DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.  This Non-Final Office Action is in response to amendment filed on 11/14/2022.
	Claims 1, 8 and 12 have been amended. Claims 9, 16-17 have been/remain canceled. Claims 1-8, 10-15 and 18-21 remain pending in the application. 

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 11/14/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/14/2022 has been entered.

Response to Amendment

The amendment filed 11/14/2022 has been entered. Claims 1, 8 and 12 have been amended. Claims 9, 16-17 have been/remain canceled. Claims 1-8, 10-15 and 18-21 remain pending in the application. 

Response to Arguments

Regarding Applicant’s arguments, on page 7-17 of the remark filed on 11/14/2022, on the newly added limitations of independent claim 1: “wherein the request is associated with one or more attributes selected by a verifier from the at least one requested credential of various types of credentials of the credential owner;.,”, arguments are not persuasive.
Applicant argues on pages 7-8 of the remarks filed on 11/14/2022 that the cited references fail to expressly or inherently disclose or make obvious the features that incorporate the request is associated with one or more attributes selected by a verifier from the at least one requested credential of various types of credentials of the credential owner. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Vetter teaches on Col. 5 lines 30-55 that the request corresponding to the credential management system and validating device or verifier includes information identifying the account of the user that details attributes of the user such as employee identification number., employee title etc.. Vetter discloses on Col. 8 lines 15-38 that the request includes user information or attributes that is stored an relayed to the validating device. Vetter describes on Col. 16 that the user information or attributes associated with the request may include social security number, passport information etc. Examiner suggest amending the claims by further defining what the one or more attributes associated with the request includes to teach away from user information and the request and credential management system of Vetter as describes on Page 10 of the instant application in the specifications that describes the certain number of attributes and what they entail. 
Applicant further argues on pages 7-8 of the remarks filed on 11/14/2022 that the cited references fail to expressly or inherently disclose or make obvious the features that incorporate two different credential management systems and two credential management providers as well as prior art reference Raleigh dramatically differs from the present application. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Raleigh teaches on Par. (0735) the utilization of two different credential management systems with a second user communicating with another credential management system. Raleigh discloses on Par. (1690) the use of one or more credential management systems. Raleigh teaches on Par. (0008) the use of multiple service providers of carriers corresponding to the credentials management system. The motivation to combine Raleigh with Vetter, Chen and Oberhauser is because of the similarities with the instant application and creating a secure way to verify credential management systems with multiple users in the network. Examiner acknowledges and appreciates the Applicant notes and addressing concerns on page 15-16 of the remarks filed on 11/14/2022 however it becomes difficult for the Examiner to broadly and reasonably interpret in light of the specification that the intended purpose of the invention is to provide freedom for the credential owner and verifier in choosing their credential service providers. Examiner suggest  incorporating that concept in the independent claims by amending the claims to reflect a selection step or process of the carriers to teach away from a single point of access to further enhance the scope of the claims.


Claim Objections

Claim 10 are objected to because of the following informalities:

In regards to Claim 10, the applicant recites the limitations “the method of claim 9, wherein the sharing credential token comprises a globally unique ID generated based on a timestamp.”, this creates confusion as claim 10 is dependent on recently claim 9. This claimed limitation recites improper dependency and should be amended to be dependent of a non-canceled claim. Appropriate correction is required.




Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-2, 4-8, 11, and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”) and Chen et al. (U.S No. 9397980, hereinafter referred to as Chen) and  Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”) in further view of Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”)


	Regarding Independent Claim 1 (Currently Amended), Vetter teaches a method for verifying at least one requested credential of a credential owner, comprising:  (Col. 2 lines 54-67 and Col. 3 lines 1-9 “a credential provisioning process that provisions an account for a client application running on a client device such that the client application can access the certain network resources of a computer network environment [..] Responsive to a request from the client device, a server computer (e.g., of the virtual mobile device platform) may operate to verify a user identifier contained in the request against a user entry previously created and stored at the server side.”; verifying a requested credential of a credential owner (verifying a request corresponding to credential of a user))
5(a) providing, by a first credential management system of a first credential service provider subscribed by the credential owner, a sharing credential token and a service endpoint to a requesting device of the credential owner, upon a request from the requesting device; (Col. 2 lines 66-67 and Col. 3 lines 1-9 “a request from the client device, a server computer (e.g., of the virtual mobile device platform) may operate to verify a user identifier contained in the request against a user entry previously created and stored at the server side. The request from the client device may include a temporary password (e.g., a one-time password) for the user,”; providing by a first credential management system of a first credential service provider (request from the client device to server computer) sharing credential token (temporary password)), (Col. 3 lines 10-35 “the one-time password contained in the request from the client device is compared against the one-time password retrieved locally by the server computer. In some cases, further authentication may be needed. For example, if enterprise authentication is required, the server computer may prompt the user to provide their username and password for their enterprise account (referred to herein as “enterprise credentials”). The server computer may utilize an authentication service or directory service to verify the user's enterprise credentials. If the one-time password contained in the request from the client device and the one-time password retrieved locally by the server computer do not match, or if the user cannot be verified using the user's enterprise credentials”; providing by a first credential management system of a first credential service provider, a sharing credential token (server computer prompts user to provide password/one-time password)), (Col. 9 lines 60-67 an Col. 10 lines 1-4 “This credential request may include a link to the credential provisioning service 112 provided by the credential provisioning server 110 with a one-time password (OTP) and an identifier for the user. This link may be expressed as a QR code””; and a service endpoint (QR code)), (Col. 10 lines 5-30 “when a QR code with a credential request is presented to the user in the form of a QR code (e.g., emailed, provided on a physical printout, presented through an accessed web page, etc.), the QR code reader 176 of the client application 172 may be activated and used to scan the QR code. The receipt of the credential request (from FIG. 2 or FIG. 3) by the user's device (e.g., the mobile device 170), for instance, by the QR code reader 176 reading of the QR code may, in turn, cause credential provisioning module 174 in the client application 172 to request the link”; and a service endpoint to a requesting device of the credential owner (QR code with a credential request is presented to the user)), (Col. 10 lines 45-60 “This temporary encryption password is saved temporarily (e.g., for the duration of the credential request, which may take only seconds and not hours or days”; sharing credential token (password based on time)) (Examiner notes: In the instant application on page 7 lines 15-22 the specification refers to a first credential management system, of a first credential service provider as a telecommunication carrier that the user John subscribes to, therefore it will be broadly and reasonably interpreted that this telecommunication carrier could in fact be a mobile device carrier of a user/client device), (Examiner notes: In the instant application on Page 14 lines 8-22 the specification refers a service endpoint being a QR code containing certain information, therefore it will be broadly and reasonably interpreted that service endpoint is some form of a QR code))
wherein the request is associated with one or more attributes selected by a verifier from the at least one requested credential of various types of credentials of the credential owner; (Col. 5 lines 30-55 and Col. 6 lines 20-35 “This request may include information identifying the credential management account of the user as well as the token provided to the user by the employer. [..] may also include information about the credential and/or the associated user 214, such as the employee's title and an employee identification number”; the request is associated with one or more attributes selected by a verifier (request includes information identifying the credential management account of the user; information includes employee title and identification number of employee)), (Col. 8 lines 15-38 “when user 402 registers with credential management application system 422, the application 420 stores, in data repository 416, a user account record 426, including, e.g., information about user 402 and credentials that have been issued to user 402. In this example, the user account record 426 includes user information 428 [..] identity record in the data repository or remote data storage system) and credential information 432 that identifies and/or describes credentials that have been issued to the user (e.g., issued by credential issuing organization systems 450 or 452) and made available through application 420. [..] credential information 432 and/or some of the user information 428 stored in user account record 426 may be transmitted to client device 404 to enable the rendering of a badge that represents a credential identified by the credential information 432 [..] the user information 432 also includes (or points to) data for the user that may be relayed through the application 420 to another user operating a validation device 406. For example, the user information 432 may include a name for user 402, a photograph of user 402, demographic information for user 402, and/or other personally identifying information for user 402, including, e.g., a biometric identifier for user 402..”; the request is associated with one or more attributes selected by a verifier (user account information corresponding to request of credential management system that is stored and relayed to validation device)), (Col. 16 lines 20-44 “or acquiring access to one or more credentials. As part of process 700, a digital certificate may be acquired from a certificate authority system to increase trust in a credential management system, for example, on the part of credential issuing organizations that allow access to credentials [..] the registration request may include an identifier for a client device associated with a user. In some implementations, the registration request may include a unique identifier (e.g., a social security number or a passport number) for the user. The registration request may cause the credential management application system to create or update a credential management account for the user. For example, a user account record 426 may be created or updated by the credential management application system based on the registration request.”; the request is associated with one or more attributes selected by a verifier (request associated with social security number or passport of user)), 
	(c) sending, by the second credential management system of the second credential service provider, a ….. request …… to the first credential management system of the first credential service provider based on the service endpoint; (Col. 9 lines 10-30 “create a credential request for the user using the administrator interface 114 (203). This credential request may include a link (e.g., Universal Resource Locator (URL)) to a credential provisioning service 112 provided by the credential provisioning server 110, a one-time password (OTP) (e.g., a random password, valid once or for a certain amount of time) and an identifier for the user. [..] the link may be expressed as a Quick Response (QR) code, which can be provided to the user via a physical printout, an email, a web page in a browser on a PC, etc.”; request (credential request corresponding to identifier of user) based on the service endpoint (expressed as a QR code)), (Col. 9 lines 60-67 “A credential request may then be provided to the user through the web page (307). This credential request may include a link to the credential provisioning service 112 provided by the credential provisioning server 110 with a one-time password (OTP) and an identifier for the user. This link may be expressed as a QR code, which can be presented to the user through the web page.”; sending a  request (credential request is provided) to the first credential management system of the first credential service provider (provided to the user))), (Col. 10 lines 4-30 “a QR code with a credential request is presented to the user in the form of a QR code (e.g., emailed, provided on a physical printout, presented through an accessed web page, etc.), the QR code reader 176 of the client application 172 may be activated and used to scan the QR code. The receipt of the credential request (from FIG. 2 or FIG. 3) by the user's device (e.g., the mobile device 170), for instance, by the QR code reader 176 reading of the QR code may, in turn, cause credential provisioning module 174 in the client application 172 to request the link (e.g., URL) embedded in the QR code”; sending by a second credential management system of the second credential service provider a proof request to the first credential management system of the first service provider (receipt of the credential request by the user’s device)), (Col. 10 lines 44-65 “the credential provisioning module 174 application may send a request for credentials to the credential provisioning service 112 provided by the credential provisioning server 110, where the request includes an identifier for the user, the OTP for the user, the device type,”; sending by the second credential management system of the second credential service provider a request (credential provisioning module 112 of user/mobile device sends a credential request containing an identifier for the user)), (Examiner’s note: In the instant application on Page 8 lines 1-4 the specifications states the first credential management system of the first credential service provider may be the same as the second credential management system of the second credential service provider, therefore it will be broadly and reasonably interpreted that the both the first and second management systems are equivalent or shared.))
	However Vetter does not explicitly teach (b) receiving, by a second credential management system of a second credential service provider, from a verifying device of the verifier subscribing to the second credential service provider through the requesting device of the credential owner, the sharing credential token and the service endpoint, wherein the first credential service provider differs from the second credential service provider, the first credential management system differs from the second credential management system; a proof request containing the sharing credential token and information indicating the one or more attributes ….. (d) generating, by the first credential management system of the first credential service provider, a proof based on the proof request after determining that the sharing credential token is valid; and (e) verifying, by the second credential management system of the second credential service provider, the proof received from the first credential management system of the first credential service provider based on credential cryptography information retrieved from a distributed ledger.
	Wherein Chen teaches (b) receiving, by a second credential management system of a second credential service provider, from a verifying device of the verifier subscribing to the second credential service provider through the requesting device of the 10credential owner, the sharing credential token and the service endpoint; (Col. 3 lines 35-45 “Credentials may be issued to users by one or more credential issuing organizations [..] credential issuing organizations are a government agency, a telecommunications service provider, a banking or other financial services institution, a gym, or a museum, among others”; second credential management system of a second credential service provider (one or more credential issuing organization corresponding to telecommunication service provider)), (Col. 9 lines 41-65 “The user may then present the token to the credential management application system 422 as part of a credential registration request sent from the user's client device (e.g., client device 404) to associate the credential with the user's client device. In response, credential management application system 422 may transmit the token to credential issuing organization system 450. The credential issuing organization system 450 then may match the token received from credential management application system 422 to the credential that the credential issuing organization issued to the user and provide data associated with the credential to the credential management application system 422”; receiving by a second credential management system of a second credential service provider (credential management application system may transmit the token to the credential issuing organization system) from a verifying device of a verifier (credential management application system) through the requesting device (user)), (Col. 7 lines 16-40 “the credential management application system 422 which may confirm or deny the validity of the presented credential in a validation message responsive to the validation request.”; verifying device of a verifier (validation device and credential management application system corresponding to checking of validity)), (Figure 4 labels 406, 422 and 420; verifying device of a verifier (validation device transmitting information corresponding to credential management system)), (Col. 17 lines 25-62 “A request to retrieve the one or more credentials may be transmitted 726 to the credential management system. The request to retrieve the credential(s) may include the token and information identifying the credential management account of the user. In some implementations, the request to retrieve the credential(s) may be transmitted [..] to initiate communications with the credential issuing organization system [..] The token may be forwarded to the credential issuing organization system, and the credential issuing organization may use the token to identify the credential(s) that have been issued to the user”; receiving by a second credential management system of a second credential service provider, a sharing credential token and service endpoint (credential management system receives request with sharing credential token (token) and service endpoint (identifying information) and forwards it to credential issuing organization)), Col. 18 lines 11-30 “Data encoding a portion of a badge representing a credential may be received 730 from the credential management system. the data encoding a portion of the badge may include a QR code (or data capable of being encoded within a QR code) that identifies the credential.”; identifying information/data received corresponding to service endpoint (QR code)), (Col. 5 lines 5-25” the employee's mobile device (e.g., responsive to input from the employee) may send a credential request including the digital certificate to a server system operated by the employer. The employer then determines if it has issued a credential to an employee associated with the social security number communicated with the digital certificate in the request for the credential.”; through the requesting device (employees mobile device sending a credential request)), (Col. 5 lines 35-55 “The credential management server then may use an interface (which may be referred to herein as a connector) to the employer to transmit the token for the user to the employer. In some implementations, the interface to the employer may be a secure dedicated interface to the employer. The employer may use the received token to identify the user and any credential(s) associated with the user.”; receiving the sharing credential token (employer of credential management system with received token)), (Col. 15 lines 60-67 and 16 lines 3-10 “The CIO system 450 may return data for all (or multiple of) the credentials issued to the user through the connector to the CMA system 422. In some other implementations, the token may have a one-to-one correspondence with a particular credential issued to the user by the CIO system 450. In response to the request for the credential including the token, the CIO system 450 may return data for only the particular credential associated with the token through the connector to the CMA system [..] The CMA system 422 may receive the data for the credential(s) and then transmit 668 to the client device 404 received data for the credential(s) including data that encodes a portion of a badge or badges representing the credential(s).”; receiving by the second credential management system, a service endpoint (data corresponding to QR code is received by credential management application (CMA) that corresponding to credential issuing organization (CIO)),
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chen within the teachings of Vetter to include the receiving of a sharing credential token and service endpoint from a second credential management system/credential service provider that is from a verifying device of a verifier through the initial requesting device because of the analogous concept of credential verification and issuance and secure protection through credential services. Chen includes a process in which a second credential service provider receives a token and service endpoint in the form of a QR code from the verifying device. This is important because by implementing multiple credential management systems the conventional way of credential verification becomes more flexible, intuitive and more effective. Government employees, medical practitioners and financial professionals instead of physically presenting a badge to an issuer can be verified digitally though two ways, the bar/ QR code or through the token. This proves important in situations where user’s misplace, lose, or are affected by theft of credentials, because by receiving at a second credential management system compromise or forgery is less likely because of the corresponding service endpoint and token have to be verified first by a device before it is received by the credential management system/service provider. This in return promotes high credibility and confidence for building/facility access and the credential management system as a whole. 
	However Vetter and Chen does not explicitly teach wherein the first credential service provider differs from the second credential service provider, the first credential management system differs from the second credential management system;  a proof request containing the sharing credential token and information indicating the one or more attributes (d) generating, by the first credential management system of the first credential service provider, a proof based on the proof request after determining that the sharing credential token is valid; and (e) verifying, by the second credential management system of the second credential service provider, the proof received from the first credential management system of the first credential service provider based on credential cryptography information retrieved from a distributed ledger.
	Wherein Oberhauser teaches a proof request…….. (Par. (0043) “the user may be an employee of a company and may use the PDS 200 to request that the company sign a cryptographic proof”; proof request (request corresponding to cryptographic proof)), (Par. (0006) “a request to verify a badge, the badge comprising [..]a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof;”; proof request (request to verify corresponding includes cryptographic proof)), (Par. (0026) “a trust structure may be provided that allows a user to precisely specify which items of personal data are to be shared with, and/or proven to, which entity. For instance, when a first organization (e.g., the DMV) verifies multiple items of personal data (e.g., date of birth, social security number, etc.), a separate proof may be provided for each item. In this manner, the user may later decide to submit the proof of a first item (e.g., over 21 years of age) to a second organization (e.g., a bar serving alcoholic beverages), without submitting the proof of a second item (e.g., social security number, home address, or even exact date of birth)”; proof request (personal data that is provided corresponding to identifying information, social security number, address, date of birth etc.)) 
(d) generating, by the first credential management system of the first credential 15service provider, a proof received from the first credential management system of the first credential service provider, a proof based on the proof request after determining that the ….. token is valid; and (Par. (0006) “a request to verify a badge, the badge comprising a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof;”; a proof based a proof request ( request to verify badge corresponding to proof)), (Par. (0004) “to generate an identifier for the user, the identifier comprising a cryptographic proof of the plurality of measurements; instantiating a digital identity representation associated with the identifier for the use”; generating a proof (generate and identifier corresponding to cryptographic proof) by the first management system if the first credential service provider (user)), (Par. (0148-0150) “The user may confirm the change action via at least one additional personal device. [..] authorization may be granted only if two or more personal devices, such as a smartwatch, a smartphone, a laptop, etc., are within some specified distance (e.g., 10 meters) from each other. Additionally, or alternatively, authorization may be granted only if a personal device is in a specified location (e.g., as determined based on GPS data). In some embodiments, if a key is compromised (e.g. if a device is stolen), the compromised key may be revoked and may be replaced with a new key.”; first credential management system of the first credential service provider ( user corresponding to personal device, smartphones, laptops etc.)), (Par. (0038) “cryptographic proofs may be derived in a known manner from items of personal data, and may be signed by trusted entities which verified veracity of the items of personal data. An entity with which a user has shared an item of personal data (e.g., a social security number) may readily check that an alleged cryptographic proof was indeed derived from the item of personal data, and that the cryptographic proof was indeed signed by a trusted entity (e.g., a government agency or an employer). However, it may be computationally infeasible for another entity to reconstruct the item of personal data from the cryptographic proof alone.”; first credential service provider corresponding to proof ( cryptographic proofs derived correlating to entity/user)), (Par. (01180” a cryptographic proof in the other badge is generated from the received attribute value using an algorithm specified in the other badge, and/or the other badge is signed by the verifying entity.”; proof generated after determining that the token is valid (proof is generated after receiving attribute value that is signed by verifying entity)), (Par. (0141-0143) “a user or an organization) may be associated with multiple cryptographic keys. The inventors have recognized and appreciated that there may be a tradeoff between security and usability. Accordingly, in some embodiments, a system may be provided that allows an entity to choose an appropriate number of keys [..] sensitive attribute values (e.g., passport number) may be [..] multi-key authorization. For instance, a user may seek authorization to change such an attribute value by presenting multiple keys upon authentication. In some embodiments, each key may be associated with a different device. For instance, a user may have a first key for a laptop, a second key for a smartphone, a third key for a smartwatch”; attribute values that are verified corresponding to token (keys))
(e) verifying, by the second credential management system of the second credential service provider, the proof received from the first credential management system of the first credential service provider based on credential cryptography information retrieved from a distributed ledger. (Par. (0007) “an entity that is responsible for verifying the second badge, and a second attribute attestation corresponding to the at least one attribute; determining whether to trust the entity responsible for verifying the second badge; and in response to determining that the entity responsible for verifying the second badge is to be trusted, checking whether: (1) the second attribute attestation is in a VERIFIED state; (2) the second cryptographic proof is a valid proof of the received value corresponding to the at least one attribute;”; verifying by the second credential management system of the second credential service provider (an entity verifying the second badge) the proof based on the credential cryptography information (second attribute is in a verified state and the second cryptographic proof is a valid proof))), (Par. (0025) “a trust structure may be provided to allow attestations (e.g., identity attestations) to be relied upon across multiple entities”; second credential service provider (multiple entities)), (Par. (0029) “a distributed ledger may be used to implement a trust structure to allow attestations (e.g., identity attestations) to be relied upon across multiple entities. In some embodiments, a distributed ledger may be used to record attestations by trusted entities, so that other entities need not independently verify the attested facts.”; retrieved from a distributed ledger ( multiple entities corresponding to distributed ledger)), (Par. (0149-0150) “In this way, a level of security may be increased so that it may be more difficult to impersonate the user. In some embodiments, M may be equal to a total number of devices registered to the user. [..] authorization may be granted only if two or more personal devices, such as a smartwatch, a smartphone, a laptop, etc., are within some specified distance (e.g., 10 meters) from each other. Additionally, or alternatively, authorization may be granted only if a personal device is in a specified location (e.g., as determined based on GPS data”; second credential management system of the second credential service provider (total number of device/ two or more personal devices)), (Par. (0151) “to derive the original sensitive data from the proofs. By including only non-sensitive proofs in the shared distributed ledger, a high degree of privacy can be achieved. Secure off-ledger communication channels between entities may be used to share the original sensitive information [..] a granular structure of attributes, which may further improve privacy. For instance, instead of sharing unnecessary information (e.g., home address or actual birth date), only information that is relevant for a particular context (e.g., over 21 years of age for purposes of purchasing an alcoholic beverage) may be shared with another entity.”; proof based on cryptography information retrieved from a distributed ledger (proofs with privacy information corresponding to distributed ledger)), (Par. (0038) “cryptographic proofs may be derived in a known manner from items of personal data, and may be signed by trusted entities which verified veracity of the items of personal data. An entity with which a user has shared an item of personal data (e.g., a social security number) may readily check that an alleged cryptographic proof was indeed derived from the item of personal data, and that the cryptographic proof was indeed signed by a trusted entity”; proofs based on cryptographic information (cryptographic proofs corresponding to personal data i.e. social security number))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter and Chen to include a proof request, generating a proof based on the request by the credential service provider and verifying the proof based on cryptographic information from a distributed ledger by the credential management system because of the analogous concept of credential verification and issuance and secure protection through credential services. Oberhauser includes a process of generating a proof based on the request by the credential management system and verifying by another credential management system the proof based on cryptographic information used from a distributed ledger. This is significant because it provides a solution to the conventional way credentials are verified, processed and issued. This promotes a solution to the drawbacks and disadvantages of paper cards, smart cards, IC/ magnetic stripe cards. By generating a proof based on cryptographic information corresponding to a blockchain or distributed ledger security officials in government facilities, medical building or financial institutions would be provided a real time verification system instead of contacting with credential issuer that leads to long wait times and delays. This proves important for employees or visitors attempting to gain access to facilities without having to wait on credential issuers if the physical cards are lost or stolen. 
The motivation to combine these references is because by generating a proof based on the request and having a second credential management system verify the proof corresponding to cryptographic information on a distributed ledger a digital credential system is put in place to provide a more efficient and effective way to verify whether an individual is a genuine and valid person and lessens the overhaul and overload of databases storing thousands of credential information dating decades in the past. This in return leads to a less likelihood of compromise or impersonation in the credential system in regards to government building and medical and financial institution and thus maintains the integrity of the credential system as a whole.
However Vetter, Chen and Oberhauser do not explicitly teach wherein the first credential service provider differs from the second credential service provider, the first credential management system differs from the second credential management system; a proof request containing the sharing credential token and information indicating the one or more attributes, the sharing credential token
Wherein Raleigh teaches wherein the first credential service provider differs from the second credential service provider, the first credential management system differs from the second credential management system; (Par. (0428) “Some credentials (e.g., a SIM, a phone number, etc.) may be moved from one mobile wireless communication device 100 to another mobile wireless communication device 100, whereas other credentials are permanently associated with a mobile wireless communication device 100 (e.g., an ESN, a device identifier, etc.). This document often refers to a credential as uniquely identifying the mobile wireless communication device 100 because even a credential that can be moved from one mobile wireless communication device 100”; credentials associated with mobile wireless devices)), (Par. (0011) “mobile wireless communication devices in a uniform consistent manner across different devices and/or different service providers using one or more APIs.”; first credential service provider differs from the second credential service providers (mobile wireless devices corresponding to credentials include different service providers )), (Par. (1774) “the first service provider updates the portion of the credential of the SIM based on information obtained from a pre-stored database containing credential information for one or more service providers including the second service provider.”; first and second service providers associated with credentials)), (Par. (1782) “a first credential management system operated by a first credential management entity interacts with a second credential management system operated by a mobile network operator to change a temporary (or first) credential associated with a mobile device 100 or a user of a mobile device 100 into a permanent (or second) credential associated with the mobile device 100 or the user of the mobile device 100. In some embodiments, the first credential management system also interacts with a device agent 1001”; first and second credential management system)), (Par. (1782) “the first credential management system also obtains a permanent (second) PRL from the second credential management system and also causes the device to replace a temporary (first) PRL with the permanent (second) PRL. In some embodiments, the first credential management system further provides at least an aspect of the temporary (first) credential to the second credential management system.”; first credential management system differs from second credential management system (first credential management system obtaining credential information from second credential management system))
a proof request containing the sharing credential token and information indicating the one or more attributes.. (Par. (0736) “when the user indicates being a “master” user, the mobile wireless communication device 100 presents a request to enter a credential, e.g., to confirm that the user is a “master” user. In some embodiments, when the user indicates being a “non-master” user, the mobile wireless communication device 100 presents a request to enter a credential, e.g., to confirm that the user is a “non-master” user.”; proof request (request to enter credential to confirm)) (Par. (0855) “ The sign-up request  [..] a one-time token, associates it with the master subscriber (e.g., device credential, user credential, account credential, etc.), stores the token and the credential in the database 117 (labeled DB) and then delivers the token to the master subscriber (via the device agent 1001A). The master subscriber shares the one-time token with the intended secondary subscriber (e.g., via email, SMS, MMS, an image that can be scanned”; proof request containing the sharing credential token (request associated with token that is shared corresponding to the credentials)), (Par. (0856-0859) “the master device subscriber shares the token with the secondary device 100B by displaying, on the master device 100A screen, an image that can be scanned [..] the token is a PIN and the PIN is delivered out-of-band to the secondary device subscriber (e.g., via SMS, email message, etc.). In some embodiments, the secondary device subscriber calls an interactive voice recognition (IVR) system and enters the PIN.”; sharing credential token (token associated with credential that is shared)), (Par. (0875) “the sharing attributes may be stored in the sign-up request processor database and associated with the sharing token. When the secondary device subscriber is provisioned onto the sharing plan, the sharing attributes are also communicated to the subscriber management system 9004 along with the “add” request.”; and information indicating the one or more attributes (request corresponding to sharing attributes))
the sharing credential token (Par. (0855) “ The sign-up request  [..] a one-time token, associates it with the master subscriber (e.g., device credential, user credential, account credential, etc.), stores the token and the credential in the database 117 (labeled DB) and then delivers the token to the master subscriber (via the device agent 1001A). The master subscriber shares the one-time token with the intended secondary subscriber (e.g., via email, SMS, MMS, an image that can be scanned”; proof request containing the sharing credential token (request associated with token that is shared corresponding to the credentials)),
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Raleigh within the teachings of Vetter, Chen and Oberhauser to include a first credential service provider differs from the second credential service provider the first credential management system differs from the second credential management system and a proof request containing the sharing credential token because of the analogous concept of credential management and verification and issuance and secure protection through credential services. Raleigh includes a process in which a first and second credential management system and service providers are implemented. This is significant because it adds flexibility and versatility to the credential management system. This allows government employees, financial brokerages, medical institution and more to be able to verify the identity of multiple individuals without over traffic or funneling through a single credential management system. By having a difference in credential management and service providers security of high confidential building can efficiently and effectively manage various types of cliental such as guests, specialist and other officials without delay. By also having a proof request that contains a shared token multiple components of the credential management system can establish trust and verify reoccurring users entering the buildings. This adds clarity to the credential management system and allows the security and integrity of the buildings to identify possible harm or irregularities. 

Regarding Dependent Claim 2 (Original), the combination of Vetter, Chen, Oberhauser and Raleigh  teach the method of claim 1, Vetter further teaches the method of claim 1, wherein step (a) further comprises authenticating, by the first credential service provider, the requesting device of the credential owner based on an identification (ID) of the requesting device. (Col. 3 lines 10-35 “the server computer may prompt the user to provide their username and password for their enterprise account (referred to herein as “enterprise credentials”). The server computer may utilize an authentication service or directory service to verify the user's enterprise credentials. If the one-time password contained in the request from the client device and the one-time password retrieved locally by the server computer do not match, or if the user cannot be verified using the user's enterprise credentials,”: authentication the requesting device by the first credential service provider (server computer authenticates user)), (Col. 11 lines 19-35 “the request from the credential provisioning module 174 is received by the credential provisioning server 110 via the credential provisioning service 112, the user identifier may be obtained from the request (401) and used to determine if there is a corresponding entry 118 for the user in the data store of the credential provisioning server 110 (403). If there is no entry an error message may be returned (405). If there is an entry 118 in the data store for the user, the OTP password received in the request may be compared against the OTP password stored”; based on an ID of the requesting device (request is received and user identifier is determined/compared with information in data)), (Col. 15 lines 41-55 ““shared-device.” Its value can be set to “true” for a shared device account or “false” for a regular account. If it is missing, it is a regular account (i.e., presumed false). When the client's provisioning code sees the “shared-device=true” parameter in the URL, it will include a unique identifier from the device (e.g., Settings.System.ANDROID_ID if the device is an Android device) in the post arguments to the provisioning server when fetching its provisioning payload.”; based on an ID of the requesting device (unique identifier from the device)), (Col. 9 lines 10-35 “This credential request may include a link (e.g., Universal Resource Locator (URL)) to a credential provisioning service 112 provided by the credential provisioning server 110, a one-time password (OTP) (e.g., a random password, valid once or for a certain amount of time) and an identifier for the user. The OTP may, for example, be an HMAC based one-time password (HOTP). The OTP and user identifier may be encoded into the link”; credential request corresponding to an ID of requesting device (identifier for the user)), (Col. 13 lines 60-67 “receives the request including the CSR, it may verify the request by, for example verifying the OTP included in the request or possibly verifying the information inside the CSR itself (using a public key as provided in the same or a different request or communication from the credential provisioning module 174”; authenticating the requesting device of the credential owner based on an ID ( request corresponding to user identifier is verified))

Regarding Dependent Claim 4 (Original), Vetter does not teach the method of claim 1, wherein the request comprises a verification requirement document originally from the verifier.
Wherein Oberhauser teaches the method of claim 1, wherein the request comprises a verification requirement document originally from the verifier. (Par. (0033) “a user may decide precisely which one or more items of personal data to share with another entity (e.g., another user), and the other entity may check that the one or more items of personal data have been verified by one or more trusted entities (e.g., one or more government agencies and/or employers), without having to undergo a burdensome verification process (e.g., physically examining documents such as passports, social security cards, pay slips, etc.).”; personal data corresponding to verification requirement documents (physical examining documents such as passports, social security cards etc.)), (Par. (0062) “an attribute may include an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc. An indirect attribute may include other personal data, such as a property owned (e.g., vehicle, real estate, etc.), status of the property,”; attribute corresponding to personal data and verification requirement documents (first name, date of birth, social security number etc.)), (Par. (0080) “the user requests the trusted entity identified in the “trustedParty” field to verify a value (e.g., John) of the attribute attestation labeled “firstname,” the trusted entity may check a corresponding attribute attestation in another badge (e.g., an attribute labeled “firstname” in a badge labeled “badgeX”). If the check is successful, the trusted entity may sign the proof stored in the “proof” field of the attribute attestation labeled “firstname,” without having to complete a burdensome verification process (e.g., physically examining the user's passport to confirm that the user's first name is indeed John).”; request comprises a verification requirement document (request corresponding to an attribute such as a name) originally from the verifier (trusted entity already having the attribute information (may check a corresponding attribute))), (Examiner notes: in the instant application on page 13 lines 15-22 the specifications states the verification requirement document contains attributes such as name, social security number etc. as well as on the drawings of Figure 3, therefore it will be broadly and reasonable interpreted that attributes such as social security number, passports, name date of birth, address or any verifiable information that is documented will meet the claimed limitation)), (Par. (0066) “a user may designate a trusted entity as being responsible for a badge. For each attribute in the badge, the trusted entity may verify veracity of a value provided by the user for the attribute, check that a proof provided in the badge for the attribute is indeed computed from the value provided by the user, and/or sign the proof. As discussed above, the proofs may be included in a badge and published to the distributed ledger, but the values themselves may not be. Any entity may serve as a trusted entity, such a government agency, an employer, a financial institution, an educational institution, etc.”; verification requirement documents originally from verifier (trusted entity such a government agency, financial institution with badges/ attribute information))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.

Regarding Dependent Claim 5 (Original), Vetter does not teach the method of claim 4, wherein the verification requirement document comprises one or more attributes and one or more credentials where each of the attributes can be selected from.
Wherein Oberhauser teaches the method of claim 4, wherein the verification requirement document comprises one or more attributes and one or more credentials where each of the attributes 10can be selected from. (Par. (0006) “a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof; receiving, via a channel outside the distributed ledger system, a plurality of values corresponding respectively to the plurality of attributes; for at least one attribute of the plurality of attributes: verifying whether the value corresponding to the at least one attribute is a correct value of the at least one attribute for the user”; one or more attributes (plurality of attributes)), (Par. (0057) “For instance, in the example shown in FIG. 3, the DIR 300 includes non-sensitive data organized in one or more badges 306, and an action and event specification 304 that specifies actions that may be performed via the DIR 300 and/or events that may be triggered by changes in the DIR 300”; one or more credentials (one or more badges)), (Par (0062) “For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc. An indirect attribute may include other personal data, such as a property owned (e.g., vehicle, real estate, etc.), status of the property, etc. Additionally, or alternatively, an indirect attribute (e.g., at least 21 years of age) may be derived from a direct attribute (e.g., date of birth)”; verification requirement documents comprise one or more attributes (item of PII includes social security number, first name, date of birth etc.)), (Par. (0085-0094) “each attribute, each time a value of the attribute is verified, and not published to the distributed ledger. To allow a trusted entity to verify a value of the attribute, the private salt computed for that attribute and that particular verification may be shared with the trusted entity via a secure off-ledger channel, along with the value of the attribute [..] a cryptographic proof of an attribute value may be computed [..] salt values may be selected to have at least as many bits as an output of the function HASH( ) Such salts may be computed independently in a PDS. For instance, public salts may not be reused across badges, and private salts may not be reused across attribute attestations”; each of the attributes can be selected from (selected attributed values that are verified by trusted entity in distributed ledger))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.

Regarding Dependent Claim 6 (Original), Vetter does not teach the method of claim 1, wherein the request comprises a credential request identification and the first credential management system obtains, from a database or the distributed ledger, corresponding one or more attributes and one or more credentials where each of the attributes can be selected from, based on the credential request identification. 
Wherein Oberhauser teaches the method of claim 1, wherein the request comprises a credential request identification (Par. (0006) “a request to verify a badge, the badge comprising a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user,”; request comprises credential request identification (request corresponding to verifying badge with attributes)), (Par. (0062) “an attribute may include an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc.”; attributes corresponding to credential request identification (social security number, first name, date of birth etc.))
and the first credential management system obtains, from a database or the distributed ledger, corresponding one or more attributes and one or more credentials 15where each of the attributes can be selected from, based on the credential request identification. (Par. (0007) “distributed ledger system, a request to verify a first badge, the first badge comprising a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof; receiving, via a channel outside the distributed ledger system, a plurality of values corresponding respectively to the plurality of attributes; for at least one attribute of the plurality of attributes: identifying, from the first badge, a first attribute attestation corresponding to the at least one attribute, the first attribute attestation comprising a first cryptographic proof; identifying, from the first attribute attestation, a pointer to a second badge; using the pointer to access the second badge from the distributed ledger; identifying, from the second badge, an entity that is responsible for verifying the second badge, and a second attribute attestation corresponding to the at least one attribute;”; obtains from a database or distributed ledger corresponding one or more attributes and on or more credentials (distributed ledger corresponding to multiple attributes and a first/second badge)), (Par. (0037) “the distributed ledger 102. For instance, the PDSes 105A, 105B, 105C, . . . may be associated with DIRs 110A, 110B, 110C, . . . , respectively. In some embodiments, each individual user may control a PDS and a corresponding DIR. The PDS may store sensitive data (e.g., items of PII and/or other personal data), whereas the corresponding DIR may store non-sensitive data (e.g., cryptographic proofs of items of PII and/or other personal data). The PDSes may communicate with each other and share sensitive data in a secure manner, whereas the DIRs may record non-sensitive data (e.g., cryptographic proofs of items of PII and/or other personal data) in the distributed ledger)”; obtains from a distributed ledger (distributed ledger corresponding to sharing and communicating personal data (attributes) with each other)), (Par. (0064) “an attribute value may be computed using a cryptographic one-way function. For instance, with reference to the example shown in FIG. 3, one or more attributes may be stored in a data source 312, which may be maintained by the PDS controlling the DIR 300 (e.g., by the illustrative personal data management component 208 shown in FIG. 2). In some embodiments, an attribute may be retrieved from the data source 312, and a cryptographic one-way function may be applied to a value of the attribute to derive a proof of the attribute. The proof and/or relevant metadata (e.g., a timestamp indicative of when the proof is generated), but not the value itself, may be included in the attribute attestation 310. In this manner, the attribute attestation 310 may be published to the distributed ledger without exposing the value of the attribute.”; attribute can be selected from based on credential request identification  (attribute retrieved from data source based on proof)), (Par. (0026) “a separate proof may be provided for each item. In this manner, the user may later decide to submit the proof of a first item (e.g., over 21 years of age) to a second organization (e.g., a bar serving alcoholic beverages), without submitting the proof of a second item (e.g., social security number, home address, or even exact date of birth).”; proof corresponding to credential request identification (social security number, date of birth, address etc.))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.

Regarding Dependent Claim 7 (Original), Vetter does not teach the method of claim 6, wherein the credential request identification comprises a verification requirement document ID.
Wherein Oberhauser teaches the method of claim 6, wherein the credential request identification comprises a verification requirement document ID. (Par. (0006) “a request to verify a badge, the badge comprising a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof”; credential request identification (request to verify badge) comprises verification requirement document ID (attributes)), (Par. (0096) “The following schema defines attributes needed for  a Know Your Customer (KYC) check of a low risk individual.”  attributes: [..] “The first name of the person as specified.”    required: true    validationCriteria: “Must match the first name on a    government issued photo ID.”; attributes corresponding to verification requirement document ID (government issued photo ID)), (Par. (0126) “the badge 605B may include the following attribute attestations: “last name,” “first name,” “passport number,” and “phone number.” Each of these attribute attestations may have been directly verified by the entity B (e.g., a travel agency), except that the attribute attestation “last name” contains a reference to the badge 605A and a reference to the badge 605C”; verification requirement document ID (attributes corresponding to passport number)), (Par. (0062) “For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc.”; attribute corresponding to verification requirement document ID (driver license, passport number))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.

	Regarding Dependent Claim 8 (Currently Amended), Vetter teaches the method of claim 1, wherein step (c) comprises sending, by the second credential management system of the second credential service provider, the ….. request………. …….. …. 22………... to the first credential management system of the first credential service provider based on the service endpoint. ((Col. 9 lines 10-30 “create a credential request for the user using the administrator interface 114 (203). This credential request may include a link (e.g., Universal Resource Locator (URL)) to a credential provisioning service 112 provided by the credential provisioning server 110, a one-time password (OTP) (e.g., a random password, valid once or for a certain amount of time) and an identifier for the user. [..] the link may be expressed as a Quick Response (QR) code, which can be provided to the user via a physical printout, an email, a web page in a browser on a PC, etc.”; proof request (credential request corresponding to identifier of user) based on the service endpoint (expressed as a QR code)), (Col. 9 lines 60-67 “A credential request may then be provided to the user through the web page (307). This credential request may include a link to the credential provisioning service 112 provided by the credential provisioning server 110 with a one-time password (OTP) and an identifier for the user. This link may be expressed as a QR code, which can be presented to the user through the web page.”; sending a proof request (credential request is provided) to the first credential management system of the first credential service provider (provided to the user))), (Col. 10 lines 4-30 “a QR code with a credential request is presented to the user in the form of a QR code (e.g., emailed, provided on a physical printout, presented through an accessed web page, etc.), the QR code reader 176 of the client application 172 may be activated and used to scan the QR code. The receipt of the credential request (from FIG. 2 or FIG. 3) by the user's device (e.g., the mobile device 170), for instance, by the QR code reader 176 reading of the QR code may, in turn, cause credential provisioning module 174 in the client application 172 to request the link (e.g., URL) embedded in the QR code”; sending by a second credential management system of the second credential service provider a proof request to the first credential management system of the first service provider (receipt of the credential request by the user’s device)), (Col. 10 lines 44-65 “the credential provisioning module 174 application may send a request for credentials to the credential provisioning service 112 provided by the credential provisioning server 110, where the request includes an identifier for the user, the OTP for the user, the device type,”; sending by the second credential management system of the second credential service provider a proof request (credential provisioning module 112 of user/mobile device sends a credential request containing a proof (identifier for the user)), (Examiner’s note: In the instant application on Page 8 lines 1-4 the specifications states the first credential management system of the first credential service provider may be the same as the second credential management system of the second credential service provider, therefore it will be broadly and reasonably interpreted that the both the first and second management systems are equivalent or shared.))
	However Vetter and Chen do not explicitly teach a proof request and a verification requirement document ID.
Wherein Oberhauser teaches the proof request (Par. (0043) “the user may be an employee of a company and may use the PDS 200 to request that the company sign a cryptographic proof”; proof request (request corresponding to cryptographic proof)), (Par. (0006) “a request to verify a badge, the badge comprising [..]a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof;”; proof request (request to verify corresponding includes cryptographic proof)), (Par. (0026) “a trust structure may be provided that allows a user to precisely specify which items of personal data are to be shared with, and/or proven to, which entity. For instance, when a first organization (e.g., the DMV) verifies multiple items of personal data (e.g., date of birth, social security number, etc.), a separate proof may be provided for each item. In this manner, the user may later decide to submit the proof of a first item (e.g., over 21 years of age) to a second organization (e.g., a bar serving alcoholic beverages), without submitting the proof of a second item (e.g., social security number, home address, or even exact date of birth)”; proof request (personal data that is provided corresponding to identifying information, social security number, address, date of birth etc.)) 
	and a verification requirement document ID (Par. (0062) “an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc.”; verification requirement document ID (driver’s license number, passport number etc.))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.


Regarding Dependent Claim 11 (Original), the combination of Vetter, Chen and Oberhauser teaches the method of claim 1, Vetter further teaches the method of claim 1, wherein the first credential management system provides the sharing credential token and the service endpoint in a format of a quick response (QR) code. (Col. 9 lines 60-67 “his credential request may include a link to the credential provisioning service 112 provided by the credential provisioning server 110 with a one-time password (OTP) and an identifier for the user. This link may be expressed as a QR code”; credential request corresponding to credential token and service endpoint (one-time password and link with QR code)), (Col. 10 lines 10-15 “The receipt of the credential request (from FIG. 2 or FIG. 3) by the user's device (e.g., the mobile device 170), for instance, by the QR code reader 176 reading of the QR code may, in turn, cause credential provisioning module 174 in the client application 172 to request the link (e.g., URL) embedded in the QR code”; provides credential token (the receipt of the credential request, that contains on-time password)), (Col. 10 lines 4-20 “The client application on the user's device may include a QR code reader 176 such that when a QR code with a credential request is presented to the user in the form of a QR code (e.g., emailed, provided on a physical printout, presented through an accessed web page, etc.), the QR code reader 176 of the client application 172 may be activated and used to scan the QR code”; providing the service endpoint in a format of a QR code (QR code is presented to the user)), (Col. 10 lines 45-60 “This temporary encryption password is saved temporarily (e.g., for the duration of the credential request, which may take only seconds and not hours or days”; sharing credential token (password based on time))


Regarding Dependent Claim 13 (Original), Vetter does not explicitly teach the method of claim 1, wherein the proof comprises either a factual data of an attribute or a predicate of the attribute based on a verification requirement document.
Wherein Oberhauser teaches the method of claim 1, wherein the proof comprises either a factual data of an attribute or a predicate of the attribute based on a verification requirement document. (Par. (0006) “a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof”; proof corresponding to attribute)), (Par. (0062) “an attribute may include an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc.”; proof comprises of either factual data (attribute corresponding to driver license number, passport, date of birth, social security number)), (Examiner notes: In the instant application on Page 14 lines 1-5 the specification does not clearly define the phrase factual data, therefore Examiner broadly and reasonably interprets that factual data consist of identification such as a social security number, driver license, data of birth etc., that is a solidified fact or undisputed identification))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.


Regarding Dependent Claim 14 (Original) , Vetter does not explicitly teach the method of claim 1, wherein the credential cryptography information comprises a credential schema, a credential definition, a public key of the credential owner, and an issuer's public key. 
Wherein Chen teaches a public key of the credential owner, (Col. 2 lines 35-55 “the digital certificate comprising the public key and the unique identifier for the user;”; credential owner’s public key (public key for the user); credential owner’s public key corresponding to credential cryptography information (digital certificate comprising public key)), (Col. 11 lines 64-67 and Col. 12 lines 1-10 “a digest of certain contents of the digital certificate (e.g., a unique identifier for a user, an identifier for the user's client device, and/or a public key associated with a credential management account of the user) using a hash function and then encrypted the digest”; credential owner’s public key ( public key associated with credential management account of the user) corresponding to cryptography information (digital certificate with digest of certain contents and hash function))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chen within the teachings of Vetter because of the reasons discussed in independent claim 1 stated above.
However Vetter and Chen do not explicitly teach does not explicitly teach the method of claim 1, wherein the credential cryptography information comprises a credential schema, a credential definition, ….., and an issuer's public key.
Wherein Oberhauser teaches the method of claim 1, wherein the credential cryptography information comprises a credential schema, a credential definition, ….., and an issuer's public key. (Par. (0005) “selecting a schema from a plurality of schemas for badges, the schema comprising a plurality of attributes; generating, according to the schema, a badge for use in attesting to an identity of a user, wherein the act of generating comprises: identifying a plurality of values, each value corresponding to an attribute of the plurality of attributes in the schema; generating at least one cryptographic proof”; credential cryptography (cryptographic proof corresponding to badge) comprises a credential schema (schema for badges)), (Par. (0141) “a key management component 308 may be provided in some embodiments to keep track of multiple cryptographic public keys related to an entity controlling a DIR. Such a component may provide an abstraction from an underlying public key infrastructure (PKI)”; issuer public key (multiple cryptographic public keys ); issuer’s public key (multiple cryptographic public keys related to an entity controlling)), (Par. (0066) “For each attribute in the badge, the trusted entity may verify veracity of a value provided by the user for the attribute, check that a proof provided in the badge for the attribute is indeed computed from the value provided by the user, and/or sign the proof. As discussed above, the proofs may be included in a badge and published to the distributed ledger,”; credential definition (badge corresponding to attribute/proof published to distributed ledger))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh because of the reasons discussed in independent claim 1 stated above.


Regarding Dependent Claim 15 (Original), Vetter does not teach the method of claim 1, wherein the first credential service provider and the second credential service provider are telecommunication carriers.
Wherein Chen teaches the method of claim 1, wherein the first credential service provider and the second credential service provider are telecommunication carriers (Col. 3 lines 35-45 “Credentials may be issued to users by one or more credential issuing organizations. For example, an employer may be a credential issuing organization that issues credentials to its employees that are specific to the employees' job functions. Some other examples of credential issuing organizations are a government agency, a telecommunications service provider”; first and second credential service providers (one or more credential issuing organizations corresponding to telecommunication service providers)), (Col. 4 lines 20-35 “is operated by a telecommunications company that has sold a mobile client device (e.g., a smartphone) to a user. For example, the telecommunications company may sell mobile phones to be used on a wireless network operated by the telecommunications company and may preinstall a credential management client application on mobile devices that the telecommunications company sells. When a user buys a mobile phone, the telecommunications company keeps a record of the identifier for the mobile phone and a unique identifier for the user (e.g., the user's social security number, government issued identity number, customer number, etc.), which may have been acquired by the telecommunications company by requesting the presentation of proof of identity”; telecommunication carriers (telecommunications company corresponding to mobile phones))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chen within the teachings of Vetter, Oberhauser and Raleigh because of the reasons discussed in independent claim 1 stated above.






Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”), Chen et al. (U.S No. 9397980, hereinafter referred to as Chen), Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”) and Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”) in further view of Stahl et al. (U.S Pub. No. 20210203488, hereinafter referred to as “Stahl”)

	Regarding Dependent Claim 3 (Original), the combination of Vetter Chen, Oberhauser and Raleigh teaches the method of claim 1, Vetter further teaches the method of claim 2, wherein the requesting device is a mobile phone and (Figure 1 label 170; mobile phone (mobile device))
	However Vetter, Chen, Oberhauser and Raleigh do not explicitly teach the ID is an International Mobile Equipment Identity.
	Wherein Stahl teaches the ID is an International Mobile Equipment Identity. (Par. (0141) “the communications device 200 might include a device identifier (e.g. International Mobile Equipment Identity; IMEI) as part of the ctxParams1 structure which is signed by the eUICC/iUICC. If the listed identifiers are device identifiers then the authentication server 300I, 300E checks for a device identifier as part of the ctxParams1 structure after having successfully verified”; the ID is an International Mobile Equipment Identity.  (Identifier is an IMEI))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Stahl within the teachings of Vetter, Chen, Oberhauser and Raleigh to include the ID being an IMEI because of the analogous concept of network communication with multiple systems and devices as well as verifying cryptographic information in credentials. Stahl includes the ID of a requesting device having being an IMEi or International Mobile Equipment Identity. This is significant because by implementing an IMEI as an ID it prevents unauthorized use of devices in case of theft, misplacement or damage. This proves important when attempting to create digital credentials as well as providing a solution to forgery, impersonation or comprise of the credentials and/or credential management system. For example requesting device with illegitimate ID’s and corresponding IMEI will allow security and the verification process to identify entities that are genuine and valid users and those who are unauthorized entities. This proves vital for individuals attempting to access entry to government buildings, medical facilities, and financial institutions. The motivation to combine these references is because by implementing an IME as an ID of the requesting device the credential management system is even more securely protected because the correct ID must correspond to the valid IMEI and allows security to identify early on whose digital credentials are stolen/lost as well as measures to retrieve or renew credentials as opposed to the conventional ways of contacting credential service that lead to longer wait times to resolve the issue.


Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”), Chen et al. (U.S No. 9397980, hereinafter referred to as Chen), Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”) and Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”) in further view of Atwood et al. (U.S Pub. No. 20190363886, hereinafter referred to as “Atwood”)

	Regarding Dependent Claim 10 (Original), the combination of Vetter, Chen, Oberhauser and Raleigh do not explicitly teach the method of claim 9, wherein the sharing credential token comprises a globally unique ID generated based on a timestamp.
	Wherein Atwood teaches the method of claim 9, wherein the sharing credential token comprises a globally unique ID generated based on a timestamp. (Par. (0036) “the client electronic device 101 presents certain information to the second server 103 (such as a unique device identifier in a form such as a code or token), the second server 103 may provide the client electronic device 101 with a service and/or authentication credentials for a service”; credentials corresponding to token)), (Par. (0057) “the token in a keychain that is shared with other file sharing, streaming media service and/or other applications on the device that are also associated with Server A. Server A (which may be a single server or a collection of servers that are all affiliated with a common service provider or affiliated set of service providers) will maintain a record of various applications that each may be authenticated by receipt of the token. In FIG. 2, the client application that receives the token from Server A is denoted as Client A, while an example of a federated application is denoted as Client A′. When Client A shares the token with Client A′ (step 221) such as by storing the token in a keychain that is shared by both applications,”; sharing credential token (token that is shared)), (Par. (0038) “the client application may request an access point name's (APN's) device token, which is a globally unique token that identifies the device:application”; comprises a globally unique ID ( token is a globally unique token that identifies)), (Par. (0007) “the first server may require, as a condition of determining that the token is valid, that the token is associated with an expiration time that has not yet passed.”; based on the timestamp (token corresponding to expiration time)), (Par. (0053) “the token and associate an expiration time with the token. The expiration time may include an actual time, or a measure of time from a time of generation, transmission and/or receipt of the token. An expiration time may help provide additional security in the process. The expiration time may be included in the token, or Server A may store the expiration time in a data set in association with an identifier for the token so that Server A can look up the token's expiration time when Server A is presented with the token.”; based on a  timestamp (token corresponding to an expiration time/actual time))
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Atwood within the teachings of Vetter, Chen, Oberhauser and Raleigh to include the sharing credential token to include a globally unique ID based on a timestamp because of the analogous concept of granting access based on credential verification using tokens. Atwood includes a process in which the sharing credential token comprises of a globally unique ID based on time. This is important because it allows security departments of government buildings, medical facilities and financial institutions to be able to identify valid employees or visitors based on the unique identification. By implementing a time based authentication of these token it prevents illegitimate and/or unauthorized users from attempting to gain access to building after long periods of time. It also allows the verifier to match the correlating timestamp with the appropriate token and ID. This in return provides an additional secure measure against unauthorized entities with stolen or misplaced credentials as opposed to the conventional way of presenting physical credentials and checking through a database of credentials ranging decades in the past. The motivation to combine these references is because it provides a digital credential verification system based on specific and unique ID contents with a time associated with it, this leads to high integrity and credibility in the credential management system as a whole. 


Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”) Chen et al. (U.S No. 9397980, hereinafter referred to as Chen), Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”) and Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”) in further view of Camenisch et al. (U.S Pub. No. 20170034142, hereinafter referred to as “Camenisch”)


Regarding Dependent Claim 12 (Currently Amended), Vetter teaches (d1) authenticating the sharing credential token; (Col. 11 lines 20-60 “ the OTP password received in the request may be compared against the OTP password stored in the data store in the entry 118 for the user (407).  [..] This authentication may be made based on a user's enterprise credentials with directory service server 140 (e.g., Active Directory or LDAP credentials). Specifically, the response from the credential provisioning service 112 may request the user's username and password [..] the OTPs for the user (e.g., the received OTP and the OTP associated with the entry 118 for the user) do not match, or the user cannot be verified using the user's enterprise credentials (413), an error message may be returned to the credential provisioning module 174 and presented to the user (405). If, however, the user can be authenticated (e.g., the OTPs received match and the user's enterprise credentials are verified using the directory service server”; authenticating (authentication and verification) the sharing credential token (passwords are compared and verified to check for a match))
However Vetter and Chen does not explicitly teach the method of claim 1, wherein step (d) comprises: (d2) selecting one or more attributes respectively from the at least one requested credential based on a verification requirement document; (d3) generate a revealed or predicate attribute for each selected attribute with zero knowledge proof algorithm to generate a proof by the first credential management system of the first credential service provider.
Wherein Oberhauser teaches the method of claim 1, wherein step (d) comprises: ((Par. (0006) “a request to verify a badge, the badge comprising a plurality of attribute attestations corresponding respectively to a plurality of attributes for a user, wherein for each attribute, the corresponding attribute attestation comprises a cryptographic proof;”; step (d) comprises of a proof based a proof request ( request to verify badge corresponding to proof)), (Par. (0004) “to generate an identifier for the user, the identifier comprising a cryptographic proof of the plurality of measurements; instantiating a digital identity representation associated with the identifier for the use”; step (d) comprises of generating a proof (generate and identifier corresponding to cryptographic proof) by the first management system of the first credential service provider (user))
15(d2) selecting one or more attributes respectively from the at least one requested credential based on a verification requirement document; (Par. (0097) “the badge schema defines a set of attributes for which attestations may be included in a badge. Each attribute attestation may be populated when the badge is created, or added to the badge at a later time”; selecting (added to the badge) one or more attributes (set of attributes) from one or more credentials (badge)), (Par. (0062) “an attribute may include an item of personal data, a name for the item of personal data, and/or relevant metadata. For instance, a direct attribute may include an item of PII, such as first name, last name, date of birth, place of birth, passport number, driver's license number, social security number, address, phone number, insurance identification number, fingerprint scan, retina scan, voiceprint, etc”; based on a verification requirement document (attribute corresponding to passport social security number driver’s license etc.)), (Par. (0005) “each value corresponding to an attribute of the plurality of attributes in the schema; generating at least one cryptographic proof for each value of the plurality of values; and identifying a trusted entity for verifying the plurality of values; and publishing the badge to a distributed ledger system.”; values corresponding to one or more attributes)), (Par. (0066) “a user may designate a trusted entity as being responsible for a badge. For each attribute in the badge, the trusted entity may verify veracity of a value provided by the user for the attribute, check that a proof provided in the badge for the attribute is indeed computed from the value provided by the user, and/or sign the proof”; selecting one or more attributes from one or more credentials (trusted entity verify value of attribute correlating to badge)), (Par.(0109) “a “setAttribute” action may take as input a badge label, an attribute label, and an attribute proof. As a result of a DIR of a user executing the “setAttribute” action, an “attributes” field of a badge identified by the input badge label may be updated. For instance, an attribute attestation identified by the input attribute label may be added and/or modified with the input attribute proof in a “proof” field.”; selecting one or more attributes (set/setAttributes inputting one attribute label))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberhauser within the teachings of Vetter, Chen and Raleigh to include method of step d that includes the selecting of attributes based on the verification requirement documents because of the analogous concept of credential verification and issuance and secure protection through credential services. Oberhauser includes selecting one or more attributes corresponding to the credentials based on verification requirement documents. This is significant because it provides a solution to the conventional way credentials are verified, processed and issued. This promotes a solution to the drawbacks and disadvantages of paper cards, smart cards, IC/ magnetic stripe cards. By basing the credentials on verification documents such as social security number, passports, driver licenses in a digital format and other form of identification government facilities, medical building or financial institutions would be provided a real time verification system instead of contacting with credential issuer that leads to long wait times and delays. This proves important for employees or visitors attempting to gain access to facilities without having to wait on credential issuers if the physical cards are lost or stolen. 
The motivation to combine these references is because by corresponding the accurate attributes to the rightful credentials based on verification requirement documents the digital credential system is put in place to provide a more efficient and effective way to verify whether an individual is a genuine and valid person and lessens the overhaul and overload of databases storing thousands of credential information dating decades in the past. This in return leads to a less likelihood of compromise or impersonation in the credential system in regards to government building and medical and financial institution and thus maintains the integrity of the credential system as a whole.
However Vetter, Chen, Oberhauser and Raleigh do not explicitly teach (d3) generate a revealed or predicate attribute for each selected attribute with zero knowledge proof algorithm to generate a proof by the first credential management system of the first credential service provider.
Wherein Camenisch teaches (d3) generate a revealed or predicate attribute for each selected attribute with zero knowledge proof algorithm to generate a proof by the first credential management system of the first credential service provider. (Par. (0049) “the generation of the presentation token determining which one of the attributes is revealed in the generated presentation token.”; generate a reveal attribute (generate a presentation token corresponding to attributes that are revealed.)), (Par. (0074) “only revealing the two attributes municipality and date of birth to the verifying computer system 300.”; revealed attribute ( revealing the two attributes)), (Par. (0092) “Further, verification is required to consist purely in the checking of pairing product equations. SPS may be employed to sign group elements, while still supporting efficient zero-knowledge proof of knowledge (ZKPK) of signature possession.”; with zero knowledge proof)), (Par. (0097) “a zero-knowledge proof of knowledge. A protocol proving knowledge of exponents w.sub.1, . . . , w.sub.n satisfying the formula φ(w.sub.1, . . . , w.sub.n) may be described as .sup.Kw.sub.1, . . . , w.sub.n:φ(w.sub.1, . . . , w.sub.n). The symbol “.sup.K” used instead of “∃” indicates that “knowledge” of the exponents rather than just their existence is proven.”; with zero knowledge proof algorithm (zero-knowledge proof corresponding algorithm)), (Par. (0007) “includes generating a presentation token by the user computer device for its credential comprising the vector element provided by the revocation system and a proof of possession of the respective credential assigned to said vector element and of possession of the witness value computed for said vector element.”; to generate a proof by the first credential management system of the first credential service provider ( generating a presentation token by the user [..] and a proof of possession)), (Par. (0051) “Cryptographic mechanisms based on PABCs enable a user or user computer device to obtain a credential from an issuing entity or issuing computer system, by which the issuing computer system assigns a list of certified attribute values to the user or user computer device. Particular examples of attribute-based credentials include government or electronic ID cards certifying personal or other security-sensitive information, like a user's name, nationality, municipality, date of birth, about which proofs may need to be made by a credential holder, i.e. user of a credential, in order to gain access to a software and/or hardware function provided by a verifying computer system. The user computer device may use this credential to authenticate to a verifying computer system offering hardware”; proof corresponding to first credential management system of the first credential service provider (computer system/ computer device correlating to credentials))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Camenisch within the teachings of Vetter, Chen, Oberhauser and Raleigh to include a generation of a revealed attribute for each selected attribute with zero knowledge proof that generates the proof by the credential service provider because of the analogous concept of credential verification based on cryptographic information and proofs. Camenisch includes a process that implements a revealed, disclosed or predicated attribute with zero knowledge proof to generate the proof by the credential management system and service provider. This is significant because by revealing an attribute corresponding to zero-knowledge proof, the verifier or security of government buildings, medical facilities or financial instructions can verify the credentials without having to share or reveal the entire underlying data. This proves importance to employees or visitors attempting to gain access to a building or a customer completing a transaction because with the proof being generated based off of a zero-knowledge proof identification such as address, licenses number etc. will not be fully revealed only the disclosed information such as a first name or last name, in regards to a financial institution the customer can check or be revealed account balance information without having revealed anything else about the account. This provides a more effective and efficient means of verification as opposed to the conventional way because by corresponding the correct proof generated with the correlating reveal attribute selected an alternative is put in place to protect the privacy of users while still being able to fully authenticate the rightful and genuine users and their credential information. 




Claim 18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”) Chen et al. (U.S No. 9397980, hereinafter referred to as Chen), Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”)  and Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”) in further view of Kempf et al. (U.S Pub. No. 20210281428, hereinafter referred to as “Kempf”)

	Regarding Dependent Claim 18 (Original), the combination of Vetter, Chen, Oberhauser and Raleigh do not explicitly teach the method of claim 1, further comprising: (f) receiving, by the first credential management system from the second credential management system, a credential offer; (g) generating, by the first credential management system, a credential request based on the credential offer; and (h) generating, by the second credential management system, a new credential based on the credential request received from the first credential management system.
	Wherein Kempf teaches the method of claim 1, further comprising: 
(f) receiving, by the first credential management system from the second credential management system, a credential offer; (Par. (0028) “a first data center and a second data center, where the first data center is operated by a first cloud provider and the second data center is operated by a second cloud provider that is different from the first cloud provider. The first data center receives a request, from a tenant, to access a first service hosted in the first data center. The tenant is associated with a unique pair of cryptographic tenant private key and tenant public key. Responsive to determining that the tenant is not associated with a delegation contract, the first data center records in a blockchain database a delegation contract including at least an identification of the first service hosted on the first data center,”; first and second credential management system (first and second data centers corresponding to identification)), (Par. (0049) “a set of one or more service offers that can be offered by the second service 111A to the tenant 102A. In one embodiment, determining the set of service offers includes retrieving from a cache the set of one or more service offers. The set of service offers are received from the second service 111A”; receiving from the second credential management system, a credential offer (service offers are received from the second service)), (Par. (0029-0031) “one or more data centers 108A-H disposed in a cloud operator network 106 that may be configured to offer a variety of resources and services to multiple tenants (i.e., multi-tenancy) pursuant to suitable service level agreements and service management contracts In the multitenant architecture [..] and charging credentials for settlement upon usage of one or more services in the federation of service cloud providers 101. The tenant account allows each tenant to access the resources offered through the federation (i.e., through the combination of different cloud providers) with a single account and single identification and log-in credentials.”; credential offer (resource and service offers corresponding to credentials)), (Par. (0069) “A variety of charging credentials can be provided by tenants or services when they set up their accounts. The billing consolidator enables the different services offered on multiple data centers of the federation”; credential offer (credentials corresponding to service offers))
(g) generating, by the first credential management system, a credential request based on the credential offer; and (Par. (0006) “receiving, at the first data center, a request, from a tenant, to access a first service hosted in the first data center, where the tenant is associated with a unique pair of cryptographic tenant private key and tenant public key; responsive to determining that the tenant is not associated with a delegation contract recorded in a blockchain database, recording a delegation contract including at least an identification of the first service hosted on the first data center, an identification of the tenant, and a first service offer that is cryptographically signed by the tenant and by the first service, where the first service offer indicates that the tenant is enrolled to use the first service; receiving, at the second data center, a request, from the tenant, to access a second service hosted in the second data center”; request based on credential offer (service offer)), (Par. (0031) “a private person or a group of persons, that may request and consume one or more services 110A-L, 111A-M, 11NA-G respectively hosted by the cloud-based data centers 108A, 108B, and 108N [..] and charging credentials for settlement upon usage of one or more services in the federation of service cloud providers 101. The tenant account allows each tenant to access the resources offered through the federation (i.e., through the combination of different cloud providers) with a single account and single identification and log-in credentials.”; generating by the first credential management system ( request from data centers) a credential request (request) based on credential offer (request corresponding to service/resources offered based on credentials))
 20(h) generating, by the second credential management system, a new credential based on the credential request received from the first credential management system. (Par. (0042) “The recorded account is replicated in all the copies of the blockchain databases 119A-N of the different data centers 108A-N. once the account is created, an acknowledgment that the tenant account has been created is transmitted from the TAMS 112 to the tenant 102A at operation 214.”; second credential management system (multiple data center)), (Par. (0078) “cloud service providers 101 (e.g., entering new charging credentials through the billing consolidator or alternatively through one or more of the TSMS 113A-N), at which time the rights delegation will be restored.”; a new credential ( new charging credentials)), (Par. (0080) “can receive an indication from the billing consolidator 118 that the tenant failed to successfully update billing credentials following a suspension of the delegation contract for the tenant or a predetermined period of time allocated to the tenant 102A for updating the billing credential has timed out without the tenant successfully providing updated credentials. [..] This update of the delegation contract causes the copies of the blockchain database to be updated to include the smart contract as canceled in all the other data centers.”; a new credential (updated credentials))
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kempf within the teachings of Vetter, Chen, Oberhauser and Raleigh to include receiving a credential offer by a credential management system, generating a request based on the credential offer and generating a new credential based on the request received because of the analogous concept of credential verification based on a proof or identification of users attempting to gain access. Kempf includes a process of receiving a credential offer by a credential management system and generating a credential request based on that offer as well as generating new credential based on the request received. This is significant because it provides a solution that differs from the conventional ways of credential verification. By creating new credentials based on the request and received credential offer it allows government employees, medical officials and financial broker the ability to obtain new credentials in situations where they are lost, misplaced or stolen. This provides a solution to the conventional ways of having to contact the credential services and long wait times to gain access to the buildings. This also creates an effective and efficient means of identifying theft, impersonation and compromise of credentials digitally in the event of unauthorized access because the new credentials would only be generated based on the request and credential offer. This creates a faster means of verification as oppose to presenting a physical driver’s license or documents, this digital credentials method replaces those ways and allows identifying information to be stored in a station or device that the credentials could never be permanently lost or stolen. 


Regarding Dependent Claim 20 (Original), the combination of Vetter, Chen and Oberhauser do not explicitly teach the method of claim 18, wherein at step (g), the credential request is generated by signing the credential offer with a private key of the credential owner.
Wherein Kempf teaches the method of claim 18, wherein at step (g), the credential request is generated by signing the credential offer with a private key of the credential owner. (Par. (0006) “ a request, from a tenant, to access a first service hosted in the first data center, where the tenant is associated with a unique pair of cryptographic tenant private key [..] a first service offer that is cryptographically signed by the tenant and by the first service, where the first service offer indicates that the tenant is enrolled to use the first service; [..] a request, from the tenant, to access a second service hosted in the second data center, where the second data center is physically separate from the first data center; and responsive to determining that the tenant is associated with the delegation contract recorded in the blockchain database”; credential request (request), signing the credential offer (service offer is cryptographically signed) with a credential owner private key (cryptographic tenant private key)))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kempf within the teachings of Vetter, Chen, Oberhauser and Raleigh because of the reasons discussed in dependent claim 18 stated above.


Claim 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”), Chen et al. (U.S No. 9397980, hereinafter referred to as Chen), Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”) Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”) and Kempf et al. (U.S Pub. No. 20210281428, hereinafter referred to as “Kempf”) in further view of Reimer et al. (U.S Pub. No. 20200187004, hereinafter referred to as “Reimer”)

Regarding Dependent Claim 19 (Original), the combination of Vetter, Chen, Oberhauser and Raleigh do not explicitly teach the method of claim 18, further comprising: (i) receiving and storing, by the first credential management system or the requesting device, the new credential.
Wherein Reimer teaches the method of claim 18, further comprising: (i) receiving and storing, by the first credential management system or the requesting device, the new credential. (Par. (0114) “a second user device corresponding to the user,   [..] receive a credential information update message from the second user device, e.g., a credential information update message including at least one new or updated password in encrypted form corresponding to a service used by the user, a component 840 configured to update securely encrypted credentials storage for the user based on information included in the received credential information update message, e.g., storing the received changed or additional credential information, e.g., including one or more passwords”; receiving and storing (storing the received) by the requesting device (user device), the new credential (the updated/changed credential with credential information)), (Par. (0121) “to generate an send a credentials service set-up request to a customer premises network device, e.g., a wireless router, which is physically located at the customer premises which is the home premises for the user device, a component 906 configured to receive a request for authentication from the customer premises network device, e.g., a request for an ISP user name and corresponding password,”; requesting device (request by user/customer corresponding to credentials))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Reimer within the teachings of Vetter, Chen, Oberhauser, Raleigh and Kempf to include the receiving and storing of the new credential by the requesting device because of the analogous concept of credential information being verified with issuance. Reimer includes a process in which receiving and storing of the new credential is performed by the requesting device. This is important because in situation where government employees, medical officials, or financial broker attempting to gain access to facilities lose or have their credentials subjected to theft, the credential system is provided with an intuitive and effective way of storing the new credential so that the unauthorized entity with the stolen or lost credential would not have any means to gain access to confidential information of the buildings. The motivation to combine these references is by storing the new and received credentials is provides a solution to the conventional way of verifying credentials by contacting the issuer or presenting a driver license or ID. By storing the new credentials in a digitally access way, credential management systems of government, medical or financial institutions have a faster method to securely protect themselves from unlawful access as well as store a digital record of the new credentials for future use. 

Claim 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vetter et al. (U.S No. 10356087, hereinafter referred to as “Vetter”), Chen et al. (U.S No. 9397980, hereinafter referred to as Chen), Oberhauser et al. (U.S Pub. No. 20170222814, hereinafter referred to as “Oberhauser”) Raleigh et al. (U.S Pub. No. 20170201850, hereinafter referred to as “Raleigh”) and Kempf et al. (U.S Pub. No. 20210281428, hereinafter referred to as “Kempf”) in further view of Schmidt et al. (U.S Pub. No. 20200169415, hereinafter referred to as “Schmidt”)

Regarding Dependent Claim 21 (Original), the combination of Vetter, Chen, Oberhauser and Raleigh do not explicitly teach the method of claim 18, wherein at step (h), the new credential is generated by signing the credential request with an issuer's private key.
Wherein Schmidt teaches the method of claim 18, wherein at step (h), the new credential is generated by signing the credential request with an issuer's private key. (Par. (0055-0060) “Validation System 108 to other computers (e.g., clients 102 and Certificate Authority 118) via the one or more Communication Network interfaces 204 [..] the system 108 and that server formats responses and/or other information being sent to clients in response to requests. [..]  A DocView Server 112 processes workflows and associated requests for content items to be signed and sends responses including signed items and related details. [..] for supplying new Signer credentials, creating a private key on the HSM 116 and requesting a valid x.509 ID certificate from the Certificate Authority 118; a Doc Signature EncryptionDoc module 232—which uses a supplied hash of the document to be signed (provided by the DocViewer Server) and signs it with the user's private key which is stored in the HSM [..] upon requests from DocViewer Server 200 and provides revocation of a Signer's Digital ID as needed based on security or other policies. [..]  A HSM 116 stores the high trust certificates, including their private keys”; new credentials generated (creating new signer credentials) by signing the credential request (associated request [..] to be signed) with an issuer’s private key (validation system/ computers with corresponding private key used to sign))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Schmidt within the teachings of Vetter, Chen, Oberhauser, Raleigh and Kempf to include the new credential being generated by signing the credential request with a private key of an issuer because of the analogous concept of credential information corresponding to a request being verified with issuance. Schmidt includes a process in which the new credential is generated by signing the request with an issuer’s private key. This is significant because by signing the request by the issuer government, financial and medical buildings have an indicator of the valid request corresponding to the signature. This leads to prevention against theft or compromise of the new credential because the credential management system as well as the issuer can detect early on that the generated new credential came from a request signed from the issuer with their private key. This in return leads to less vulnerability or risk and unauthorized entities would be discourage to attempt access to the building with false or forged credentials. This also promotes a solution to the conventional ways of credential verification with storage of thousands of credentials ranging decades in the past as well because of the digitally signed and stored format of these new credentials. This promotes high credibility and integrity in the system as a whole.


Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

WU; Ling (U.S Pub. No. 20190228407) “DIGITAL PROPERTY MANAGEMENT ON A DISTRIBUTED TRANSACTION CONSENSUS NETWORK”. Considered this reference because it had a similar assignee and addressed a blockchain network corresponding to credentials of digital property.

Dicker; George R. (U.S Pub. No. US 20170213212) “CONDUCTING TRANSACTIONS USING ELECTRONIC DEVICES WITH NON-NATIVE CREDENTIALS”. Considered this application because it relates verifying credentials based on attributes communicated from a device to a management system and specifically addressed credential offers/deals. 

Ronda; Troy Jacob (U.S Pub.  No. 20140020073) “METHODS AND SYSTEMS FOR USING DERIVED CREDENTIALS TO AUTHENTICATE A DEVICE ACROSS MULTIPLE PLATFORMS”. Considered this application because it addressed the use of validating credentials across multiple systems corresponding to a request and various service providers.

Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H.A.H./           Examiner, Art Unit 2497                                                                                                                                                                                             
/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497