DETAILED ACTION
This final office action is in response to claims 1-20 filed on 09/07/2022 for examination. Claims 1-20 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Interview Summary
Examiner initiated an Examiner Interview on 11/15/2022, wherein Applicant and Examiner discussed potential amendments to the claims to overcome the art as cited with regards to Takamune et al. (JP2002278449), Yokota et al. (JP2003338816), and Wang et al. (NPL: "Privacy-Preserving Public Auditing for Secure Cloud Storage", December 2011). Examiner and Applicant discussed proposed language to differentiate against the prior art, particularly regarding clarifications of the attributes and data entries, and language linking the zero-knowledge proofs with secret identifiers. While potential amendment subject matter was discussed, no sufficient language was determined and applicant declined to correspondingly amend the claims at this time.

Response to Amendment
The amendment filed September 7, 2022 has been entered. Claims 1-18 remain pending in the application. Claims 19-20 are new. The claims have been amended. Applicant’s arguments and amendments to the claims have overcome each and every drawings objection, claim objection, and 112 rejection previously set forth in the Non-Final Office Action mailed July 26, 2022. Claims 1-3, 5-9, 11, 13, and 15-18 have been amended and have necessitated a new ground(s) of rejection in this Office Action. Further, applicant’s arguments regarding the independent claims have been fully considered but are not persuasive to differentiate over the prior art. Particularly: 
Applicant opines that Takamune et al. (JP2002278449, Hereinafter “Takamune”) does not disclose an attribute message comprising the attributes of the record and multiple data messages, each data message comprising each data entry in the record. Remarks, pg. 14. Applicant first opines that “Takamune is silent with regard to an attribute message comprising the attributes of the record.” Id. Examiner directs applicant to Takamune disclosing various attributes of a user. See, e.g., Takamune at [0021-022] and [0028-29] – wherein Takamune discloses creating an attribute message comprising three attributes (1) “Tokyo”, (2) “Yamada”, and (3) “25”. Examiner notes that all three of these pieces of user information are attributes of an individual user: “Tokyo” (user location), “Yamada” (name), “25” (age). These attributes are then combined into a message, and signed using the user secret key <i.e., issuer private key>. Id. For additional reference, Applicant is directed to, e.g., Takamune specifically disclosing generation of an entire signature data comprising all of the user attributes (which is generated by hashing and then encrypting the collected user attributes using the private key of the terminal) to be provided in a verifiable message. Takamune at [0009] and [0011]. In view of the foregoing, one of ordinary skill in the art before the effective filing date of the claimed invention would clearly recognize Takamune teaches a processor configured to “generate a digital signature on an attribute message using the issuer private key, the attribute message comprising all of the one or more attributes […]”. Examiner further notes that Takamune teaches individual message signing for each data value. See, e.g., Takamune at [0007], [0010], and [0028-029] – wherein each data value is individually signed to be subsequently verified by a recipient. Examiner notes that, e.g., “25” is both an attribute of the user (age) and a saved data value. One of ordinary skill in the art before the effective filing date of the claimed invention would similarly recognize that Takamune teaches a processor configured to “generate multiple signatures on multiple data messages for the multiple data entries using the issuer private key, each data message for each data entry comprising the data entry […]”. Yokota in like fashion teaches the signing a personal information record comprising a plurality of attribute categories with data points, wherein the specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, with data entries being associated stored values. Id. Applicant’s associated remarks have been fully considered, and are unpersuasive.
Applicant additionally opines that Yokota and Takamune lack apparent reason for combination. Remarks, pg. 17. In response to applicant’s apparent argument that there is no teaching, suggestion, or motivation to combine the references, the examiner first recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  Applicant is directed to Yokota teaches a system for transferring information to a recipient, and subsequently re-producing the transferred information at a further recipient to an authenticating device. See, e.g., Yokota at [0016-017] and [0020-021]. Takamune teaching a system for transferring information to a recipient, and proving a guarantee that each element of the information is unchanged/consistent with originally provided data. See, e.g., Takamune at [0008-011] and [0028-029]. Applicant’s arguments appear to conflate the user device of Yokota and the issuer device, and Applicant’s arguments appear to stem from further issue with this conflation. Remarks, pg. 18. E.g., Applicant writes that each of Takamune’s data entries are signed by the applicant, using applicant’s private key in the combination of Takamune and Yokota. Remarks, pg. 18. Examiner notes that in the combination of Yokota and Takamune the signature production is performed using the teachings of Yokota, i.e., the issuing device is not the user device, and instead the issuing device the authentication device. See, e.g., Yokota at [0016-017] and [0020-021] – teaching the authentication device 11 <i.e., issuing device> issuing user credentials to a service using device 12 <i.e., the selector system>, wherein the service using device 12 subsequently reproduces the issued credentials to a final service providing device <i.e., receiver device>. Accordingly, the signature added to the data is not the user’s signature – but is instead the authentication <i.e., issuer> device’s signature. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Yokota with the system of Takamune, generating signatures values for each value of each personal information entry, and to ensure each signature of each personal information entry is common to a specific individual, as well as generating a combined signature of the values, to quickly verify the authenticity of the group of information as a whole. See, e.g., Yokota at [0042], [0055-058] with Takamune at [0028-029]. Applicant’s associated remarks have been fully considered, and are unpersuasive.
Applicant further opines that Yokota, Takamune, and Wang lack apparent reason for combination. Remarks, pg. 20. Applicant’s remarks allege that in Takamune, the user/applicant is both the user and the recipient. Remarks, pg. 24. Applicant’s remarks rely on conflation of the systems of the combination of Yokota and Takamune, in particular the authentication device of Yokota and the user system of Takamune the combination of Yokota and Takamune. See, e.g, pgs. 21-23. Applicant subsequently queries “how would a zero-knowledge proof “preserve the user’s privacy” from a recipient?” Remarks, pg. 23. Examiner first notes that the in the combination of Yokota, Takamune, and Wang that the authentication system is the issuing system (issuing the signatures and secret ID, see Yokota at [0016-017] and [0020-021]), the service using device is the selector device (selecting which attributes/information to disclose to the service provider, see Id.), and the service device is the receiver (receiving the authenticated user information the user wished to disclose, see Id.). The answer to Applicant’s above query is/would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention – zero knowledge proofs are used to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user. See, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1, and as further presented hereinbelow. Applicant’s second question is similarly addressed (as it stems from the same conflation), querying “given the user has provided and signed the data, why would the user need to confirm provenance of this provided data?” As above, the user device is not the issuing device of the combination, and does not sign the data. Instead the authentication device signs the data and is the issuing device. See [0016-017] and [0020-021]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Takamune and Yokota with the teachings of Wang, using the zero-knowledge proofs, to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user. See, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1). Applicant’s associated remarks have been fully considered, and are unpersuasive.
In view of the foregoing, as well as hereinbelow with regards to 35 U.S.C. 103, Applicant’s arguments regarding claims 1-20 have been fully considered but are not persuasive to differentiate over the prior art.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim(s) 1-2 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Particularly: 
Claim 1 recites the limitation of "the one or more attributes" in lines 15-16, line 35.  There is insufficient antecedent basis for such limitation(s) in the claim. 
Claim 1 introduces “data entries of a record” in lines 1-2, as well as introduces “multiple data entries” in line 11. Subsequently, claim 1 recites “the multiple data entries in the record” in line 36-37. There is unclear antecedent basis for such limitation(s) in the claim.
Claim 1 introduces “attributes and data entries of a record” in lines 1-2. Claim 2 recites “the attributes in the record” in lines 1-2, as well as “the data entries in the record” (lines 2-3). There is insufficient antecedent basis for such limitation(s) in the claim. Examiner suggests amending claim 1 line to, e.g., “attributes in a record and data entries in 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 8-12, 16, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yokota et al. (JP2002278449; Hereinafter “Yokota”) in view of Takamune et al. (JP2002278449; Hereinafter “Takamune”) and Wang et al. (NPL: “Privacy-Preserving Public Auditing for Secure Cloud Storage”, December 2011).
Regarding claim 1, Yokota teaches a system for selectively disclosing attributes and data entries of a record ([0016-017] – personal information of user is disclosed to service providing device 13 from service using device 12; see also [0020-021], and [0046] – service using device 12 determines to disclose specific selected signed personal information to the service providing system 13), the system comprising an issuer device ([0017] – authentication device 11), a selector device ([0017] – service using device 12), and a receiver device ([0017] – service provider device 13), 
wherein the issuer device is configured to provide a record to the selector device for selective disclosure to the receiver device ([0016-017] – signed personal information are provided to service using device 12 <i.e., selector device> from authentication device 11 <i.e., issuer device>, signed personal information record(s) are subsequently disclosed to service provider device 13 <i.e., receiver device> from service using device 12 <i.e., selector device>), the issuer device ([0016-017] – authentication device 11) comprising: 
an issuer memory ([0017-018] – authentication device 11 <i.e., issuer device> is a computer or server <i.e., has memory>) configured to store: 
an issuer private key, the issuer private key forming a public-private key pair with a corresponding issuer public key ([0040-041] – signatures are generated at the authentication device 11 <i.e., issuer device> using, e.g., an ElGamal signature scheme using a private key-public key pair of the authentication device 11 <i.e., issuer device>); 
the record, the record comprising multiple attributes and comprising multiple data entries ([0019] – authentication device 11 <i.e., issuer device> receives personal information of a user <i.e., a record> and performs operations on it, e.g., generating an associated signature(s) on the personal data <i.e., personal information is stored for operations>; [0026-028] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
an issuer processor ([0017-018] – authentication device 11 <i.e., issuer device> is a computer or server <i.e., has processor>) configured to: 
determine a secret record identifier ([0028-030] and [0054-056] – user ID number <i.e., secret record identifier> is generated and attached to each personal information data item at the authentication device 11 <i.e., issuer device>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>. User ID on the data items is used by service providing devices to detect fraud/forgeries); 
generate a digital signature on an attribute message using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item <which conveys a user attribute>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature); 
generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), each data message for each data entry comprising the data entry and the secret record identifier ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device ([0020] and [0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier> and then the authentication device 11 <i.e., issuer device> transmits the authenticated personal information <i.e., signatures, ID number, and data entries> to the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
wherein the selector device ([0016-017] – service using device 12; see also [0020-021], and [0046] – service using device 12 determines to disclose specific selected signed personal information to the service providing system 13) is configured to:  
receive a request for one or more selected attributes and one or more selected data entries from the receiver device ([0033-034], [0046] – service providing device 13 <i.e., receiver device> transmits a request to the service using device 12 <i.e., selector device> for selected information comprising the attributes/data values of the user information stored by the service using device 12 <i.e., selector device>. Service using device 12 <i.e., selector device> receives the request; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), and 
disclose the selected attributes and the selected data entries of the record to the receiver device ([0020-021], [0030], and [0046] – service using device 12 <i.e., selector device> determines to disclose <i.e., selects> selected personal information to the service providing system 13 <i.e., receiver device>, and transmits the selected information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), the selector device ([0016-017] – service using device 12) comprising: 
a selector memory configured to store ([0017-018] and [0031] – service using device 12 <i.e., selector device> is a computer or server <i.e., has memory>): 
the record ([0030-031] – personal information/data items received and stored at the service using device 12 <i.e., selector device>), the secret record identifier ([0030-031] – personal information/data items received and stored, which includes the user ID number <i.e., secret record identifier> at the service using device 12 <i.e., selector device>), the digital signature on the attribute message and the digital signatures on the data messages ([0030-031] – personal information/data items received and stored, as well as the associated signatures at the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
a selector processor ([0017-018] – service using device 12 <i.e., selector device> is a computer or server <i.e., has processor>) configured to: 
determine the selected attributes to be disclosed as a subset of the one or more attributes in the record ([0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose. Disclosed information may only be a partial selection of the stored personal information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), and the selected data entries to be disclosed as a subset of the multiple data entries in the record ([0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose. Disclosed information may only be a partial selection of the stored personal information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
provide the selected attributes and the selected data entries to the receiver device ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values);  
wherein the receiver device is configured to obtain the selected attributes and selected data entries of the record from the selector device ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., received by receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), the receiver device comprising: 
a receiver memory configured to store the issuer public key ([0017-018] – service providing device 13 <i.e., receiver device> is a computer or server <i.e., has memory>; [0041] – service providing device <i.e., receiver device> receives and stores public key of authentication device 11 <i.e., issuer device>); 
a receiver processor ([0017-018] – service providing device 13 <i.e., receiver device> is a computer or server <i.e., has processor>) configured to: 
obtain from the selector device the selected attributes and the selected data entries ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., received by receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values <i.e., attributes/data entries received>).
While Yokota teaches a system for generating a digital signature on an attribute message using an issuer private key, as well as adding a secret record identifier to each attribute of the message (see, e.g., Yokota at [0028-030], [0041]), Yokota appears to fail to specifically disclose (1) the attribute message comprising all of the one or more attributes, as well as (2) the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the selected data entries as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; and the receiver device configured to perform the zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained selected attributes and selected data entries belong to the record of the issuer device.
However, Takamune teaches an analogous system for selectively disclosing attributes and data entries of a record (see, e.g., [0015-016]), comprising generating a digital signature on an attribute message using an issuer private key (see, e.g., [0021-022] and [0028-029]), the attribute message comprising all of the one or more attributes ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform <i.e., selector device>. Specific attributes disclosed may be, e.g., “25”, “Yamada”, “Tokyo”, etc.; [0009] and [0011] – wherein a signature is generated over all of the combined personal attributes and transmitted).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota with the teachings of Takamune, comprising generating a digital signature on an attribute message using an issuer private key, the attribute message comprising all of the one or more attributes and the secret record identifier, to quickly verify the authenticity of the group of information as a whole (see, e.g., Takamune at [0011] and [0031-032]).
While the combination of Yokota and Takamune teach a system for ensuring integrity of personal data provided to a recipient to and further to an end device (see, e.g., Yokota at [0020-021]) by confirming the first signature (see, e.g., Takamune at [0028-029] and [0035-036]), multiple data signatures (Yokota at [0026-0030]), and the user ID (see, e.g., Yokota at [0026-0030] and [0041-042]), it appears to fail to specifically disclose the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the selected data entries as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; and the receiver device configured to perform the zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained selected attributes and selected data entries belong to the record of the issuer device.
However, Wang teaches an analogous known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Yokata and Takamune as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Yokota at [0035-036] and [0055-059]; and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a system <i.e., selector> which discloses information to a service provider, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user/signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed by the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a system <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the signature providing device <i.e., has corresponding public key of the signature providing device>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the signature providing device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Yokata and Takumune would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Yokata and Takamune would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Yokata and Takamune with the teachings of Wang, wherein the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the selected data entries as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; and the receiver device configured to perform the zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained selected attributes and selected data entries belong to the record of the issuer device, to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user (see, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1).

Regarding claim 8, Yokota teaches a selector device for selectively disclosing one or more selected attributes and one or more selected data entries of a record to a receiver device that requests the selected attributes and selected data entries ([0016-017] – signed personal information are provided to service using device 12 <i.e., selector device> from authentication device 11 <i.e., issuer device>, signed personal information record(s) are subsequently disclosed to service provider device 13 <i.e., receiver device> from service using device 12 <i.e., selector device>; [0033-034], [0046] – service providing device 13 <i.e., receiver device> transmits a request to the service using device 12 <i.e., selector device> for selected information comprising the attributes/data values of the user information stored by the service using device 12 <i.e., selector device>. Service using device 12 <i.e., selector device> receives the request; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), the selector device comprising: 
a memory ([0017-018] and [0031] – service using device 12 <i.e., selector device> is a computer or server <i.e., has memory>) configured to store: 
the record ([0030-031] – personal information/data items received and stored at the service using device 12 <i.e., selector device>), comprising one or more attributes and comprising multiple data entries ([0030-031] – personal information/data items received and stored at the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
a secret record identifier ([0030-031] – personal information/data items received and stored, which includes the user ID number <i.e., secret record identifier> at the service using device 12 <i.e., selector device>); 
a digital signature on an attribute message generated using an issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item <which conveys a user attribute>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0030-031] – personal information/data items received and stored, as well as the associated signatures at the service using device 12 <i.e., selector device>); and 
digital signatures on the data messages generated using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values; [0030-031] – personal information/data items received and stored, as well as the associated signatures at the service using device 12 <i.e., selector device>), each data message for each data entry in the record comprising the data entry and the secret record identifier ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values; [0030-031] – personal information/data items received and stored, as well as the associated signatures at the service using device 12 <i.e., selector device>); 
a processor ([0017-018] – service using device 12 <i.e., selector device> is a computer or server <i.e., has processor>) configured to: 
obtain the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages ([0020] and [0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier> and then the authentication device 11 <i.e., issuer device> transmits the authenticated personal information <i.e., signatures, ID number, and data entries> to the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
determine the selected attributes to be disclosed as a subset of the one or more attributes in the record ([0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose. Disclosed information may only be a partial selection of the stored personal information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), and the selected data entries to be disclosed as a subset of the multiple data entries in the record ([0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose. Disclosed information may only be a partial selection of the stored personal information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
provide the selected attributes and the selected data entries to the receiver device ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values).
While Yokota teaches a system for generating a digital signature on an attribute message using an issuer private key, as well as adding a secret record identifier to each attribute of the message (see, e.g., Yokota at [0028-030], [0041]), Yokota appears to fail to specifically disclose (1) the attribute message comprising all of the one or more attributes, as well as (2) the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.  
However, Takamune teaches an analogous system for selectively disclosing attributes and data entries of a record (see, e.g., [0015-016]), comprising generating a digital signature on an attribute message using an issuer private key (see, e.g., [0021-022] and [0028-029]), the attribute message comprising all of the one or more attributes ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform <i.e., selector device>. Specific attributes disclosed may be, e.g., “25”, “Yamada”, “Tokyo”, etc.; [0009] and [0011] – wherein a signature is generated over all of the combined personal attributes and transmitted).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota with the teachings of Takamune, comprising generating a digital signature on an attribute message using an issuer private key, the attribute message comprising all of the one or more attributes and the secret record identifier, to quickly verify the authenticity of the group of information as a whole (see, e.g., Takamune at [0011] and [0031-032]).
While the combination of Yokota and Takamune teach a system for ensuring integrity of personal data provided to a recipient to and further to an end device (see, e.g., Yokota at [0020-021]) by confirming the first signature (see, e.g., Takamune at [0028-029] and [0035-036]), multiple data signatures (Yokota at [0026-0030]), and the user ID (see, e.g., Yokota at [0026-0030] and [0041-042]), it appears to fail to specifically disclose the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
However, Wang teaches an analogous known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Yokata and Takamune as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Yokota at [0035-036] and [0055-059] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a system <i.e., selector> which discloses information to a service provider, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user/signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed by the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a system <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the signature providing device <i.e., has corresponding public key of the signature providing device>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the signature providing device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Yokata and Takumune would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Yokata and Takamune would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Yokata and Takamune with the teachings of Wang, wherein the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user (see, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1).

Regarding claim 9, the combination of Yokota, Takamune, and Wang teach the selector device according to claim 8, wherein the memory is configured to store multiple records (Takamune at [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”), the processor being configured to: obtain a record query from the receiver device (Takamune at [0034-037] – request is received and appropriate user personal profile <i.e., record> is selected to provide to the requestor; [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”); select one or more of the multiple records according to the record query (Takamune at [0034-037] – request is received and appropriate user personal profile <i.e., record> is selected to provide to the requestor; [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”); and repeat the determining, the providing, and the performing of the zero- knowledge proof for each current record of the one or more selected records (Wang at e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver> using zero-knowledge proofs for each audited record).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention implement the combination of Yokata, Takamune and Wang with the teachings of Takamune and Wang, to repeat the determining, the providing, and the performing of the zero-knowledge proof for each current record of the one or more selected records, to allow the selector device to be operable by multiple users, and confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Takamune at [0011] and [0031-032]; and Wang at § 2.1).

Regarding claim 10, the combination of Yokota, Takamune, and Wang teach the selector device according to claim 9, wherein the processor is configured to perform the zero-knowledge proof for a current record to further prove that the current record satisfies the record query (Wang at e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver> using zero-knowledge proofs for each audited record). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention implement the combination of Yokata, Takamune, and Wang with the teachings of Wang, wherein the processor is configured to perform the zero-knowledge proof for a current record to further prove that the current record satisfies the record query, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 11, the combination of Yokota, Takamune, and Wang teach the selector device according to claim 8, wherein the processor is further configured to obtain a data query, the processor being configured to determine the selected data entries to be disclosed according to the data query (Yokota at [0020-021], [0030], and [0046] – service using device 12 <i.e., selector device> determines to disclose <i.e., selects> selected personal information to the service providing system 13 <i.e., receiver device>, and transmits the selected information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values).  

Regarding claim 12, the combination of Yokota, Takamune, and Wang teach the selector device according to claim 8, wherein performing the zero-knowledge proof comprises providing a commitment to the secret record identifier to the receiver device (Yokota at [0007-008 and [0029] – user ID <i.e., secret record identifier> is provided to the selector device; with Wang at§ 3.1 and 3.6 – the server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the relevant signatures and information to an auditing device <i.e., receiver>) and proving knowledge of the digital signatures with respect to the commitment (Yokota at [0016-017], and [0026-029] – user personal data profile to be disclosed, aggregate signature, and individual signatures sent to the service using device <i.e., selector device>; with Wang at§ 3.1 and 3.6 – the server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the relevant signatures and information to an auditing device <i.e., receiver>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Takamune, Yokota, and Wang with the teachings of Wang, wherein performing the zero-knowledge proof comprises providing a commitment to the secret record identifier to the receiver device and proving knowledge of the digital signatures with respect to the commitment, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1). 

Regarding claim 16, Yokota teaches a selector method of selectively disclosing one or more selected attributes and one or more selected data entries of a record to a receiver device that requests the selected attributes and selected data entries ([0016-017] – signed personal information are provided to service using device 12 <i.e., selector device> from authentication device 11 <i.e., issuer device>, signed personal information record(s) are subsequently disclosed to service provider device 13 <i.e., receiver device> from service using device 12 <i.e., selector device>; [0033-034], [0046] – service providing device 13 <i.e., receiver device> transmits a request to the service using device 12 <i.e., selector device> for selected information comprising the attributes/data values of the user information stored by the service using device 12 <i.e., selector device>. Service using device 12 <i.e., selector device> receives the request; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), the selector method comprising: 
storing ([0017-018] and [0031] – service using device 12 <i.e., selector device> is a computer or server <i.e., has memory>): 
the record ([0030-031] – personal information/data items received and stored at the service using device 12 <i.e., selector device>), comprising one or more attributes and comprising multiple data entries ([0030-031] – personal information/data items received and stored at the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
a secret record identifier ([0030-031] – personal information/data items received and stored, which includes the user ID number <i.e., secret record identifier> at the service using device 12 <i.e., selector device>); 
a digital signature on an attribute message generated using an issuer private key, the attribute message comprising all of the one or more attributes and the secret record identifier ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item <which conveys a user attribute>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0030-031] – personal information/data items received and stored, as well as the associated signatures at the service using device 12 <i.e., selector device>); and 
digital signatures on the data messages generated using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values; [0030-031] – personal information/data items received and stored, as well as the associated signatures at the service using device 12 <i.e., selector device>); 
obtaining the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages from an issuer device ([0020] and [0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier> and then the authentication device 11 <i.e., issuer device> transmits the authenticated personal information <i.e., signatures, ID number, and data entries> to the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
determining the selected attributes to be disclosed as a subset of the one or more attributes in the record ([0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose. Disclosed information may only be a partial selection of the stored personal information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), and selected data entries to be disclosed as a subset of the multiple data entries in the record ([0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose. Disclosed information may only be a partial selection of the stored personal information; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
providing the selected attributes and the selected data entries to the receiver device ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values).
While Yokota teaches a system for generating a digital signature on an attribute message using an issuer private key, as well as adding a secret record identifier to each attribute of the message (see, e.g., Yokota at [0028-030], [0041]), Yokota appears to fail to specifically disclose (1) the attribute message comprising all of the one or more attributes, as well as (2) the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.  
However, Takamune teaches an analogous system for selectively disclosing attributes and data entries of a record (see, e.g., [0015-016]), comprising generating a digital signature on an attribute message using an issuer private key (see, e.g., [0021-022] and [0028-029]), the attribute message comprising all of the one or more attributes ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform <i.e., selector device>. Specific attributes disclosed may be, e.g., “25”, “Yamada”, “Tokyo”, etc.; [0009] and [0011] – wherein a signature is generated over all of the combined personal attributes and transmitted).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota with the teachings of Takamune, comprising generating a digital signature on an attribute message using an issuer private key, the attribute message comprising all of the one or more attributes and the secret record identifier, to quickly verify the authenticity of the group of information as a whole (see, e.g., Takamune at [0011] and [0031-032]).
While the combination of Yokota and Takamune teach a system for ensuring integrity of personal data provided to a recipient to and further to an end device (see, e.g., Yokota at [0020-021]) by confirming the first signature (see, e.g., Takamune at [0028-029] and [0035-036]), multiple data signatures (Yokota at [0026-0030]), and the user ID (see, e.g., Yokota at [0026-0030] and [0041-042]), it appears to fail to specifically disclose the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
However, Wang teaches an analogous known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Yokata and Takamune as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Yokota at [0035-036] and [0055-059] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a system <i.e., selector> which discloses information to a service provider, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user/signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed by the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a system <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the signature providing device <i.e., has corresponding public key of the signature providing device>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the signature providing device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Yokata and Takumune would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Yokata and Takamune would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Yokata and Takamune with the teachings of Wang, wherein the selector device configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the selected attributes and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the selected data entries and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user (see, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1).

Regarding claim 19, the combination of Yokota, Takamune, and Wang teaches a non-transitory computer readable storage medium comprising instructions to cause a processor system to perform the method according to claim 16 (see above herein with regards to claim 16; [0017-018] and [0031] – service using device 12 <i.e., selector device> is a computer or server <i.e., has memory>).  

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Yokota in view of Takamune and Wang, further in view of Gross et al. (US20120005098, Hereinafter “Gross”).
Regarding claim 2, the combination Yokota, Takamune, and Wang teach the system according to claim 1. While the combination of Yokata, Takamune, and Wang teach providing sensitive personal information records of a user (see, e.g., Yokota at [0016-021]), the combination of Yokata, Takamune, and Wang appear to fail to specifically teach wherein the attributes comprise one or more phenotype attributes about a person; and the data entries comprise one or more genome portions of the person. 
However, Gross teaches a system for preserving privacy of user phenotype/genome information using zero knowledge proofs (see, e.g., abstract, [0092]), wherein the attributes in the record comprise one or more phenotype attributes about a person ([0004-005] and [0025] – disclosed private user attributes may be phenotypes of a person); and the data entries in the record comprise one or more genome portions of the person ([0025] and [0076] – disclosed private user entries may be genome portions of a person).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Yokata, Takamune, and Wang with the teachings of Gross, wherein the attributes comprise one or more phenotype attributes about a person; and the data entries comprise one or more genome portions of the person, so that individuals may securely provide samples to analyzers and learn information about their genetic makeup (see, e.g., Gross at [0005-007]).

Claim(s) 3-4, 6-7, 15, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yokota in view of Takamune.
Regarding claim 3, Yokota teaches an issuer device for providing a record to a selector device for selective disclosure to a receiver device ([0016-017] and [0020-021] – signed personal information of user provided from authentication device 11 <i.e., issuer device> to service using device 12 <i.e., selector device>. Service using device 12 then provides selected signed personal information to the service providing system 13), the issuer device comprising: 
a memory ([0017-018] – authentication device 11 <i.e., issuer device> is a computer or server <i.e., has memory>) configured to store: 
an issuer private key, the issuer private key forming a public-private key pair with a corresponding issuer public key ([0040-041] – signatures are generated at the authentication device 11 <i.e., issuer device> using, e.g., an ElGamal signature scheme using a private key-public key pair of the authentication device 11 <i.e., issuer device>); 
the record, the record comprising one or more attributes and comprising multiple data entries ([0019] – authentication device 11 <i.e., issuer device> receives personal information of a user <i.e., a record> and performs operations on it, e.g., generating an associated signature(s) on the personal data <i.e., personal information is stored for operations>; [0026-028] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
a processor ([0017-018] – authentication device 11 <i.e., issuer device> is a computer or server <i.e., has processor>) configured to: 
determine a secret record identifier ([0028-030] and [0054-056] – user ID number <i.e., secret record identifier> is generated and attached to each personal information data item at the authentication device 11 <i.e., issuer device>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>. User ID on the data items is used by service providing devices to detect fraud/forgeries); 
generate a digital signature on an attribute message using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item <which conveys a user attribute>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature); 
generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), each data message for each data entry comprising the data entry and the secret record identifier ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device ([0020] and [0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier> and then the authentication device 11 <i.e., issuer device> transmits the authenticated personal information <i.e., signatures, ID number, and data entries> to the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values).  
While Yokota teaches a system for generating a digital signature on an attribute message using an issuer private key, as well as adding a secret record identifier to each attribute of the message (see, e.g., Yokota at [0028-030], [0041]), Yokota appears to fail to specifically disclose the attribute message comprising all of the one or more attributes.
However, Takamune teaches an analogous system for selectively disclosing attributes and data entries of a record (see, e.g., [0015-016]), comprising generating a digital signature on an attribute message using an issuer private key (see, e.g., [0021-022] and [0028-029]), the attribute message comprising all of the one or more attributes ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform <i.e., selector device>. Specific attributes disclosed may be, e.g., “25”, “Yamada”, “Tokyo”, etc.; [0009] and [0011] – wherein a signature is generated over all of the combined personal attributes and transmitted).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota with the teachings of Takamune, comprising generating a digital signature on an attribute message using an issuer private key, the attribute message comprising all of the one or more attributes and the secret record identifier, to quickly verify the authenticity of the group of information as a whole (see, e.g., Takamune at [0011] and [0031-032]).

Regarding claim 4, the combination of Yokota and Takamune teach the issuer device according to claim 3, wherein the digital signature on the data message is based on a sum of at least the secret record identifier and a digest of the data entry (Yokota at [0029] – user ID number is generated and attached to each data item, signatures are generated based on the data items + user ID number; Note: One of ordinary skill in the art before the effective filing date of the claimed invention would recognize a digital signature is generated based on hash of the base value to be signed <i.e., this is called the digest>, and then encrypted with the public key of the sender to generate the signature <i.e., digital signature generated using the digest>).  

Regarding claim 6, the combination of Yokota and Takamune teach the issuer device according to claim 3, wherein the digital signature on the attribute message comprises an anonymous credential signed with the issuer private key (Yokota at [0016-017] and [0020-021] – personal information with signature are received at authentication device 11 <i.e., issuer device>. Signed personal information attributed message is provided to service using device 12 <i.e., selector device> from authentication device 11 <i.e., issuer device>, signed personal information record(s) are subsequently disclosed to service provider device 13 <i.e., receiver device> from service using device 12 <i.e., selector device>; [0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>), the anonymous credential comprising the one or more attributes and the secret record identifier (Yokota at [0019] – authentication device 11 <i.e., issuer device> receives personal information of a user <i.e., a record> and performs operations on it, e.g., generating an associated signature(s) on the personal data <i.e., personal information is stored for operations>; [0026-028] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values. User ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>). 

Regarding claim 7, the combination of Yokota and Takamune teach the issuer device according to claim 3, wherein the issuer device is further configured to obtain an updated data entry for one of the multiple data entries (Yokota at [0016-017] – signed personal information are received at authentication device 11 <i.e., issuer device>. Signed personal information are provided to service using device 12 <i.e., selector device> from authentication device 11 <i.e., issuer device>, signed personal information record(s) are subsequently disclosed to service provider device 13 <i.e., receiver device> from service using device 12 <i.e., selector device>.  New information may be transmitted in the same manner), to generate an updated digital signature on a data message for said updated data entry, and to provide the updated digital signature to the selector device (Yokota at [0016-017] – signed personal information are received at authentication device 11 <i.e., issuer device>. Signed personal information are generated and provided to service using device 12 <i.e., selector device> from authentication device 11 <i.e., issuer device>, signed personal information record(s) are subsequently disclosed to service provider device 13 <i.e., receiver device> from service using device 12 <i.e., selector device>.  New information may be transmitted in the same manner).  

Regarding claim 15, Yokota teaches an issuer method of providing a record to a selector device for selective disclosure ([0016-017] and [0020-021] – signed personal information of user provided from authentication device 11 <i.e., issuer device> to service using device 12 <i.e., selector device>. Service using device 12 then provides selected signed personal information to the service providing system 13), the issuer method comprising: 
storing ([0017-018] – authentication device 11 <i.e., issuer device> is a computer or server <i.e., has memory>): 
an issuer private key, the issuer private key forming a public-private key pair with a corresponding issuer public key ([0040-041] – signatures are generated at the authentication device 11 <i.e., issuer device> using, e.g., an ElGamal signature scheme using a private key-public key pair of the authentication device 11 <i.e., issuer device>);
the record, the record comprising one or more attributes and comprising multiple data entries ([0019] – authentication device 11 <i.e., issuer device> receives personal information of a user <i.e., a record> and performs operations on it, e.g., generating an associated signature(s) on the personal data <i.e., personal information is stored for operations>; [0026-028] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
determining a secret record identifier ([0028-030] and [0054-056] – user ID number <i.e., secret record identifier> is generated and attached to each personal information data item at the authentication device 11 <i.e., issuer device>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>. User ID on the data items is used by service providing devices to detect fraud/forgeries); 
generating a digital signature on an attribute message using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item <which conveys a user attribute>, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature), the attribute message comprising all of the one or more attributes and the secret record identifier; 
generating multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values), each data message for each data entry comprising the data entry and the secret record identifier ([0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier>; [0041] – private key of the authentication device 11 <i.e., issuer device> used to generate the signature; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values); 
providing the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device  ([0020] and [0028-030] – user ID number <i.e., secret record identifier> is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number <i.e., secret record identifier> and then the authentication device 11 <i.e., issuer device> transmits the authenticated personal information <i.e., signatures, ID number, and data entries> to the service using device 12 <i.e., selector device>; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values).  
While Yokota teaches a system for generating a digital signature on an attribute message using an issuer private key, as well as adding a secret record identifier to each attribute of the message (see, e.g., Yokota at [0028-030], [0041]), Yokota appears to fail to specifically disclose the attribute message comprising all of the one or more attributes.
However, Takamune teaches an analogous system for selectively disclosing attributes and data entries of a record (see, e.g., [0015-016]), comprising generating a digital signature on an attribute message using an issuer private key (see, e.g., [0021-022] and [0028-029]), the attribute message comprising all of the one or more attributes ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform <i.e., selector device>. Specific attributes disclosed may be, e.g., “25”, “Yamada”, “Tokyo”, etc.; [0009] and [0011] – wherein a signature is generated over all of the combined personal attributes and transmitted).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota with the teachings of Takamune, comprising generating a digital signature on an attribute message using an issuer private key, the attribute message comprising all of the one or more attributes and the secret record identifier, to quickly verify the authenticity of the group of information as a whole (see, e.g., Takamune at [0011] and [0031-032]). 

Regarding claim 18, the combination of Yokota and Takamune teaches a non-transitory computer readable storage medium comprising instructions to cause a processor system to perform the method according to claim 15 (see above herein with regards to claim 18; [0017-018] – authentication device 11 <i.e., issuer device> is a computer or server <i.e., has memory>).  

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Yokota in view of Takamune, further in view of Futa et al. (US20090094464, Hereinafter “Futa”).
Regarding claim 5, the combination of Yokota and Takamune teach the issuer device according to claim 3. While the combination of Yokota and Takamune further teach generating a signature and adding a user ID to the signature input (see, e.g., Yokota at [0028], [0041]), the combination of Yokota and Takamune appears to fails to specifically disclose wherein the processor is configured to generate the digital signature on the data message by computing an exponentiation of a group element (g) to a multiplicative inverse of a value (x + y + H(m)), said value being based on at least the issuer private key (x), the secret record identifier (y), and the data entry (i). 
	However, Futa teaches a signature generating method for multiple inputs (see abstract, [0003]), wherein the processor is configured to generate the digital signature on the data message by computing an exponentiation of a group element (g) ([0048] – exponentiation of group element Ga of group g is computed) to a multiplicative inverse of a value (x + y + H(m)) ([0044-046] and claims 4-6 – multiplicative inverse of a hash of the message/entry, secret key k <i.e., secret record identifier>, and the private key used to generate the group element), said value being based on at least the issuer private key (x), the secret record identifier (y), and the data entry (i) ([0044-046] and claims 4-6 – multiplicative inverse of a hash of the message/entry, secret key k <i.e., secret record identifier>, and the private key used to generate the group element).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Yokota and Takamune with the teachings of Futa, wherein the processor is configured to generate the digital signature on the data message by computing an exponentiation of a group element (g) to a multiplicative inverse of a value (x + y + H(m)), said value being based on at least the issuer private key (x), the secret record identifier (y), and the data entry (i), to make the signature scheme hard to analyze and malicious parties (see, e.g., Futa at [0035-038]).

Claim(s) 13-14, 17, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yokota in view of Wang.
Regarding claim 13, Yokota teaches a receiver device for selectively obtaining one or more selected attributes and one or more selected data entries of record from a selector device ([0016-017] – personal information of user is disclosed to service providing device 13 from service using device 12; see also [0020-021], and [0046] – service using device 12 determines to disclose specific selected signed personal information to the service providing system 13), the receiver device comprising: 
a memory configured to store an issuer public key ([0017-018] – service providing device 13 <i.e., receiver device> is a computer or server <i.e., has memory>; [0041] – service providing device <i.e., receiver device> receives and stores public key of authentication device 11 <i.e., issuer device>); 
a processor ([0017-018] – service providing device 13 <i.e., receiver device> is a computer or server <i.e., has processor>) configured to: 
obtain from the selector device the selected attributes and the selected data entries ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., received by receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values <i.e., attributes/data entries received>).
While Yokota further teaches the selector device disclosing selected attributes and data entries to a receiver processor to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key (see, e.g., Yokota at [0026-029], [0035-036], and [0055-059]) based on digital signatures on the attributes and data entries with a secret record identifier (Id.), Yokota appears to fail to specifically disclose performing the verification using a zero knowledge proof. Particularly, wherein the selector device is configured to perform a zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
However, Wang teaches an analogous known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Yokota at  [0035-036] and [0055-059]; and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a system <i.e., selector> which discloses information to a service provider, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user/signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed by the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a system <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the signature providing device <i.e., has corresponding public key of the signature providing device>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the signature providing device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Yokata and Takumune would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Yokata and Takamune would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Yokata with the teachings of Wang, wherein wherein the selector device is configured to perform a zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user (see, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1).

Regarding claim 14, the combination of Yokota and Wang teach the receiver device according to claim 13, wherein the receiver device is configured to perform the zero-knowledge proof by obtaining a non-interactive zero-knowledge proof from the selector device and verifying the non- interactive zero-knowledge proof (Wang at e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver> using zero-knowledge proofs for each audited record). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention implement the combination of Yokota and Wang with the teachings of Wang, wherein the receiver device is configured to perform the zero-knowledge proof by obtaining a non-interactive zero-knowledge proof from the selector device and verifying the non-interactive zero-knowledge proof, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 17, Yokota teaches a receiver method of selectively obtaining one or more selected attributes and one or more selected data entries of record from a selector device ([0016-017] – personal information of user is disclosed to service providing device 13 from service using device 12; see also [0020-021], and [0046] – service using device 12 determines to disclose specific selected signed personal information to the service providing system 13), the receiver method comprising: 
storing an issuer public key ([0017-018] – service providing device 13 <i.e., receiver device> is a computer or server <i.e., has memory>; [0041] – service providing device <i.e., receiver device> receives and stores public key of authentication device 11 <i.e., issuer device>); 
obtaining from the selector device the selected attributes and the selected data entries ([0020-021] – service using device 12 <i.e., selector device> transmits the selected signed personal information to the service providing system 13 <i.e., received by receiver device>; [0033-034] – service providing device 13 <i.e., receiver device> transmits a request for select personal information requesting the attributes/data values of the users to the service using device 12 <i.e., selector device>, the service using device 12 then determines <i.e., selects> the associated information to disclose; [0026-027] – the personal information of a user <i.e., record> comprises a plurality of attribute categories with data points. Specific attributes disclosed may be, e.g., date of birth, blood type, height and weight, the data entries being the associated stored values <i.e., attributes/data entries received>); 
While Yokota further teaches the selector device disclosing selected attributes and data entries to a receiver processor to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key (see, e.g., Yokota at [0026-029], [0035-036], and [0055-059]) based on digital signatures on the attributes and data entries with a secret record identifier (Id.), Yokota appears to fail to specifically disclose performing the verification using a zero knowledge proof. Particularly, wherein the selector device is configured to perform a zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
However, Wang teaches an analogous known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Yokota at  [0035-036] and [0055-059]; and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a system <i.e., selector> which discloses information to a service provider, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user/signature providing device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed by the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a system <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – signature providing device <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the signature providing device <i.e., has corresponding public key of the signature providing device>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the signature providing device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Yokata and Takumune would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Yokata and Takamune would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Yokata with the teachings of Wang, wherein wherein the selector device is configured to perform a zero-knowledge proof with the selector device with respect to the obtained selected attributes and selected data entries to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a service providing device while linking the files and preserving privacy of the user (see, e.g., Yokota at [0035-036] and [0055-059], with Wang at § 2.1).

Regarding claim 20, the combination of Yokota and Wang teaches a non-transitory computer readable storage medium comprising instructions to cause a processor system to perform the method according to claim 17 (see above herein with regards to claim 17; [0017-018] – service providing device 13 <i.e., receiver device> is a computer or server <i.e., has memory>).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Spalka et al. (EP2336933) teaches a method for pseudo-anonymously storing signed medical information in a database (see, e.g., [0024] and [0118-119]). Furukawa (US20110202764) teaches using zero knowledge proofs to prevent medical information from leaking through a digital signature (see, e.g., [0034] and [0072-073]).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365. The examiner can normally be reached Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        
/LINGLAN EDWARDS/Primary Examiner, Art Unit 2491