret),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson, Paquin, and Avetisov to incorporate the teachings of Linton to provide user mobile device 60 creates a message using a secret of the user, a commitment of the user secret, and a zero-knowledge proof of the knowledge of the user secret.  Doing so would allow for authenticating cellular network users through credentials, as recognized by Linton.
Hodgkinson teaches transmitting, by the user device, to the identity provider, via the token server computer, the encrypted message (para 39, line 1-18 and para 143, line 1-17; user transmits a request to the identity provider 135, where the transmitted request is encrypted), 
wherein the identity provider decrypts the message using an identity provider private key and generates a cryptographic signature, a proof of the cryptographic signature, and the one or more identity attributes; receiving, by the user device, from the token server computer, the identity token comprising the one or more identity attributes, the cryptographic signature, and the proof of the cryptographic signature (para 39, line 1-18 and para 70, line 1-28; identity provider 135 sends a security token to the user, where the security token includes pieces of information of the user that is encrypted, signed, and/or timestamp so that relying party 130 can be certain that the security token originated with identity provider 135); 
verifying, by the user device, the proof of the cryptographic signature; and storing, by the user device, the identity token (para 39, line 1-18 and para 71, line 1-25; user receives and audits the information in the security token).
Regarding claim 6, Hodgkinson, Paquin, Avetisov, and Linton teach method of claim 5.
Hodgkinson teaches wherein the one or more identity attributes, the cryptographic signature, and the proof of the cryptographic signature are encrypted using the user device public key, and wherein the method further comprises: receiving, by the user device, the one or more identity attributes, the cryptographic signature, and the proof of the cryptographic signature (para 39, line 1-18 and para 70, line 1-28; user device receives a security token from identity provider 135, where the security token includes pieces of information of the user that is encrypted, signed, and/or timestamp so that relying party 130 can be certain that the security token originated with identity provider 135).
Hodgkinson and Paquin do not teach decrypting, by the user device using a user device private key
Avetisov teaches decrypting, by the user device using a user device private key (para 64, line 1-22; client may decrypt the encrypted data using its private key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson and Paquin to incorporate the teachings of Avetisov to provide client may decrypt the encrypted data using its private key.  Doing so would allow for identity management techniques leveraging decentralized computing platforms, as recognized by Avetisov.
6.	Claims 18 is rejected under 35 U.S.C. 103 as being unpatentable over Hodgkinson in view of Paquin, Avetisov, and Dunjic et al. (US Pub. 2019/0372993), hereinafter Dunjic, filed Jun. 5, 2018.
Regarding claim 18, Hodgkinson, Paquin, and Avetisov teach method of claim 17.
 Hodgkinson, Paquin, and Avetisov do not teach receiving, by the identity service provider computer, from the user device, a cryptographic nonce, wherein the user device received the cryptographic nonce from the relying entity computer; and transmitting, by the identity service provider computer, to the relying entity computer, the cryptographic nonce, wherein the relying entity computer verifies the cryptographic nonce.
Dunjic teaches receiving, by the identity service provider computer, from the user device, a cryptographic nonce (para 67, line 1-16; authorization server receives a cryptographic nonce from client device), 
wherein the user device received the cryptographic nonce from the relying entity computer (para 56, line 1-14 and para 65, line 1-18; relying party generates the cryptographic nonce for client device); and 
transmitting, by the identity service provider computer, to the relying entity computer, the cryptographic nonce, wherein the relying entity computer verifies the cryptographic nonce (para 67, line 1-16; authorization server transmits nonce to store of nonce for verification for relying party).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hodgkinson, Paquin, and Avetisov to incorporate the teachings of Dunjic to provide authorization server receives a cryptographic nonce from client device and relying party generates the cryptographic nonce for client device.  Doing so would allow for Identity and access management systems enable user authentication and authorization across autonomous security domains, as recognized by Dunjic.
Conclusion
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following are relevant prior arts: Gifford et al. (US Pub. 2007/0192619) discloses an identity confirmation device comprises a token issuer  and an authentication device, the token issuer being programmable by a central identity provider to issue certification tokens for use in e-commerce;  Hayes et al. (US Pub. 2019/0158487) discloses cryptographically transmitting and storing identity tokens and/or activity data among spatially distributed computing devices; Miu (US Pub. 2015/0058950) discloses receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request.
8.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492