Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the amendment filed 09/16/2022. In the Amendment, claims 1-3, 6, 8-9, 11-16 and 20 were amended; claims 1 and 12 are independent claims. Claims 1-20 are pending in this application. THIS ACTION IS MADE FINAL. 

Response to Arguments
The 35 U.S.C. 112, second paragraph (pre-AIA )/35 U.S.C. 112(b) rejection to claim 13 has been withdrawn as per amendment filed 09/16/2022. 
Applicant’s arguments with respect to claim(s) 1 and 12 with regard to the limitation “retrieving a DID document corresponding to the DID; and based on the DID document, validating the DID and determining whether the peer entity is successfully authenticated for access to the communication network,” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s argument in the instant Amendment, filed on 09/16/2022 with respect to the limitations below, have been fully considered but they are not persuasive. 
Applicant argues on (pages 8-9): the cited prior art (Othman and Zhou) fail to explicitly disclose or suggest “.the DID comprises a TEAP response packet including an Identity-Type TLV” 
The Examiner respectfully disagrees with the applicant because Zhou discloses receiving a response to the request includes an identity that is distributed that corresponds to a peer user as a TEAP Response packet including an Identity-Type TLV (See Zhou, Page 6, Item 2. Protocol Overview describes an Identity Request/Response Exchange; Page 24, Section 4.1 shows a TEAP Request/Response packet format with identifier [DID]; Page 30, Section 4.2.3 describes the Identity-Type TLV that allows the EAP server to send a hint to help the EAP peer select the right type of identity; Page 57, Section 4.3.2 describes a TEAP response in the form of a packet; Page 71 Section 7.4.4. describes binding to a user identity)

Applicant argues on (pages 9-11): the cited prior art Fredrecheski fails to explicitly disclose or suggest in Claim 12 “wherein the response includes the verifiable claim corresponding to the peer as a TEAP response packet including an Identity-Type TLV and retrieving a distributed identity (DID) document corresponding to the verifiable claim based on the Identity-Type TLV.” 
The Examiner respectfully disagrees with the applicant because Fedrescheski discloses a verifiable claim (See Fedrescheski,, Page 2, Left and Right Column, Pages 2-6, Left and Right Columns describe a Blockchain IoT device acting a peer requesting authentication for access to a communication network, wherein the Blockchain IoT device comprises a verifiable claim embedded thereon). Fedrescheski discloses wherein the authentication server is configured to: (See Fedrescheski, Page 2, Left and Right Column, Pages 2-6, Left and Right Columns describe a server that performs authentication). Fedrescheski discloses transmitting a request to the peer for a verifiable claim corresponding to the peer wherein the verifiable claim corresponds to the peer that serves a credential for authentication of the peer (See Fedrescheski, Pages 2-3, Under Section B. Verifiable credentials & Figures 1-2 and Section C: Decentralization, Privacy and Layered Authentication describes sending a request to the peer for a verifiable claim corresponding to the peer wherein the verifiable claim corresponds to the peer serves as a credential for authentication of the peer). Fedrescheski discloses receiving a response to the request from the peer, wherein the response includes the verifiable claim corresponding to the peer and an address corresponding to a location of the verifiable claim on the Blockchain network (See Fedrescheski Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe receiving a response to the request from the peer, wherein the response includes the verifiable claim corresponding to the peer and an address corresponding to a location of the verifiable claim on the Blockchain network). Smith was used in combination with 
Fedrescheski to disclose a wireless access point (WAP) acting as an authenticator providing access to the communication network for the Blockchain IoT device upon successfully authenticating the Blockchain IoT device (See Smith, [0420], [0422], [0290], [0282], 814, FIG 8 describes an wireless access point (WAP) acting as an authenticator providing access to the communication network for the Blockchain IoT device upon successfully authenticating the Blockchain IoT device). Smith discloses a Blockchain network coupled to the Blockchain IoT device and the WAP (see Smith, [0420], [0422], [0290], [0282], 814, FIG 8 describes a Blockchain network coupled to the Blockchain IoT device and the WAP;  and coupled to the Blockchain IoT network). Smith discloses and coupled to the Blockchain IoT network (See Smith [0420], [0422], [0290], [0282], 814, FIG 8 describes and coupled to the Blockchain IoT network). Zhou was used in combination with Fedrescheski and Smith to disclose and an authentication server supporting Tunnel Extensible Authentication Protocol (TEAP); establish a secure tunnel to the Blockchain IoT device acting as the peer via TEAP, wherein the secure tunnel is used for an exchange of data during authentication of the peer for access to the communication network, (see Zhou, Page 5, Section 1. Introduction, First paragraph, A tunnel-based Extensible Authentication Protocol (EAP) method is an EAP method that establishes an secure tunnel; Page 6, Under Section 2. Protocol Overview, First paragraph, Once the tunnel is established, the second phase begins with the peer and server engaging in further conversations to establish the required authentication and authorization policies). Zhou discloses receive a response to the request from the peer, wherein the response corresponding to the peer as a TEAP response packet including an Identity-Type-TLV corresponding to a DID, (See Zhou, Page 6, Item 2. Protocol Overview describes an Identity Request/Response Exchange; Page 24, Section 4.1 shows a TEAP Request/Response packet format with identifier [DID]; Page 30, Section 4.2.3 describes the Identity-Type TLV that allows the EAP server to send a hint to help the EAP peer select the right type of identity; Page 57, Section 4.3.2 describes a TEAP response in the form of a packet; Page 71 Section 7.4.4. describes binding to a user identity; Pages 20-21, Section 3.8 Peer Services with TEAP Server; Pages 26-27, Section 4.2 TEAP TLV format and support describes a TEAP server based on the Identity-Type TLV)

Applicant argues on (pages 11-12): that there is no motivation to combine Zhou with Fedrecheski because they are completely unrelated technical disclosures. 
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, Fedrecheski is related to network security and authentication discloses a Blockchain IoT device acting a peer requesting authentication for access to a communication network, wherein the Blockchain IoT device comprises a verifiable claim embedded thereon. Zhou is related to network security and authentication where a secure tunnel is established to a peer entity via a Tunnel Extensible Authentication Protocol (TEAP) wherein the secure tunnel is used for an exchange of data during authentication of a peer entity for access to a communication network. One of ordinary skill in the art, before the effective filing date of the claimed invention would have been motivated to combine to two references to drive at the applicant's claimed invention. Therefore, as the metes and bounds of the limitation been met as noted above, the examiner finds this argument not persuasive. 

Applicant's arguments (pages 5-8): Additionally, as to dependent claims 2-11 and 13-20 the Applicant argues that the claims are dependent directly or indirectly from a respective one of claims of independent claims 1 and 12 and are therefore distinguished from the cited art at least by virtue or allowable at least based on their additionally recited patentable subject matter.
The Examiner respectfully submits that the dependent claims 2-11 and 13-20 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and response presented to the argument for their respective base claims, and the reference applied to the claims 2-11 and 13-20. 

Thus, the Examiner maintains the rejection with the cited prior art references.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over Othman et al (“Othman,” “The Horcrux Protocol: A Method for Decentralized Biometric-based Self-Sovereign Identity,” November 20, 2017, Pages 1-7), in view of Zhou et al (“Tunnel Extensible Authentication Protocol (TEAP) Version 1, Internet Engineering Task Force (IETF), Request for Comments: 7170, ISSN: 2070-1721, May 2014, Pages 1-101) and further in view of Fotiou et al (“Fotiou,” “Name-based Security for Information-Centric Networking Architectures,” Nov. 1, 2019, Pages 1-13). 

Regarding claim 1, Othman discloses a method, comprising:
transmitting a request to the peer entity for a distributed identity (DID) corresponding to the peer user or element of the peer entity, wherein the DID corresponding to the peer entity serves as a credential for the authentication of the peer entity; Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe sending a request to the peer entity for a DID corresponding to the peer user or element wherein the DID corresponds to the peer entity as a credential for authentication of the peer entity)
Othman fails to explicitly discloses establishing a secure tunnel to a peer entity via Tunnel Extensible Authentication Protocol (TEAP), wherein the secure tunnel is used for an exchange of data during authentication of a peer entity for access to a communication network; via the secure tunnel, receiving a response to the request from the peer entity, wherein the response includes the DID corresponding to the peer user or element as a TEAP response packet including an Identity-Type-TLV; with a TEAP server based on the Identity-Type-TLV.
However, in an analogous art, Zhou discloses establishing a secure tunnel to a peer entity via Tunnel Extensible Authentication Protocol (TEAP), (Zhou, Page 5, Section 1. Introduction, First paragraph, A tunnel-based Extensible Authentication Protocol (EAP) method is an EAP method that establishes an secure tunnel; Page 6, Under Section 2. Protocol Overview, First paragraph, Once the tunnel is established, the second phase begins with the peer and server engaging in further conversations to establish the required authentication and authorization policies)
wherein the secure tunnel is used for an exchange of data during authentication of a peer entity for access to a communication network; (Zhou, Page 5, Section 1. Introduction, First paragraph, A tunnel-based Extensible Authentication Protocol (EAP) method is an EAP method that establishes an secure tunnel; Page 6, Under Section 2. Protocol Overview, First paragraph, TEAP Authentication occurs in two phases after the initial EAP Identity request/response exchange. In the first phase, TEAP employs the TLS handshake to provided an authenticated key exchange and to establish a protected tunnel. Once the tunnel is established, the second phase begins with the peer and server engaging in further conversations to establish the required authentication and authorization policies; Page 6, Under Protected Access Credential (PAC), the opaque part is provided to the peer and is presented to the authentication server when the peer wishes to obtain access to network resources; Page 1, Abstract, within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server)
via the secure tunnel,  (Zhou, Page 5, Section 1. Introduction, First paragraph, A tunnel-based Extensible Authentication Protocol (EAP) method is an EAP method that establishes an secure tunnel; Page 6, Under Section 2. Protocol Overview, First paragraph, Once the tunnel is established, the second phase begins with the peer and server engaging in further conversations to establish the required authentication and authorization policies)
receiving a response to the request from the peer entity, wherein the response includes the DID corresponding to the peer user or element as a TEAP response packet including an Identity-Type-TLV; (Zhou, Page 6, Item 2. Protocol Overview describes an Identity Request/Response Exchange; Page 24, Section 4.1 shows a TEAP Request/Response packet format with identifier [DID]; Page 30, Section 4.2.3 describes the Identity-Type TLV that allows the EAP server to send a hint to help the EAP peer select the right type of identity; Page 57, Section 4.3.2 describes a TEAP response in the form of a packet; Page 71 Section 7.4.4. describes binding to a user identity)
with a TEAP server based on the Identity-Type-TLV; (Zhou, Pages 20-21, Section 3.8 Peer Services with TEAP Server; Pages 26-27, Section 4.2 TEAP TLV format and support describes a TEAP server based on the Identity-Type TLV; Page 30, Section 4.2.3 describes the Identity-Type TLV that allows the EAP server to send a hint to help the EAP peer select the right type of identity)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Othman to include establishing a secure tunnel to a peer entity via Tunnel Extensible Authentication Protocol (TEAP), wherein the secure tunnel is used for an exchange of data during authentication of a peer entity for access to a communication network; via the secure tunnel; receiving a response to the request from the peer entity, wherein the response includes the DID corresponding to the peer user or element as a TEAP response packet including an Identity-Type-TLV; with a TEAP server based on the Identity-Type-TLV. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)
Othman and Zhou fail to explicitly disclose retrieving a DID document corresponding to the DID; and based on the DID document, validating the DID and determining whether the peer entity is successfully authenticated for access to the communication network. 
However, in an analogous art, Fotiou discloses retrieving a DID document corresponding to the DID; (Fotiou, Pages 3-4, Section 2.3; Pages 9-10, Section 5.1.1. DID Registry Management Overload describes retrieving a DID document corresponding to the DID)
and based on the DID document, validating the DID and determining whether the peer entity is successfully authenticated for access to the communication network, (Fotiou, Pages 3-4, Section 2.3; Pages 10-11, Section 5.1.2. DID Cryptographic Operations Overload, describes and based on the DID document, validating the DID and determining whether the peer entity is successfully authenticated for access to the communication network)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotiou with the method/system of Othman and Zhou to include receiving a response to the request from the peer entity, wherein the response includes the DID corresponding to the peer user or element as a TEAP response packet including an Identity-Type-TLV; retrieving a DID document corresponding to the DID with a TEAP server based on the Identity-Type-TLV; and based on the DID document, validating the DID and determining whether the peer entity is successfully authenticated for access to the communication network. One would have been motivated to provide self-sovereignty so that DID owners and only them can freely manage their DIDs and the corresponding DID documents (Fotiou, Page 4, Third Paragraph from the Top). 

Regarding claim 2, Othman, Zhou and Fotiou disclose the method of claim 1. 
Othman further discloses wherein transmitting the request to the peer entity for the DID corresponding to the peer entity is in response to receiving an indication that the peer entity is providing the DID to serve as a credential for authentication for access to the communication network, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe wherein sending a request to the peer entity for DID corresponding to the peer entity is in response to receiving an indication that the peer entity is providing a DID to server as a credential for authentication for access to a communication network)

Regarding claim 3, Othman, Zhou and Fotiou disclose the method of claim 1. 
Zhou further discloses wherein the request to the peer entity for the DID corresponding to the peer user or element is formatted as an Authority-ID-TLV object in accordance with TEAP, (Zhou, Page 26, Section 4.2 TEAP TLV Format and Support describes The TLV’s defined here are TLV objects. The TLV objects could be used to carry arbitrary parameters between an EAP peer an EAP server within the protected TLS tunnel; Pages 29-30, describe formatting as an Authority-ID TLV which provides a hint of the identity of the server to help the peer to match the credentials available for the server. It should be unique across the deployment) 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Othman to include or element is formatted as an Authority-ID-TLV object in accordance with TEAP. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)

Regarding claim 4, Othman, Zhou and Fotiou disclose the method of claim 1. 
Zhou, further discloses wherein the response from the peer entity is formatted as an Authority-ID-TLV object in accordance with TEAP, (Zhou, Page 6, Under Section 2. Protocol Overview, First paragraph, TEAP Authentication occurs in two phases after the initial EAP Identity request/response exchange; Page 26, Section 4.2 TEAP TLV Format and Support describes The TLV’s defined here are TLV objects. The TLV objects could be used to carry arbitrary parameters between an EAP peer an EAP server within the protected TLS tunnel; Pages 29-30, describe formatting as an Authority-ID TLV which provides a hint of the identity of the server to help the peer to match the credentials available for the server. It should be unique across the deployment) 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Othman to include wherein the response from the peer entity is formatted as an Authority-ID-TLV object in accordance with TEAP. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)

Regarding claim 5, Othman, Zhou and Fotiou disclose the method of claim 2. 
Othman further discloses wherein determining whether the peer entity is successfully authenticated comprises: upon determining that the DID corresponding to the peer entity is successfully validated, determining that the peer entity is successfully authenticated, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe determining whether the peer entity is successfully authenticated and upon determining that the DID corresponding to the peer entity is successfully validated, determining that the peer entity is successfully authenticated)

Regarding claim 6, Othman, Zhou and Fotiou disclose the method of claim 5. 
Othman further discloses wherein determining that the DID corresponding to the peer entity is successfully validated comprises: fetching the DID document from a Blockchain network, wherein the DID document comprises a Blockchain DID corresponding to the peer entity; (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe wherein determining that the DID corresponding to the peer entity is successfully validated comprises: fetching a DID document corresponding to the peer entity from a Blockchain network, wherein the DID document comprises a Blockchain DID corresponding to the peer entity)
comparing the Blockchain DID corresponding to the peer entity received via the response from the peer entity; (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe comparing the Blockchain DID corresponding to the peer entity peer entity received via the response from the peer entity) and
determining that the Blockchain DID corresponding to the peer entity matches the DID corresponding to the peer entity received via the response from the peer entity, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe determining that the Blockchain DID corresponding to the peer entity matches the DID corresponding to the peer entity received via the response from the peer entity)

Regarding claim 7, Othman, Zhou and Fotiou disclose the method of claim 6. 
Othman further discloses wherein comprises: providing a Decentralized identity (DID) corresponding to an authentication server, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe wherein comprises: providing a Decentralized identity (DID) corresponding to an authentication server)
Regarding claim 8, Othman, Zhou and Fotiou disclose the method of claim 7. 
Othman further discloses in response to determining that the peer entity is successfully authenticated, using a first public key corresponding to the peer entity and a second public key corresponding to an authentication server (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe using a first public key corresponding to the peer entity and a second public key corresponding to a server that supports authentication)
Zhou further discloses further comprising: in response to determining that the peer entity is successfully authenticated, calculating session keys (Zhou, Pages 7, 21, 58-62, describe in response to determining that the peer entity is successfully authenticated, calculating session keys corresponding to the peer entity and the authentication server)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Othman to include further comprising: in response to determining that the peer entity is successfully authenticated, calculating session keys. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)



Regarding claim 9, Othman, Zhou and Fotiou disclose the method of claim 8. 
Othman further discloses wherein the DID document fetched from the Blockchain network comprises the first public key corresponding to the peer entity and the second public key corresponding to the authentication server, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe wherein the DID document corresponding to the peer entity fetched from the Blockchain network comprises the first public key corresponding to the peer entity and the second public key corresponding to the authentication server)

Regarding claim 10, Othman, Zhou and Fotiou disclose the method of claim 6.  
Othman further discloses comprising: determining a role corresponding to the peer entity, wherein the role is associated with authorization to access services and devices via the commination network for the peer entity, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe determining a role corresponding to the peer entity, wherein the role is associated with authorization to access services and devices via the commination network for the peer entity)

Regarding claim 11, Othman, Zhou and Fotiou disclose the method of claim 10. 
Othman further discloses wherein the role corresponding to the peer entity is determined based on information in the DID document corresponding to the peer entity fetched from the Blockchain network, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe wherein the role corresponding to the peer entity is determined based on information in the DID document corresponding to the peer entity fetched from the Blockchain network)

Claims 12-13 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fedrecheski et al (“Fedrecheski,” “Self-Sovereign Identity for IoT environments: A Perspective, March 11, 2020, Pages 1-6), in view of Smith et al (“Smith,” US 20190373472), and Zhou et al (“Tunnel Extensible Authentication Protocol (TEAP) Version 1, Internet Engineering Task Force (IETF), Request for Comments: 7170, ISSN: 2070-1721, May 2014, Pages 1-101) and further in view of Fotiou et al (“Fotiou,” “Name-based Security for Information-Centric Networking Architectures,” Nov. 1, 2019, Pages 1-13).

Regarding claim 12, Fedrecheski discloses a Blockchain Internet-of-things (IoT) system, comprising:
a Blockchain IoT device acting as a peer requesting authentication for access to a communication network, wherein the Blockchain IoT device comprises a verifiable claim embedded thereon; (Fedrescheski,, Page 2, Left and Right Column, Pages 2-6, Left and Right Columns describe a Blockchain IoT device acting a peer requesting authentication for access to a communication network, wherein the Blockchain IoT device comprises a verifiable claim embedded thereon)
wherein the authentication server is configured to: (Fedrescheski, Page 2, Left and Right Column, Pages 2-6, Left and Right Columns describe a server that performs authentication)
transmit a request to the peer for a verifiable claim corresponding to the peer wherein the verifiable claim corresponding to the peer serves as a credential for authentication of the peer; (Fedrescheski, Pages 2-3, Under Section B. Verifiable credentials & Figures 1-2 and Section C: Decentralization, Privacy and Layered Authentication describes sending a request to the peer for a verifiable claim corresponding to the peer wherein the verifiable claim corresponds to the peer serves as a credential for authentication of the peer)
receiving a response to the request from the peer, wherein the response includes the verifiable claim corresponding to the peer and an address corresponding to a location of the verifiable claim on the Blockchain network (Fedrecheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe receiving a response to the request from the peer, wherein the response includes the verifiable claim corresponding to the peer and an address corresponding to a location of the verifiable claim on the Blockchain network)
Fedrescheski fails to explicitly disclose an wireless access point (WAP) acting as an authenticator providing access to the communication network for the Blockchain IoT device upon successfully authenticating the Blockchain IoT device; a Blockchain network coupled to the Blockchain IoT device and the WAP;  and coupled to the Blockchain IoT network. 
However, in an analogous art, Smith discloses an wireless access point (WAP) acting as an authenticator providing access to the communication network for the Blockchain IoT device upon successfully authenticating the Blockchain IoT device; (Smith, [0420], [0422], [0290], [0282], 814, FIG 8 describes an wireless access point (WAP) acting as an authenticator providing access to the communication network for the Blockchain IoT device upon successfully authenticating the Blockchain IoT device)
a Blockchain network coupled to the Blockchain IoT device and the WAP;  (Smith, [0420], [0422], [0290], [0282], 814, FIG 8 describes a Blockchain network coupled to the Blockchain IoT device and the WAP;  and coupled to the Blockchain IoT network)
and coupled to the Blockchain IoT network, (Smith, [0420], [0422], [0290], [0282], 814, FIG 8 describes and coupled to the Blockchain IoT network)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Smith with
the method/system of Fedrecheski to include an wireless access point (WAP) acting as an authenticator providing access to the communication network for the Blockchain IoT device upon successfully authenticating the Blockchain IoT device; a Blockchain network coupled to the Blockchain IoT device and the WAP;  and coupled to the Blockchain IoT network,. One would have been motivated to provide enhanced security for Internet of Things (IoT) and other devices (Smith, [0004]). 
Fedrecheski and Smith fail to explicitly disclose and an authentication server supporting Tunnel Extensible Authentication Protocol (TEAP); establish a secure tunnel to the Blockchain IoT device acting as the peer via TEAP, wherein the secure tunnel is used for an exchange of data during authentication of the peer for access to the communication network; via the secure tunnel, receive a response to the request from the peer, wherein the response corresponding to the peer as a TEAP response packet including an Identity-Type-TLV corresponding to a DID. 
However, in an analogous art, Zhou discloses and an authentication server supporting Tunnel Extensible Authentication Protocol (TEAP); establish a secure tunnel to the Blockchain IoT device acting as the peer via TEAP, wherein the secure tunnel is used for an exchange of data during authentication of the peer for access to the communication network, (Zhou, Page 5, Section 1. Introduction, First paragraph, A tunnel-based Extensible Authentication Protocol (EAP) method is an EAP method that establishes an secure tunnel; Page 6, Under Section 2. Protocol Overview, First paragraph, Once the tunnel is established, the second phase begins with the peer and server engaging in further conversations to establish the required authentication and authorization policies)
receive a response to the request from the peer, wherein the response corresponding to the peer as a TEAP response packet including an Identity-Type-TLV corresponding to a DID, (Zhou, Page 6, Item 2. Protocol Overview describes an Identity Request/Response Exchange; Page 24, Section 4.1 shows a TEAP Request/Response packet format with identifier [DID]; Page 30, Section 4.2.3 describes the Identity-Type TLV that allows the EAP server to send a hint to help the EAP peer select the right type of identity; Page 57, Section 4.3.2 describes a TEAP response in the form of a packet; Page 71 Section 7.4.4. describes binding to a user identity; Pages 20-21, Section 3.8 Peer Services with TEAP Server; Pages 26-27, Section 4.2 TEAP TLV format and support describes a TEAP server based on the Identity-Type TLV)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Fedrecheski and Smith to include and an authentication server supporting Tunnel Extensible Authentication Protocol (TEAP); establish a secure tunnel to the Blockchain IoT device acting as the peer via TEAP, wherein the secure tunnel is used for an exchange of data during authentication of the peer for access to the communication network; receive a response to the request from the peer, wherein the response corresponding to the peer as a TEAP response packet including an Identity-Type-TLV corresponding to a DID. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)
Fedrecheski, Smith and Zhou fail to explicitly disclose and based on the DID document, validate the DID and determine whether the peer is successfully authenticated for access to the communication network. 
However, in an analogous art, Fotiou discloses and based on the DID document, validate the DID and determine whether the peer is successfully authenticated for access to the communication network, (Fotiou, Pages 3-4, Section 2.3; Pages 10-11, Section 5.1.2. DID Cryptographic Operations Overload, describes and based on the DID document, validating the DID and determining whether the peer entity is successfully authenticated for access to the communication network)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Fotiou with
the method/system of Fedrecheski, Smith and Zhou to include and based on the DID document, validate the DID and determine whether the peer is successfully authenticated for access to the communication network. One would have been motivated to provide self-sovereignty so that DID owners and only them can freely manage their DIDs and the corresponding DID documents (Fotiou, Page 4, Third Paragraph from the Top).

Regarding claim 13, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 12. 
Fedrecheski further discloses wherein the Blockchain IoT device comprises at least one of: 
a laptop, 
a tablet computer, 
a mobile computing device, 
an autonomous system, 
an IoT device (Fedrecheski, Page 2, Left Column, Under Section Verifiable Credentials, describe an IoT device)
or a smartphone 



Regarding claim 15, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 12. 
Fedrecheski further discloses wherein the authentication server is further configured to: receive an indication that the peer entity is providing a verifiable claim to serve as a credential for authentication for access to a communication network, (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe wherein the authentication server is further configured to: receive an indication that the peer entity is providing a verifiable claim to serve as a credential for authentication for access to a communication network)

Regarding claim 16, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 15. 
Fedrecheski further discloses wherein the request to the peer for the verifiable claim, (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe wherein the request to the peer entity for the verifiable claim)
Zhou further discloses corresponding to the peer entity is formatted as an Authority-ID-TLV object in accordance with TEAP, (Zhou, Page 6, Under Section 2. Protocol Overview, First paragraph, TEAP Authentication occurs in two phases after the initial EAP Identity request/response exchange; Page 26, Section 4.2 TEAP TLV Format and Support describes The TLV’s defined here are TLV objects. The TLV objects could be used to carry arbitrary parameters between an EAP peer an EAP server within the protected TLS tunnel; Pages 29-30, describe formatting as an Authority-ID TLV which provides a hint of the identity of the server to help the peer to match the credentials available for the server. It should be unique across the deployment)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Fedrecheski and Smith to include corresponding to the peer entity is formatted as an Authority-ID-TLV object in accordance with TEAP. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)

Regarding claim 17, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 16. 
Zhou further discloses wherein the response from the peer entity is formatted as an Authority-ID-TLV object in accordance with TEAP, (Zhou, Page 6, Under Section 2. Protocol Overview, First paragraph, TEAP Authentication occurs in two phases after the initial EAP Identity request/response exchange; Page 26, Section 4.2 TEAP TLV Format and Support describes The TLV’s defined here are TLV objects. The TLV objects could be used to carry arbitrary parameters between an EAP peer an EAP server within the protected TLS tunnel; Pages 29-30, describe formatting as an Authority-ID TLV which provides a hint of the identity of the server to help the peer to match the credentials available for the server. It should be unique across the deployment)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Fedrechesck and Smith to include wherein the response from the peer entity is formatted as an Authority-ID-TLV object in accordance with TEAP. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)

Regarding claim 18, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 15. 
Zhou further discloses wherein the authentication server comprises a TEAP server, (Zhou, Page 6 under Section 2. Protocol Overview, First and Second Paragraph describe a server for authentication that supports TEAP). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of Fedrecheski, Smith and Fotiou to include wherein the authentication server comprises a TEAP server. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)

Regarding claim 19, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 12.  
Fedrecheski further discloses wherein the authentication server is further configured to: determine that the peer entity is successfully authenticated, in response to determining that the verifiable claim corresponding to the peer entity is successfully validated, (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe wherein the authentication server is further configured to: determine that the peer entity is successfully authenticated, in response to determining that the verifiable claim corresponding to the peer entity is successfully validated)

Regarding claim 20, Fedrecheski, Smith, Zhou and Fotiou disclose the system of claim 19. 
Fedrecheski further discloses wherein the authentication server is further configured to:
fetch a Blockchain verifiable claim corresponding to the peer entity from the Blockchain network using the address corresponding to the location of the verifiable claim on the Blockchain network; (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe fetch a Blockchain verifiable claim corresponding to the peer entity from a Blockchain network using the address corresponding to the location of the verifiable claim on the Blockchain network)
compare the Blockchain verifiable claim corresponding to the peer entity to the verifiable claim corresponding to the peer entity received via the response from the peer entity; (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe compare the Blockchain verifiable claim corresponding to the peer entity to the verifiable claim corresponding to the peer entity received via the response from the peer entity)
determine that the Blockchain verifiable claim corresponding to the peer entity matches the verifiable claim corresponding to the peer entity received via the response from the peer entity; (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe determine that the Blockchain verifiable claim corresponding to the peer entity matches the verifiable claim corresponding to the peer entity received via the response from the peer entity) and
in response to determining the match, determine that the verifiable claim corresponding to the peer entity is successfully validated, (Fedrescheski, Pages 2-3 & 5 Under Section B. Verifiable credentials & Figures 1-2, Section A. Benefits describe in response to determining the match, determine that the verifiable claim corresponding to the peer entity is successfully validated)

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Fedrecheski et al (“Fedrecheski,” “Self-Sovereign Identity for IoT environments: A Perspective, March 11, 2020, Pages 1-6), in view of Smith et al (“Smith,” US 20190373472), in view of Zhou et al (“Tunnel Extensible Authentication Protocol (TEAP) Version 1, Internet Engineering Task Force (IETF), Request for Comments: 7170, ISSN: 2070-1721, May 2014, Pages 1-101) and further in view of Fotiou et al (“Fotiou,” “Name-based Security for Information-Centric Networking Architectures,” Nov. 1, 2019, Pages 1-13).

Regarding claim 14, Fedrecheski, Smith, Zhou and Fotiou the system of claim 12. 
Zhou further discloses via an Inner Extensible Authentication Protocol (EAP) server (Zhou, Page 7, describes the inner method server and the TEAP server might be a single entity; Page 11, first paragraph describes an EAP server)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Zhou with
the method/system of , Fedrecheski and Smith to include via an Inner Extensible Authentication Protocol (EAP) server. One would have been motivated to enable secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel (Zhou, Abstract & Section 1, Introduction, Page 1)
Fedrecheski, Smith, Zhou and Fotiou fail to explicitly disclose wherein the authentication server is coupled to the Blockchain network. 
However, in an analogous art,  Othman discloses wherein the authentication server is coupled to the Blockchain network, (Othman, Page 4, FIG 2, Left Column, Right Column explains FIG 2; Page 4, Right Column, Section IV. The Horcurx Protocol, Page 5, Left Column, Right Column, Page 6, Left Column, Right Column describe wherein the authentication server is coupled to the Blockchain network)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Othman with
the method/system of Fedrecheski, Smith, Zhou and Fotiou to include via an Inner Extensible Authentication Protocol (EAP) server. One would have been motivated to provide an authority-based issuance of claims and eliminating the need for 3rd party identity providers during authentication using blockchain technologies to assure exchange of verifiable credentials (Othman, Page 6, Right Column Under V. Summary, Lines 1-4). 


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.                                                                        
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439