DETAILED ACTION
In view of the appeal brief filed on 8/22/2022, PROSECUTION IS HEREBY REOPENED. New ground of rejection are set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
/JORGE L ORTIZ CRIADO/               Supervisory Patent Examiner, Art Unit 2496                                                                                                                                                                                         

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
In response to 35 USC 103, to independent claims 1, 9, and 17 along with their respective dependent claims.
Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract without significantly more.
Step 1: Independent claim 1 does fall into one of the four statutory categories of method. Nevertheless the claim still are considered as abstract idea for the following prongs and reasons.
Step 2A-Prong 1: Regarding claim 1, the claim recites sending a request for a service; receiving a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device; sending, in response to receiving the request for the verified claim, the verified claim; and receiving a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user, as drafted, is a process that, under its broadest reasonable interpretation, covers a method of organizing human interactions. The claimed invention is a method that that allows second authentication to identify the user in order for the user to have access to the service which is a method of fundamental economic principles or practices. For example, sending a request, receiving a request for a verified claim, sending the verified claim, and receiving a request for second information to identify the user. The mere nominal recitation of a generic service provider and a generic device do not take the claim out of the methods of fundamental economic principles or practices. Thus, the claim recites an abstract idea.
Step 2A-Prong 2: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional computer elements, which are recited at a high level of generality, provide conventional computer functions that do not add meaningful limits to practicing the abstract idea. In particular, the claim only recites additional elements such as service provider and device. The generic computer components (e.g., service provider and device) are recited at a high-level of generality (e.g., sending requests and receiving requests) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits practicing the abstract idea. The claimed computer components are recited at a high level of generality and are merely invoked as tools to perform additional authentication to identify the user of the device. Simply implementing the abstract idea on a generic computer is not a practical application of the abstract idea.
Step2B: As noted previously, the claim as a whole merely describes how to generally “apply” the concept sending a request for a service; receiving a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device; sending, in response to receiving the request for the verified claim, the verified claim; and receiving a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user. Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e., an inventive concept) to the abstract idea.
Dependent claims 2-8 have also been fully analyzed. Each of these dependent claims are mere recites additional abstract idea or an insignificant, extra-solution activity. Therefore, the dependent claims also fail to integrate the abstract idea into a practical application. Moreover, the claims have also been analyzed regarding whether they recite significantly more than the abstract idea. The dependent claims fail to add significantly more than the abstract idea. Therefore, dependent claims 2-8 are rejected under 35 USC 101.

Step 1: Independent claim 9 does fall into one of the four statutory categories of system. Nevertheless the claim still are considered as abstract idea for the following prongs and reasons. 
Step 2A-Prong 1: Regarding claim 9, the claim recites sending a request for a service; receiving a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device; sending, in response to receiving the request for the verified claim, the verified claim; and receiving a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user, as drafted, is a process that, under its broadest reasonable interpretation, covers a method of organizing human interactions. The claimed invention is a method that that allows second authentication to identify the user in order for the user to have access to the service which is a method of fundamental economic principles or practices. For example, sending a request, receiving a request for a verified claim, sending the verified claim, and receiving a request for second information to identify the user. The mere nominal recitation of a generic service provider and a generic device do not take the claim out of the methods of fundamental economic principles or practices. Thus, the claim recites an abstract idea.
Step 2A-Prong 2: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional computer elements, which are recited at a high level of generality, provide conventional computer functions that do not add meaningful limits to practicing the abstract idea. In particular, the claim only recites additional elements such as service provider and device. The generic computer components (e.g., service provider and device) are recited at a high-level of generality (e.g., sending requests and receiving requests) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits practicing the abstract idea. The claimed computer components are recited at a high level of generality and are merely invoked as tools to perform additional authentication to identify the user of the device. Simply implementing the abstract idea on a generic computer is not a practical application of the abstract idea.
Step 2B: As noted previously, the claim as a whole merely describes how to generally apply” the concept sending a request for a service; receiving a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device; sending, in response to receiving the request for the verified claim, the verified claim; and receiving a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user. Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e., an inventive concept) to the abstract idea.
Dependent claims 10-16 have also been fully analyzed. Each of these dependent claims are mere recites additional abstract idea or an insignificant, extra-solution activity. Therefore, the dependent claims also fail to integrate the abstract idea into a practical application. Moreover, the claims have also been analyzed regarding whether they recite significantly more than the abstract idea. The dependent claims fail to add significantly more than the abstract idea. Therefore, dependent claims 10-16 are rejected under 35 USC 101.

Step 1: Independent claim 17 does fall into one of the four statutory categories of system. Nevertheless the claim still are considered as abstract idea for the following prongs and reasons. 
Step 2A-Prong 1: Regarding claim 17, the claim recites sending a request for a service; receiving a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device; sending, in response to receiving the request for the verified claim, the verified claim; and receiving a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user, as drafted, is a process that, under its broadest reasonable interpretation, covers a method of organizing human interactions. The claimed invention is a method that that allows second authentication to identify the user in order for the user to have access to the service which is a method of fundamental economic principles or practices. For example, sending a request, receiving a request for a verified claim, sending the verified claim, and receiving a request for second information to identify the user. The mere nominal recitation of a generic service provider and a generic device do not take the claim out of the methods of fundamental economic principles or practices. Thus, the claim recites an abstract idea.
Step 2A-Prong 2: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional computer elements, which are recited at a high level of generality, provide conventional computer functions that do not add meaningful limits to practicing the abstract idea. In particular, the claim only recites additional elements such as service provider and device. The generic computer components (e.g., service provider and device) are recited at a high-level of generality (e.g., sending requests and receiving requests) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits practicing the abstract idea. The claimed computer components are recited at a high level of generality and are merely invoked as tools to perform additional authentication to identify the user of the device. Simply implementing the abstract idea on a generic computer is not a practical application of the abstract idea.
Step 2B: As noted previously, the claim as a whole merely describes how to generally apply” the concept sending a request for a service; receiving a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device; sending, in response to receiving the request for the verified claim, the verified claim; and receiving a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user. Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e., an inventive concept) to the abstract idea.
Dependent claims 18-20 have also been fully analyzed. Each of these dependent claims are mere recites additional abstract idea or an insignificant, extra-solution activity. Therefore, the dependent claims also fail to integrate the abstract idea into a practical application. Moreover, the claims have also been analyzed regarding whether they recite significantly more than the abstract idea. The dependent claims fail to add significantly more than the abstract idea. Therefore, dependent claims 18-20 are rejected under 35 USC 101.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Mardikar et al. (US 20120060207, hereinafter Mardikar).
Re. claim 1, Mardikar discloses a method comprising: sending, to a service provider, a request for a service provided by the service provider (Mardikar discloses receiving an access request from a user device, wherein the access request includes an identity claim for a user [0011]. Claims be transmitted via internet to the server of service provider [0019]. A subject may request access to system by submitting claims [0026); receiving, from the service provider and in response to sending the request for the service, a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device (Mardikar discloses user wishing to access services provided by the service provider may enter claims (e.g., credentials and identity claims) into user device. An attribute may refer to a verified claim, where verification can be performed, for example, by the service provider, a third party, or may be self-asserted for certain types of claims [0018]. Attributes may be provided to process for matching specific attributes and providing further input RABAC [0025]); sending, in response to receiving the request for the verified claim, the verified claim to the service provider (Mardikar discloses claims be transmitted via internet to the server of service provider [0019]); and receiving, from the service provider, a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user (Mardikar discloses system request additional input from the user device [0011]. The system may add additional decision around access granting based on the confidence level of system in both the identity and authentication mechanism. That additional user action needs to be taken prior to granting access. Establishing more identity trust by providing more information about the subject (e.g., SSN, tax, business information, or other identifying factors) or by presenting more security claims [0024]. Prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]).

Re. claim 2, Mardikar discloses the method of claim 1, wherein the determination that the first information is not sufficient to identify the user corresponds to an indication that the device has been lost (Mardikar discloses the front end application (e.g., server application 112) may send input (e.g., data included in the request such as credentials and claims) to a risk front end (e.g., authentication services 120) to find out if the access device is a known bad access device (e.g., stolen or involved in fraudulent activity) [0029] [0011, 0024]. Prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]).

Re. claim 3, Mardikar discloses the method of claim 1, further comprising: prompting the user for the second information (Mardikar discloses prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]);
receiving, in response to the prompting, user input corresponding to the second information (Mardikar discloses prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims. At sequence step 315, for example, the customer may enter additional information such as the last four digits of a credit card number [0033]).

Re. claim 4, Mardikar discloses the method of claim 1, wherein the service provider is configured to authenticate the user for service based on the first information and the second information (Mardikar discloses  authentication services 120 in processing response 132, also may incorporate, for example, a role based access control model and policies (e.g., based on a set of roles, the system 110 gives users within each specific role a set of capabilities to act on certain resources in the system 110) [0022]. The system may add additional decision around access granting based on the confidence level of system in both the identity and authentication mechanism. That additional user action needs to be taken prior to granting access. Establishing more identity trust by providing more information about the subject (e.g., SSN, tax, business information, or other identifying factors) or by presenting more security claims [0024]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Mardikar et al. (US 20120060207, hereinafter Mardikar), in view of Lee et al. (US 20160365984, hereinafter Lee).

Re. claim 5, Mardikar discloses the method of claim 1, Although Mardikar discloses receiving the verified claim from a server (Mardikar [0011][0018][0024][0026][0029]), Mardikar does not explicitly teach but Lee teaches wherein the verified claim is generated by the server based on verification of the information by an identity verification provider (Lee teaches the module 84 is preferably configured to use at least some of the user information to produce the SP certificate. The module 84 may produce the SP certificate to include content and/or formatting that is server specific, user specific, subscription specific, service -provider specific, and/or device specific. User-specific content is information pertaining to (e.g., identifying, associated with, provided by) the user of the user device 12. Device-specific content is information in addition to the device ID and the device public key that is associated with the user device 12 that is used to subscribe to the service (e.g., device manufacturer, device model, one or more device capabilities (e.g., quantity of display pixels), etc.) [0037]. The SP-signed certificate module 86 is configured to receive the signing request from the module 84, with the signing request including the SP certificate, sign the SP certificate to produce an SP-signed certificate, and send the SP-signed certificate to the sign-up module 84 [0060]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Mardikar to include wherein the verified claim is generated by the server based on verification of the information by an identity verification provider as disclosed by Lee. One of ordinary skill in the art would have been motivated for the purpose of securely identifying where a device is located, which leads to preventing the device being stolen or lost (Lee [0021]).

Re. claim 6, the combination of Mardikar-Lee teach the method of claim 5, wherein the server is configured to send an indication of the determination, that the first information is not sufficient to identify the user, to the service provider (Mardikar discloses system request additional input from the user device [0011]. The result of the additional risk-based decision may be that additional user action needs to be taken prior to granting access. These additional actions may include establishing more identity trust by providing more information about the subject (e.g., SSN, tax, business information, or other identifying factors) or by presenting more security claims (e.g., using 2FA, answering security questions in addition to basic login and password, or responding to challenges around existing attributes known to the system such as last four digits of SSN) [0024]. Prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]).

Claims 9-12 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Mardikar et al. (US 20120060207, hereinafter Mardikar), in view of Khalil et al. (US 20190044940, hereinafter Khalil).

Re. claim 9, Mardikar discloses a device, comprising: at least one processor (Mardikar discloses processor [0036]); and a memory including instructions that, when executed by the at least one processor (The computer system may perform specific operations by processor and executing one or more sequences of one or more instructions contained in a system memory component [0036]), cause the at least one processor to: 
send, to a service provider, a request for a service provided by the service provider (Mardikar discloses receiving an access request from a user device, wherein the access request includes an identity claim for a user [0011]. claims be transmitted via internet to the server of service provider [0019]. A subject may request access to system by submitting claims [0026); 
receive, from the service provider and in response to sending the request for the service, a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being specific to the device (Mardikar discloses user wishing to access services provided by the service provider may enter claims (e.g., credentials and identity claims) into user device. An attribute may refer to a verified claim, where verification can be performed, for example, by the service provider, a third party, or may be self-asserted for certain types of claims [0018]. Attributes may be provided to process for matching specific attributes and providing further input RABAC [0025]); 
send, in response to receiving the request for the verified claim, the verified claim to the service provider (Mardikar discloses claims be transmitted via internet to the server of service provider [0019]); 
and receive, from the service provider, a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user (Mardikar discloses system request additional input from the user device [0011]. The system may add additional decision around access granting based on the confidence level of system in both the identity and authentication mechanism. That additional user action needs to be taken prior to granting access. Establishing more identity trust by providing more information about the subject (e.g., SSN, tax, business information, or other identifying factors) or by presenting more security claims [0024]. Prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]).
Mardikar do not explicitly teach but Khalil teaches the verified claim being a digital certificate signed by a server (Khalil teaches identity provider server device can sign the identity endorsement to form a signed identity endorsement (e.g., using a digital certificate associated with identity provider server device [0053]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Mardikar to include digital certificate as disclosed by Mardikar. One of ordinary skill in the art would have been motivated for the purpose of to authenticate the identity of the user of the user device (Khalil [0019] [0021]).

Re. claim 10, rejection of claim 9 is included and claim 10 is rejected with the same rationale as applied in claim 2.

Re. claim 11, rejection of claim 9 is included and claim 11 is rejected with the same rationale as applied in claim 3.

Re. claim 12, rejection of claim 9 is included and claim 12 is rejected with the same rationale as applied in claim 4.

Re. claim 17, Mardikar discloses a computer program product comprising code stored in a non-transitory computer- readable storage medium (Mardikar discloses a non-transitory computer readable medium having computer readable and executable code for instructing a processor to perform [0012]), the code comprising: code to send, to a service provider, a request for a service provided by the service provider (Mardikar discloses receiving an access request from a user device, wherein the access request includes an identity claim for a user [0011]. claims be transmitted via internet to the server of service provider [0019]. A subject may request access to system by submitting claims [0026);
 code to receive, from the service provider and in response to sending the request for the service, a request for a verified claim, the verified claim comprising first information to identify a user of a device, the verified claim being associated with the device (Mardikar discloses user wishing to access services provided by the service provider may enter claims (e.g., credentials and identity claims) into user device. An attribute may refer to a verified claim, where verification can be performed, for example, by the service provider, a third party, or may be self-asserted for certain types of claims [0018]. Attributes may be provided to process for matching specific attributes and providing further input RABAC [0025]); 
code to send, in response to receiving the request for the verified claim, the verified claim to the service provider (Mardikar discloses claims be transmitted via internet to the server of service provider [0019]).
code to receive, from the service provider, a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user (Mardikar discloses system request additional input from the user device [0011]. The system may add additional decision around access granting based on the confidence level of system in both the identity and authentication mechanism. That additional user action needs to be taken prior to granting access. Establishing more identity trust by providing more information about the subject (e.g., SSN, tax, business information, or other identifying factors) or by presenting more security claims [0024]. Prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]).
Mardikar do not explicitly teach but Lee teaches being a digital certificate signed by a server that is independent of the service provider (Khalil teaches identity provider server device can sign the identity endorsement to forma a signed identity endorsement (e.g., using a digital certificate associated with identity provider server device [0053]. A group of devices separate from or including identity management server device 240, such as user device 210, service provider server device 220, identity provider server device 230, and server device 250 [0047] Fig. 1b shows a separate server and service provider).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Mardikar to include digital certificate as disclosed by Mardikar. One of ordinary skill in the art would have been motivated for the purpose of to authenticate the identity of the user of the user device (Khalil [0019] [0021]).

Re. claim 18, rejection of claim 17 is included and claim 18 is rejected with the same rationale as applied in claim 3.

Re. claim 19, rejection of claim 17 is included and claim 19 is rejected with the same rationale as applied in claim 4.

Claims 13-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Mardikar et al. (US 20120060207, hereinafter Mardikar), in view of Khalil et al. (US 20190044940, hereinafter Khalil) and in further view of Lee et al. (US 20160365984, hereinafter Lee).

Re. claim 13, Mardikar discloses the device of claim 9, Although Mardikar discloses receive the verified claim from a server (Mardikar [0011][0018][0024][0026][0029]), Mardikar does not explicitly teach but Lee teaches wherein the verified claim is generated by the server based on verification of the information by an identity verification provider (Lee teaches the module 84 is preferably configured to use at least some of the user information to produce the SP certificate. The module 84 may produce the SP certificate to include content and/or formatting that is server specific, user specific, subscription specific, service -provider specific, and/or device specific. User-specific content is information pertaining to (e.g., identifying, associated with, provided by) the user of the user device 12. Device-specific content is information in addition to the device ID and the device public key that is associated with the user device 12 that is used to subscribe to the service (e.g., device manufacturer, device model, one or more device capabilities (e.g., quantity of display pixels), etc.) [0037]. The SP-signed certificate module 86 is configured to receive the signing request from the module 84, with the signing request including the SP certificate, sign the SP certificate to produce an SP-signed certificate, and send the SP-signed certificate to the sign-up module 84 [0060]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Mardikar to include wherein the verified claim is generated by the server based on verification of the information by an identity verification provider as disclosed by Lee. One of ordinary skill in the art would have been motivated for the purpose of securely identifying where a device is located, which leads to preventing the device being stolen or lost (Lee [0021]).

Re. claim 14, the combination of Mardikar-Lee teach the device of claim 13, wherein the server is configured to send an indication of the determination, that the first information is not sufficient to identify the user, to the service provider (Mardikar discloses system request additional input from the user device [0011]. The result of the additional risk-based decision may be that additional user action needs to be taken prior to granting access. These additional actions may include establishing more identity trust by providing more information about the subject (e.g., SSN, tax, business information, or other identifying factors) or by presenting more security claims (e.g., using 2FA, answering security questions in addition to basic login and password, or responding to challenges around existing attributes known to the system such as last four digits of SSN) [0024]. Prompting the subject (e.g., user or customer) to retry or to enter additional information such as additional credentials or claims [0033]).

Re. claim 20, rejection of claim 17 is included and claim 20 is rejected with the same rationale as applied in claim 13.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Mardikar et al. (US 20120060207, hereinafter Mardikar), in view of Sahagun (US 20190379797).
Re. claim 7, Mardikar discloses the method of claim 1, Mardikar does not explicitly teach but Sahagun teaches wherein the verified claim corresponds to a Merkle tree with nodes storing plural data fields corresponding to the first information (Sahagun teaches to validate the paper medical record and corresponding paper-form data, one or more persons can review data in the data file to verify (or validate) that the paper-form data matches data present on the paper medical record [0019] [0020]. Records related to paper-form data and/or metadata, that are linked together to form a blockchain. Blocks of a distributed storage system can be hashed and encoded using a suitable data structure; e.g., a Merkle tree. A Merkle tree or hash tree is a tree whose leaf nodes have labels associated with blocks of data, such as paper-form data and/or metadata, and whose non-leaf nodes are labeled with a cryptographic hash of labels of its child nodes [0031]. Distributed storage system server 230, validation entities 232, 234, 236, and/or validation coordination server 240 communicating paper-form data, validation information, portions of (e.g., blocks, block header) and/or entire distributed storage systems, blockchain-related data, and/or other data related to validating data and/or distributed storage systems using network 140 [0046]. The node can segment at least sensitive data item(s) for distribution; e.g., distribution of some or all of the one or more data items, including at least one sensitive data item, to one or more validation entities [0059]. The node can select one or more validation entities to receive paper-form data of the data item(s) segmented for distribution. The node can select one or more validation entities to receive the paper-form data based on the metadata for the one or more data items [0060]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by Mardikar to include wherein the verified claim corresponds to a Merkle tree with nodes storing plural data fields corresponding to the first information as disclosed by Sahagun. One of ordinary skill in the art would have been motivated for the purpose of ensuring integrity of the data using cryptographic hash and high level of security, transparency, accountability of validated data and maintain the privacy of data (Sahagun [0031] [0034]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Mardikar et al. (US 20120060207, hereinafter Mardikar) in view of Sahagun (US 20190379797), and in further view of Ionfrida et al. (US 20110107294, hereinafter Ionfrida).

Re. claim 8, the combination of Mardikar-Sahagun teach the method of claim 7, the combination of Mardikar-Sahagun do not explicitly teach but Ionfrida teach wherein the Merkle tree is configured for selective sharing of the plural data fields based on the nodes (Ionfrida teaches a plurality of nodes arranged in a tress structure. Each node may further include tags. A tag may contain accessibility information of a user to the page represented by the node. The child node may include a tag containing accessibility information which specifies that the node may be accessed by all types of users. The child node may include a tag containing accessibility information which specifies that the node may only be accessed by a profile A-user [0069]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by the combination of Mardikar-Sahagun to include wherein the Merkle tree is configured for selective sharing of the plural data fields based on the nodes as disclosed by Ionfrida. One of ordinary skill in the art would have been motivated for the purpose of having a tree with accessibility tag indicating persons who can access the data corresponding to a node (Ionfrida [0069]).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Mardikar et al. (US 20120060207, hereinafter Mardikar), in view of Khalil et al. (US 20190044940, hereinafter Khalil), and in further view of Sahagun (US 20190379797).


Re. claim 7, the combination of Mardikar-Khalil teaches the device of claim 1, the combination of Mardikar-Khalil do not explicitly teach but Sahagun teaches wherein the verified claim corresponds to a Merkle tree with nodes storing plural data fields corresponding to the first information (Sahagun teaches to validate the paper medical record and corresponding paper-form data, one or more persons can review data in the data file to verify (or validate) that the paper-form data matches data present on the paper medical record [0019] [0020]. Records related to paper-form data and/or metadata, that are linked together to form a blockchain. Blocks of a distributed storage system can be hashed and encoded using a suitable data structure; e.g., a Merkle tree. A Merkle tree or hash tree is a tree whose leaf nodes have labels associated with blocks of data, such as paper-form data and/or metadata, and whose non-leaf nodes are labeled with a cryptographic hash of labels of its child nodes [0031]. Distributed storage system server 230, validation entities 232, 234, 236, and/or validation coordination server 240 communicating paper-form data, validation information, portions of (e.g., blocks, block header) and/or entire distributed storage systems, blockchain-related data, and/or other data related to validating data and/or distributed storage systems using network 140 [0046]. The node can segment at least sensitive data item(s) for distribution; e.g., distribution of some or all of the one or more data items, including at least one sensitive data item, to one or more validation entities [0059]. The node can select one or more validation entities to receive paper-form data of the data item(s) segmented for distribution. The node can select one or more validation entities to receive the paper-form data based on the metadata for the one or more data items [0060]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by the combination of Mardikar-Khalil to include wherein the verified claim corresponds to a Merkle tree with nodes storing plural data fields corresponding to the first information as disclosed by Sahagun. One of ordinary skill in the art would have been motivated for the purpose of ensuring integrity of the data using cryptographic hash and high level of security, transparency, accountability of validated data and maintain the privacy of data (Sahagun [0031] [0034]).

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over  Mardikar et al. (US 20120060207, hereinafter Mardikar), Khalil et al. (US 20190044940, hereinafter Khalil), Sahagun (US 20190379797), and in further view of Ionfrida et al. (US 20110107294, hereinafter Ionfrida).

Re. claim 16, the combination of Mardikar-Khalil-Sahagun teach the method of claim 7, t the combination of Mardikar-Khalil-Sahagun do not explicitly teach but Ionfrida teach wherein the Merkle tree is configured for selective sharing of the plural data fields based on the nodes (Ionfrida teaches a plurality of nodes arranged in a tress structure. Each node may further include tags. A tag may contain accessibility information of a user to the page represented by the node. The child node may include a tag containing accessibility information which specifies that the node may be accessed by all types of users. The child node may include a tag containing accessibility information which specifies that the node may only be accessed by a profile A-user [0069]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method, device and system disclosed by the combination of Mardikar-Khalil-Sahagun to include wherein the Merkle tree is configured for selective sharing of the plural data fields based on the nodes as disclosed by Ionfrida. One of ordinary skill in the art would have been motivated for the purpose of having a tree with accessibility tag indicating persons who can access the data corresponding to a node (Ionfrida [0069]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Smith et al. (US 10956932) discloses claim verification system, wherein verifying a claim about the target entity.
Wang (US 20200084211) discloses devices for an authentication of an identity of a user. The client device determines an authentication proxy associated with the service provider, and sends, the associated authentication proxy, the identifier and a first request for an authentication of an identity of a user associated with the client device.
Shah et al. (US 20170374070) discloses MFAS is authenticated by a server side self-signed certificate by the MFAP.
De Atley (US 20090098857, hereinafter Atley) discloses  receiving the first request, a second request can be transmitted to the first device for an updated geographic location of the first device, and third information can be received from the first device, where the third information is usable to identify an updated geographic location of the first device. Third information can be received from the first device, where the third information identifies the first device and is used to verify that the first information originated from the first device.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496