SYSTEMS AND METHODS FOR SECURE AUTHENTICATION

§101 §103 §112 §DP

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statements The information disclosure statement(s) (IDS) submitted on 05/24/2024, 02/28/2025, and 12/08/2025 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) have been considered by the examiner. Statutory Double Patenting A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957). A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101. Claims 1, 10-11, and 16-17 are provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claim 1, 26-28, and 38 of copending U.S. Application 18/673,635 (reference application), starting with the Instant application claims followed by the Reference application claims as follows: 1 and 1; 10 and 27; 11 and 28; 16 and 26; and 17 and 38. This is a provisional statutory double patenting rejection since the claims directed to the same invention have not in fact been patented. Instant Application 18/673,660 Reference U.S. Application 18/673,635 1. A system for authentication, comprising: a validation system; an agent configured to communicate a first credential indicating an identification to the validation system and communicate a second credential indicating the identification to a verification service, wherein the validation system includes: a database configured to store authorized user data; and a portal configured to provide selection of the verification service from a plurality of verification services, wherein the validation system is configured to compare the first credential to the authorized user data, determine a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data, receive a verification of the second credential from the verification service, and modify the confidence level based on the verification. (emphasis added) 1. A system for authentication, comprising: a validation system; an agent configured to communicate a first credential indicating an identification to the validation system and communicate a second credential indicating the identification to a verification service, wherein the validation system includes: a database configured to store authorized user data; and a portal configured to provide selection of the verification service from a plurality of verification services, wherein the validation system is configured to compare the first credential to the authorized user data, determine a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data, receive a verification of the second credential from the verification service, and modify the confidence level based on the verification. (emphasis added) 10. The system of claim 1, wherein the validation system provides certificate transparency. 27. The system of claim 1, wherein the validation system provides certificate transparency. 11. The system of claim 1, wherein the validation system employs a claimant model for verifying signatures of the agent. 28. The system of claim 1, wherein the validation system employs a claimant model for verifying signatures of the agent. 16. The system of claim 1, wherein the verification service is a third-party service separate from the validation system. 26. The system of claim 1, wherein the verification service is a third-party service separate from the validation system. 17. A system for identity authentication on a communication platform, comprising: a database configured to store authorized user data; a first node that creates an identification and is configured to communicate the identification; at least one second node configured to: receive the identification; compare the identification to the authorized user data; determine a confidence level for the first node; and communicate a signal indicating the confidence level; and a user interface configured to present an indication of the confidence level in response to the signal. (emphasis added) 38. A system for identity authentication on a communication platform, comprising: a database configured to store authorized user data; a first node that creates an identification and is configured to communicate the identification; at least one second node configured to: receive the identification; compare the identification to the authorized user data; determine a confidence level for the first node; and communicate a signal indicating the confidence level; and a user interface configured to present an indication of the confidence level in response to the signal. (emphasis added) Non-Statutory Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1 and 17 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 17, 36, and 50 of copending Application No. 18/673,635 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1 and 17 of the instant application are anticipated by claims 17, 36, and 50 of copending Application No. 18/673,635, starting with the Instant application claims followed by the corresponding Reference application claims as follows: claims 1 and 29; 17 and 50; and 1 and 36. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Instant Application 18/673,660 Reference U.S. Application 18/673,635 1. A system for authentication, comprising: a validation system; an agent configured to communicate a first credential indicating an identification to the validation system and communicate a second credential indicating the identification to a verification service, wherein the validation system includes: a database configured to store authorized user data; and a portal configured to provide selection of the verification service from a plurality of verification services, wherein the validation system is configured to compare the first credential to the authorized user data, determine a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data, receive a verification of the second credential from the verification service, and modify the confidence level based on the verification. (emphasis added) Examiner notes: a database to hold user data (e.g., registered biometric credentials) and an internet portal would be inherent in claim 29. 29. The method for authentication, comprising: selecting, via a portal of a validation system, a verification service from a plurality of verification services separate from the validation system; receiving, at the validation system, a first credential from an agent indicating an identification; comparing the first credential to authorized user data stored in an authorized user database; determining a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data; communicating to the verification service a second credential from the agent indicating the identification; receiving, via the verification service, verification of the second credential; modifying the confidence level based on the verification. (emphasis added) 17. A system for identity authentication on a communication platform, comprising: a database configured to store authorized user data; a first node that creates an identification and is configured to communicate the identification; at least one second node configured to: receive the identification; compare the identification to the authorized user data; determine a confidence level for the first node; and communicate a signal indicating the confidence level; and a user interface configured to present an indication of the confidence level in response to the signal. (emphasis added) 50. A system for identity authentication on a communication platform, comprising: a database configured to store authorized user data; a first node configured to: communicate the identification; and communicate a credential to a verification service; at least one second node configured to: receive the identification; compare the identification to the authorized user data; determine a confidence level for the first node; receive a verification from the verification service based on the credential; update the confidence level based on the verification; and communicate a signal indicating the confidence level; and a user interface configured to present an indication of the confidence level in response to the signal. 1. A system for authentication, comprising: a validation system; an agent configured to communicate a first credential indicating an identification to the validation system and communicate a second credential indicating the identification to a verification service, wherein the validation system includes: a database configured to store authorized user data; and a portal configured to provide selection of the verification service from a plurality of verification services, wherein the validation system is configured to compare the first credential to the authorized user data, determine a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data, receive a verification of the second credential from the verification service, and modify the confidence level based on the verification. (emphasis added) Examiner notes: a database to hold user data (e.g., registered biometric credentials) and an internet portal would be inherent in claim 36. 36. A method for authentication, comprising: selecting a verification service from a plurality of verification services; receiving, at a validation system, a first credential from an agent indicating an identification; comparing the first credential to authorized user data; determining a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data; communicating to the verification service a second credential indicating the identification; receiving a verification of the second credential from the verification service; modifying the confidence level based on the validation. (emphasis added) Claim Objections Claim 9 is objected to because of the following informalities: the term “Merckle tree”. The examiner will interpret this feature as “Merkle tree”. Appropriate correction is required. Claim 30 is objected to because of the following informalities: the terms “VOIP” and “PSTN” are included without the descriptions of the acronyms. The examiner will interpret VOIP as Voice over Internet Protocol, and PSTN as Public Switched Telephone Network. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claims 6 and 9 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Dependent claims 6 and 9 recite features which have insufficient antecedent support for features includes in these claims. Specifically, in claim 6, the feature of “the signature service” lacks antecedent support. Specifically, in claim 9, the feature of “the pre-certificates” lacks antecedent support. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 5, 16-18, 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over 35 U.S.C. 103 as being unpatentable over US 20110214171 to Wolfond et al. (hereinafter Wolfond), in view of US 20100242106 to Harris et al. (hereinafter Harris). Regarding claim 1, Wolfond teaches, A system for authentication, comprising: (Title, teaches multimode credential authentication.) a validation system; (Abstract & fig. 7, teach authentication by scoring / ranking first and second credentials.) an agent configured to communicate a first credential indicating an identification to the validation system and communicate a second credential indicating the identification to a verification service, (fig. 7 and [0088-90] teach the identity scoring facility 400 receiving credentials from the agent. Fig. 7, 700-722 teach the first and second credentials discussed in detail below regarding [0089-98]. See also Abstract, teaching the first and second credentials being used for authentication by scoring the credentials. [0035] teaches distinct servers for credentials, sample acquisition, and identity scoring, discussed in detail in the rejection of claim 26 below. Additionally, fig. 1 & [0032] teach identity scoring separate from a financial facility / third party.) (Harris, further discussed below, also teaches client agents 120 in figs. 1D & 2B providing information for vServer 275 which authenticates, also discussed below in rejection of claim 26.) … wherein the validation system includes: a database configured to store authorized user data; and (fig. 1, credential reference records 202, see also fig. 7, 710) a portal configured to provide selection of the verification service (fig. 7, 716, teaches selecting the second channel. [0033] teaches identity system working web site or other secure database on network/internet. ) wherein the validation system is configured to compare the first credential to the authorized user data, determine a confidence level of validity of the identification based on the comparison of the first credential to the authorized user data, (fig. 7, 700-708 at [0089-92] teaching receiving non-biometric credential and scoring / “confidence level”. Also, fig. 7, 710-716 at [0093-98] teaches first biometric credential being received and scored. ) receive a verification of the second credential from the verification service, (fig. 7, 718-720 in [0105-106] teaches scoring the second biometric credential.) and modify the confidence level based on the verification. (fig. 7, 722 in [0107] teaches ultimate identity score based on the scoring of the first and second credentials.) Wolfond fails to explicitly teach selecting verification service from a plurality of verification services, However, Harris teaches, a portal configured to provide selection of the verification service from a plurality of verification services, …. ([0013] teaches based on a policy, selecting an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. See also, fig. 2B showing plurality of vServers 275a-n, which are the selectable plurality of servers.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond with the added ability to select from a plurality of verification / authentication servers when an authentication server is down or based on a policy, as taught by Harris, for the purpose of increasing efficiency by providing multiple options of authentication servers to prevent failure in the ability to authenticate, and thus, increasing efficiency while maintaining security, and/or based on a policy, selecting an authentication server, and thus, increasing security. Regarding claim 5, Wolfond and Harris teach, The system of claim 1, further comprising: a signature service between the validation system and the agent, wherein the signature service employs a verifiable data structure. (Applicant’s printed publication at [0095] & [0098] and figs. 9-10 describe / depict the signature service 814 as a connection between the agent 804 and validation system 802.) (Harris, [0169] teaches the use of certificates / “verifiable data structure” by authentication vServers 275a-v. One of skill in the art understands that certificates include information that confirm identity by using public keys included in the certificate to identify the holder of the certificate as possessing the public key in the certificate, and that the certificate holder also holds a private key that may be used to sign information (“signature”) that may be decrypted with the public key to prove identity by possessing the private key.) Regarding claim 16, Wolfond and Harris teach, The system of claim 1, wherein the verification service is a third-party service separate from the validation system. (Wolfond, [0035] teaches distinct servers for credentials, sample acquisition, and identity scoring.) (Harris, fig. 2b & [0008] teaches that vServer 275 of appliance 200 performs authentication. [0134] teaches that client 102 / client agent 120 provide information, including identity information, for access / authentication, to the appliance 200, which includes vServer 275. Fig. 2b teaches at least three parties, clients 102 including agents 120, appliance 200 including vServers 275a-n which perform authentication, and Services 270, thus “third party” verification is taught. See also rejection of claim 31 regarding third party.) Regarding claim 17, Wolfond and Harris teach, The features of 17 below are rejected using the same basis of arguments used to reject claim 1 above, with additional limitations taught by Wolfond and Harris, as included below. A system for identity authentication on a communication platform, comprising: a database configured to store authorized user data; a first node that creates an identification and is configured to communicate the identification; (Regarding “first node”, Harris, [0045] teaches an endpoint that is a node, where the node is a client.) at least one second node configured to: (Regarding “second node,” Harris, [0046] teaches that a server is a different node than the client. Abstract, teaches an authentication virtual server. See also, fig. 2b, Appliance 200 which pass data to vServers 275a-n, which perform authentication.) receive the identification; compare the identification to the authorized user data; determine a confidence level for the first node; and communicate a signal indicating the confidence level; and (See discussion of Wolfond and Harris below, and in the rejection of claim 1.) a user interface configured to present an indication of the confidence level in response to the signal. (Wolfond, [0077] teaches a notifying / displaying by user device and facilities. [0085] teaches the displaying a notification message. Examiner asserts it would be obvious to one of ordinary skill in the art for the facility 500 to display results that Wolfond provides to the facility 500, when a transaction is approved or disapproved.) (Harris, [0073] teaches that each of the devices of fig. 2a, including appliance 200 include a display, which one of ordinary skill in the art could use to display the results of vServer 275 which is part of appliance 200. [0267] teaches vServer transmitting displayable data to client. Table 7 and [0256-257] teach display of authentication / authorization information, where the vServer authorizes a client to connect to another server 106.) Regarding claim 18, Wolfond and Harris teach, The system of claim 17, further comprising: a signature service between the first node and the at least one second node, wherein the signature service employs a verifiable data structure. (Harris, as discussed above in the rejection of claim 17 teaches the devices being nodes.) Claim 18 is rejected using the same basis of arguments used to reject claim 5 above. Regarding claim 28, Wolfond and Harris teach, The system of claim 18, wherein the communication platform includes email communication software. (Harris, [0062] teaches servers providing email, [0106] teaches vServer using email to communicate.) Regarding claim 29, Wolfond and Harris teach, The system of claim 18, wherein the identification includes at least one of a textual confirmation via an instant messaging application and data from a web application. (Wolfond, [0085] teaches the displaying a notification message.) (Harris, [0006] also teaches the client being informed that the authentication is successful by being granted access. [0117] teaches the use of passwords as the credential / “identification”.) (The examiner has rejected “identification” as both a notification, and as a credential) Regarding claim 30, Wolfond and Harris teach, The system of claim 18, wherein the identification includes at least one of voice information provided via at least one of VOIP and PSTN, textual confirmation via instant messaging, video information, and location information. (Wolfond, [0090] teaches authentication using a first non-biometric credential that is an address / “location information”.) Claims 2 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20230088868 to Haltom et al. (hereinafter Haltom). Regarding claim 2, Wolfond and Harris teach, The system of claim 1, wherein the verification service (Wolfond, Abstract teaches verification services, a first credential, and a second credential) Wolfond and Harris fail to explicitly teach the service being related to a carrier, and the credential including call details / records, However, Haltom teaches, wherein the verification service includes a carrier, and wherein the second credential includes call detail records. (Abstract, teaches authenticating a call based on identification of second device and the carrier identifier.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Haltom, which also teaches authentication using multiple details (Abstract), and additionally teaches where the authentication is based on call with carrier details / identifiers (Abstract) and the use of STIR and SHAKEN ([0015-16]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to authenticate based on carrier information, as taught by Haltom, for the purpose of using carrier / cellular service information to authentication as an additional factor to increase security. Regarding claim 4, Wolfond, Harris, and Haltom teach, The system of claim 2, wherein the carrier is configured to employs at least one of a secure telephone identity revisited (STIR) protocol and a signature-based handling of asserted information using tokens (SHAKEN) protocol to determine the verification. ([0015-16] teaches using secure telephone identity revisited (STIR) protocol and a signature-based handling of asserted information using tokens (SHAKEN) protocol.) Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of Haltom, in view of US 20170094515 to Salo et al. (hereinafter Salo). Regarding claim 3, Wolfond, Harris, and Haltom teach, The system of claim 2, wherein the call detail records include a (Haltom, [0026] teaches records / JSON token providing location data.) Wolfond, Harris, and Haltom fail to explicitly teach cellular tower location / access point location, However, Salo teaches, wherein the call detail records include a cell tower location. ([0079] teaches tracking and recording cellular call details, including locations of access points 120, which in fig. 1 are shown as cell towers.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Haltom, which also teaches authentication using multiple details (Abstract), and additionally teaches where the authentication is based on call with carrier details / identifiers (Abstract) and the use of STIR and SHAKEN ([0015-16]), with Salo, which also teaches authentication (Title) and using mobile device identifiers in authentication ([0081]), and additionally teaches recording cell tower / access point locations in the call data ([0079]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond , Harris, and Haltom with the added ability to track cell towers used for calls, as taught by Salo, for the purpose of increasing security by allowing auditing of resources, such as AAA ([0053]) for cellular carriers. Claims 6-8, 10, and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20210320946 to Boshmaf et al. (hereinafter Boshmaf). Regarding claim 6, Wolfond and Harris teach, The system of claim 1, further comprising: a certificate authority configured to issue certificates to the agent via the signature service; (Applicant’s printed publication at [0095] & [0098] and figs. 9-10 describe / depict the signature service 814 as a connection between the agent 804 and validation system 802.) (Harris, [0169] teaches the use of certificates by authentication vServers 275a-v. One of skill in the art understands that certificates include information that confirm identity by using public keys included in the certificate to identify the holder of the certificate as possessing the public key in the certificate, and that the certificate holder also holds a private key that may be used to sign information (“signature”) that may be decrypted with the public key to prove identity by possessing the private key.) (Boshmaf, further discussed below, in Abstract, teaches certificate authorities and specifically teaches the detection of rouge certificate authorities or mis-issued certificates.) Wolfond and Harris fail to explicitly teach the use of pre-certificates that are logged and monitoring of the log to detect fraud, However, Boshmaf teaches, a log configured to log pre-certificates; and ([0005] teaches logging pre-certificates, where Abstract & [0004] teach that the logs are used to detect phishing / fraud.) a monitor configured to monitor the log. ([0004] teaches “log monitors” where the monitoring discovers fraudulently issued certificates. See also [0023] teaching identifying phishing sites by monitoring the logs.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Boshmaf, which also teaches certificates, which are used for authentication (Abstract), and additionally teaches certificate transparency (CT) and CT logging to identity illegitimate sites, such as phishing sites (Abstract), and the use of pre-certificates that are logged for monitoring to detect fraud ([0004-5]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to log pre-certificates and the use of certificate transparency to detect phishing by fraudulent certificates, as taught by Boshmaf, for the purpose of increasing security by allowing for the monitoring of the logs of certificates. Regarding claim 7, Wolfond, Harris, and Boshmaf teach, The system of claim 6, wherein the log is append-only and transparent. (Boshmaf, [0003] teaches that the publicly transparent servers are “append-only”. Abstract also teaches certificate transparency.) Regarding claim 8, Wolfond, Harris, and Boshmaf teach, The system of claim 6, wherein the monitor is configured to detect malicious certificates. (Boshmaf, Abstract, teaches the use of certificate transparency to detect phishing sites, and [0003-5] teach detecting “fraudulent certificates”.) Regarding claim 10, Wolfond, Harris, and Boshmaf teach, The system of claim 1, wherein the validation system (Wolfond, teaches at least identity scoring system 400.) (Harris, fig. 2b appliance 200 / vServers 275a-v teach a verification system.) Wolfond and Harris fail to explicitly certificate transparency, However, Boshmaf teaches, wherein the validation system provides certificate transparency. ([0038] teaches validation using certificates. Abstract & [0003-5], teach certificate transparency.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Boshmaf, which also teaches certificates, which are used for authentication (Abstract), and additionally teaches certificate transparency (CT) and CT logging to identity illegitimate sites, such as phishing sites (Abstract), and the use of pre-certificates that are logged for monitoring to detect fraud ([0004-5]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to log pre-certificates and the use of certificate transparency to detect phishing by fraudulent certificates, as taught by Boshmaf, for the purpose of increasing security by allowing for the monitoring of the logs of certificates. Regarding claim 19, Wolfond, Harris, and Boshmaf teach, The system of claim 18, further comprising: a certificate authority configured to issue certificates to the first node via the signature service; (Harris, as discussed above in the rejection of claim 17 teaches the devices being nodes.) a log configured to log pre-certificates; and a monitor configured to monitor the log. Claim 19 is rejected using the same basis of arguments used to reject claim 6 above. Regarding claim 20, Wolfond, Harris, and Boshmaf teach, The system of claim 19, wherein the log is append-only and transparent. Claim 20 is rejected using the same basis of arguments used to reject claim 7 above. Regarding claim 21, Wolfond, Harris, and Boshmaf teach, The system of claim 19, wherein the monitor is configured to detect malicious certificates. Claim 21 is rejected using the same basis of arguments used to reject claim 8 above. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of Boshmaf, in view of US 20230254154 to Kampanakis et al. (hereinafter Kampanakis). Regarding claim 9, Wolfond and Harris teach, The system of claim 1, Wolfond and Harris fail to explicitly teach the use of pre-certificates that are logged using a Merkle tree, However, Boshmaf teaches, wherein the log utilizes a (Abstract, [0003-5] & [0023] teach the use of pre-certificates for certificate transparency through the use of logs that may be monitored to detect fraudulent activity. See also rejections of claims 6-8 & 10. Further, [0032] teaches the use of decision trees.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Boshmaf, which also teaches certificates, which are used for authentication (Abstract), and additionally teaches certificate transparency (CT) and CT logging to identity illegitimate sites, such as phishing sites (Abstract), and the use of pre-certificates that are logged for monitoring to detect fraud ([0004-5]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to log pre-certificates and the use of certificate transparency to detect phishing by fraudulent certificates, as taught by Boshmaf, for the purpose of increasing security by allowing for the monitoring of the logs of certificates. Wolfond, Harris, and Boshmaf fail to explicitly teach the use of Merkle trees for storing the log information for Certificate Transparency, However, Kampanakis teaches wherein the log utilizes a Merckle ([0051] teaches certificate logs for certificate transparency where the logs use Merkle trees to allow auditing.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Boshmaf, which also teaches certificates, which are used for authentication (Abstract), and additionally teaches certificate transparency (CT) and CT logging to identity illegitimate sites, such as phishing sites (Abstract), and the use of pre-certificates that are logged for monitoring to detect fraud ([0004-5]), with Kampanakis, which also teaches authentication and verification (Abstract, [0003], and fig. 1) and certificate transparency ([0051]), and additionally teaches the use of a Merkel tree in the certificate logs ([0051]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond, Harris, and Boshmaf with the added ability to log pre-certificates and the use of certificate transparency to detect phishing by fraudulent certificates, as taught by Boshmaf, and with the added ability to use Merkle trees for the certificate logs to allow for auditing, as taught by Kampanakis, for the purpose of increasing security and computational efficiency by using the Merkle trees. Claims 11-15 and 22-24 are rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20190163912 to Kumar et al. (hereinafter Kumar). Regarding claim 11, Wolfond and Harris teach, The system of claim 1, wherein the validation system employs (Harris, [0169] teaches certificate based authentication, which is based on signatures, and fig. 1 teaches client agent 120.) Wolfond and Harris fail to explicitly teach the use of a claimant model, However, Kumar teaches, wherein the validation system employs a claimant model for verifying signatures of the agent. (Applicants printed publication at [0115] describes the claimant model publishing information (manifest) to a log using for example, hashes, signatures, and device information, and further describes when private keys are stolen, the information (manifest) can be monitored and the malicious information (manifest) can be detected.) (Kumar, [0002-3] teaches the use of signatures, [0020] teaches a log in transaction record and ledger shown in fig. 5 by steps 408 & 502 [0093] & [0096] teach detecting the keys have been compromised, and performing revocation of a certificate.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]) and the use of certificates for authentication ([0169]), with Kumar, which also teaches authentication ([0003] & fig. 1, 113 device authentication and profiling), and additionally teaches issuance of a certificate using device information and the publishing of certificate issuance information (fig. 5, steps 403, 407, 408, & 502) and also teaches the revocation of certificates (fig. 7) based on detecting of compromised public / private keys ([0093]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to use certificate logs to track / monitor usage of the certificates to detect fraud such as stolen public / private keys, as taught by Kumar, for the purpose of increasing security by maintaining published records to determine if fraud has occurred. Regarding claim 12, Wolfond, Harris, and Kumar teach, The system of claim 11, further comprising: a certificate authority configured to publish a manifest when a certificate is issued to the agent. (Applicants printed publication at [0115] teaches a claimant model, that publishes a manifest to the log, where the claimant can monitor the logs / published manifests to detect malicious activity, including detection of a stolen private key.) (Kumar, fig. 5 teaches publishing information to devices management service 103 at step 502 of fig. 5 and also teaches step 408 of fig. 5 transaction record in [0067-68], and issuing certificate at step 407 in [0066].) Regarding claim 13, Wolfond, Harris, and Kumar teach, The system of claim 12, further comprising: a verifier configured to verify the manifest from the certificate authority. (Kumar, step 403 of fig. 5 discussed in [0066] teaching providing profile 232 and profile 114.) Regarding claim 14, Wolfond, Harris, and Kumar teach, The system of claim 13, wherein, in response to detection of an aberrant manifest, the portal is configured to present an indication of the aberrant manifest. (Kumar, end of [0011] & [0012] teach deregistration of a certificate, and detection of anomaly(s) / threats with protection. Kumar, [0093] teaches detecting compromised public / private keys. [0096] teaches performing revocation by a certificate authority. Fig. 7 teaches the details of revoking / disenrolling / de-registering a certificate.) Regarding claim 15, Wolfond, Harris, and Kumar teach, The system of claim 13, wherein the validation system is configured to revoke the certification in response to detection of the aberrant manifest. (Kumar, end of [0011] & [0012] teach deregistration of a certificate, and detection of anomaly(s) / threats with protection. Kumar, [0093] teaches detecting compromised public / private keys. [0096] teaches performing revocation by a certificate authority. Fig. 7 teaches the details of revoking / disenrolling / de-registering a certificate.) Regarding claim 22, Wolfond, Harris, and Kumar teach, The system of claim 18, wherein the validation system employs a claimant model for verifying signatures of the first node. (Harris, as discussed above in the rejection of claim 17 teaches the devices being nodes.) Claim 22 is rejected using the same basis of arguments used to reject claim 11 above. Regarding claim 23, Wolfond, Harris, and Kumar teach, The system of claim 18, further comprising: a certificate authority configured to publish a manifest when a certificate is issued to the first node. (Harris, as discussed above in the rejection of claim 17 teaches the devices being nodes, including the client with agent 120.) Claim 23 is rejected using the same basis of arguments used to reject claim 12 above. Regarding claim 24, Wolfond, Harris, and Kumar teach, The system of claim 23, further comprising: a verifier configured to verify the manifest from the certificate authority. Claim 24 is rejected using the same basis of arguments used to reject claim 13 above. Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20210105270 to Zhao et al. (hereinafter Zhao). Regarding claim 25, Wolfond and Harris teach, The system of claim 18, wherein the identification is (Harris, [0085-85] teaches the use of encryption for communications between devices.) Wolfond and Harris fails to explicitly teach, use of post quantum secure encryption. However, Zhao teaches, wherein the identification is post-quantum secure. ([0126-127] teaches encrypting biometrics with quantum secure key when passing through a network.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Zhao, which also teaches identity authentication (Title) and use of biometrics ([0004]), and additionally teaches encrypting biometrics with quantum secure key when passing through a network. ([0126-127]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to use quantum secure encryption of biometrics / credentials, as taught by Zhao, for the purpose of increasing security. Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20240403399 to Hsu (hereinafter Hsu). Regarding claim 26, Wolfond and Harris teach, The system of claim 18, wherein the at least one second node is communicatively (Harris, as discussed above in the rejection of claim 17 teaches the devices being nodes.) Wolfond and Harris fail to explicitly teach the use of a blockchain as a node in the authentication / verification, However, Hsu teaches, wherein the at least one second node is communicatively coupled with a blockchain for verifying the identification. ([0021] teaches using a distributed ledger / blockchain as a node in the computing device 100 performing authentication, as shown in fig. 1.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Hsu, which also teaches the use of identity credentials / biometrics for authentication (Abstract) where the devices are nodes (fig. 1), and additionally teaches using a distributed ledger / blockchain as a node in the computing device 100 performing authentication ([0021]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to use the immutable storage of a blockchain to perform authentication, as taught by Hsu, for the purpose of increasing security by using immutable storage / blockchain to store credentials. Claims 27 and 41 are rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20230185423 to Wang et al. (hereinafter Wang). Regarding claim 27, Wolfond and Harris teach, The system of claim 18, wherein the communication platform includes (Wolfond, [0085] teaches the displaying a notification message.) (Harris, [0006] also teaches the client being informed that the authentication is successful by being granted access.) Wolfond and Harris fail to explicitly teach using conferencing or email to present the confidence level, However, Wang teaches, wherein the communication platform includes conferencing software configured to present the confidence level, wherein the confidence level is representative of user authentication for users of the conferencing software. (Wang, [0032] teaches the server delivering an authentication result and rank which grants a user access to different levels of access in the conferencing screen.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Wang, which also teaches authentication (Abstract) including biometric authentication ([0005]), and additionally teaches the server delivering an authentication result and rank which grants a user access to different levels of access in the conferencing screen ([0032]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to provide authentication results including confidence / rank using a conferencing software, as taught by Wang, for the purpose of increasing security by restricting users based on the confidence / ranking of the authentication result. Regarding claim 41, Wolfond and Harris teach, The system of claim 18, wherein the at least one second node is configured to determine a security level corresponding to the identification based on the comparison of the identification (Wolfond, Abstract, teaches scoring both credentials.) (Harris, fig. 2b teaches vServers 275a-n which perform authentication). Wolfond and Harris fail to explicitly teach determining a security level / level of access based on authorized user data, However, Wang teaches, wherein the at least one second node is configured to determine a security level corresponding to the identification based on the comparison of the identification to the authorized user data. (Wang, [0032] teaches the server delivering an authentication result and rank which grants a user different levels of access in the conferencing screen.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Wang, which also teaches authentication (Abstract) including biometric authentication ([0005]), and additionally teaches the server delivering an authentication result and rank which grants a user access to different levels of access in the conferencing screen ([0032]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to provide authentication results including confidence / rank using a conferencing software, as taught by Wang, for the purpose of increasing security by restricting users levels of access based on the confidence / ranking of the authentication result. Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20180316708 to Strong et al. (hereinafter Strong). Regarding claim 31, Wolfond and Harris teach, The system of claim 18, further comprising: a third-party verification service in communication with the first node and including endpoint service and detection for detecting (Harris, [0045] teaches nodes and endpoints as the devices / servers in fig. 2b. [0011] teaches authentication based on the software installed on the client. Fig. 2b teaches at least three parties, clients 102 including agents 120, appliance 200 including vServers 275a-n which perform authentication, and Services 270, thus “third party” verification is taught. See also rejection of claim 16 regarding third party) Wolfond and Harris fail to explicitly teach aberrant software / malware detection, However, Strong teaches, a third-party verification service in communication with the first node and including endpoint service and detection for detecting aberrant software running on the first node. (Strong, fig. 3 & [0019] teaches server 310 that accesses the endpoint computer 105 and provides threat detection / malware detection and authentication / verification to provide insight into the nodes.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Strong, which also teaches authentication and endpoint services (Abstract), and additionally teaches server that accesses the endpoint computer and provides threat detection / malware detection and authentication / verification to provide insight into the nodes ([0019]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to threat detection / malware detection and authentication / verification to provide insight into the nodes, as taught by Strong, for the purpose of increasing security and providing computational efficiency by having an external device / server detect malware in a client. Claims 32-34 are rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of Strong, in view of US 20240256675 to Ozugur (hereinafter Ozugur). Regarding claim 32, Wolfond, Harris, and Strong teach, The system of claim 31, wherein the at least one second node includes at least one machine learning model trained to generate (Wolfond, Abstract teaching using first and second identity proof scores of credentials) (Harris, as discussed above in the rejection of claim 17, teaches nodes and endpoints where the clients are the endpoints / nodes and the servers are also nodes, in at least [0045].) (Strong, fig. 3 & [0019] teaches server 310 that accesses the endpoint computer 105 and provides threat detection / malware detection and authentication / verification to provide insight into the nodes. [0016] teaches machine learning to monitor and collect data to detect threats.) Wolfond, Harris, and Strong fail to explicitly teach the use of machine learning in the detection of aberrant software / malware, However, Ozugur teaches, wherein the at least one (Abstract, teaches using AI and machine learning to score and detect threats in applications. See also at least [0003]) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]) and nodes / endpoints ([0045]), with Strong, which also teaches authentication and endpoint services (Abstract), and additionally teaches server that accesses the endpoint computer and provides threat detection / malware detection and authentication / verification to provide insight into the nodes ([0019]), with Ozugur, which also teaches threat detection (Abstract), and additionally teaches use of artificial intelligence and machine learning to determine a threat score (Abstract & [0003]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond, Harris, and Strong with Strong’s server’s ability to detect malware in a client, with the added ability to detect threats using threat modeling to determine a threat score, as taught by Ozugur, for the purpose of increasing security by utilizing AI and machine learning to fully utilize computing to determine threats automatically. Regarding claim 33, Wolfond, Harris, Strong, and Ozugur teach, The system of claim 32, further comprising: an artificial intelligence engine that trains the machine learning model using the detection of the aberrant software. (Strong, fig. 3 & [0019] teaches server 310 that accesses the endpoint computer 105 and provides threat detection / malware detection and authentication / verification to provide insight into the nodes. [0016] teaches machine learning to monitor and collect data to detect threats.) (Ozugur, Abstract teaches using artificial intelligence (AI) and machine learning (ML) in threat scoring and threat detection for applications. At least [0004-5] & [0032-34] teach using AI to train ML.) Regarding claim 34, Wolfond, Harris, and Strong teach, The system of claim 31, wherein the machine learning model is configured to (Harris, at least [0045] teaches endpoints and nodes.) (Strong, [0016] teaches machine learning in threat detection.) Wolfond, Harris, and Strong fail to explicitly teach machine learning adjusting weights, However, Ozugur teaches, wherein the machine learning model is configured to adjust a function for determining the confidence level by adjusting a relative functional weight of at least one of the verification from the (Ozugur [0005] teaches using weights to determine the threat confidence threshold. See also [0036]. Further, training an ML is known to one of skill in the art to include adjusting the weights, where at least [0004] teaches training the model. See also rejection of claim 33 regarding training.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]) and nodes / endpoints ([0045]), with Strong, which also teaches authentication and endpoint services (Abstract), and additionally teaches server that accesses the endpoint computer and provides threat detection / malware detection and authentication / verification to provide insight into the nodes ([0019]), with Ozugur, which also teaches threat detection (Abstract), and additionally teaches use of artificial intelligence and machine learning to determine a threat score (Abstract & [0003]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond, Harris, and Strong with Strong’s server’s ability to detect malware in a client, with the added ability to detect threats using threat modeling to determine a threat score, as taught by Ozugur, for the purpose of increasing security by utilizing AI and machine learning to fully utilize computing to determine threats automatically. Claims 35-36, and 38-40 are rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of US 20150135277 to Vij et al. (hereinafter Vij). Regarding claim 35, Wolfond and Harris teach, The system of claim 18, wherein the system is configured to provide a decentralized identity via sharing the confidence level and detail with a different set of (Wolfond, Abstract teaches the scoring of credentials / “confidence level” as discussed in the rejection of claim 1.) (Harris, fig. 2b teaches appliance 200 with vServers 275a-n that provide decentralized authentication. At least Harris [0045] teaches the devices in fig. 2b are nodes.) Wolfond and Harris fail to explicitly teach the use of federated nodes, However, Vij teaches, wherein the system is configured to provide a decentralized identity via sharing the confidence level and detail with a different set of federated nodes. (Vij, Abstract teaches using reputation based attributes exchanged between peers in a federated network using a trust level. [0042] teaches that trust is established using scores. [0043] teaches that the federated network of fig. 5 is decentralized, see also fig. 3. [0003] teaches authentication.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Vij, which also teaches authentication ([0003]) based on attributes (Abstract), and additionally teaches using reputation based attributes exchanged between peers in a federated network using a trust level (Abstract) and teaches that trust is established using scores, and that the federated network of fig. 5 is decentralized ([0042-43]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to utilize federated networks to provide identity / authentication, as taught by Vij, for the purpose of increasing security by using a distributed network that is federated for identification / authentication. Regarding claim 36, Wolfond and Harris teach, The system of claim 18, wherein the at least one second node includes a (Harris, in at least [0045] teaches that the client and servers are nodes in a network.) a third node on the (Harris, fig. 2b teaches at least three parties, clients 102 including agents 120, appliance 200 including vServers 275a-n which perform authentication, and Services 270, thus “third party” verification is taught. See also rejection of claim 31 regarding third party. Harris teaches limiting access to services 270b based on failure to authenticate by vServer 275 which limits the communication to failure only, in at least [0287].) Wolfond and Harris fail to explicitly teach federate networks and providing authentication / access between different federated domains, However, Vij teaches, wherein the at least one second node includes a federated network, and further comprising: (Abstract, teaches federated network, fig. 4 teaches nodes in two different federated networks.) a third node on the federated network, and wherein the first node is connected to the at least one second node from outside of the federated network, wherein the at least one second node is configured to limit communication of the confidence level of the third node in response to the first node being outside of the federated network. (Vij, fig. 4 teaches providing services between different federated trust domains / “outside of the federated network” where multiple nodes exist. [0029] describing fig. 4, teaches first time inter-domain interactions between different federated trust domains, where trust agents/entities may inherit the trust properties of the domain they are associated with. Thus, association with a trusted domain is necessary before communication / trust scoring of [0042] may occur (“limit communication of the confidence level”). [0030] teaches access requirements for a resource, including credentials for authentication / authorization, to establish first time access. See fig. 4 description in full [0029-42].) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Vij, which also teaches authentication ([0003]) based on attributes (Abstract), and additionally teaches using reputation based attributes exchanged between peers in a federated network using a trust level (Abstract) and teaches that trust is established using scores, and that the federated network of fig. 5 is decentralized ([0042-43]), and also teaches inter-federated domain access / authentication (fig. 4). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to utilize federated networks to provide identity / authentication and inter-federated domain authentication / access, as taught by Vij, for the purpose of increasing security by using a distributed network that is federated for identification / authentication. Regarding claim 38, Wolfond and Harris teach, The system of claim 18, wherein the at least one second node is configured to selectively share confidence levels of nodes via a (Harris, fig. 2b teaches at least three parties, clients 102 including agents 120, appliance 200 including vServers 275a-n which perform authentication, and Services 270, thus “third party” verification is taught. See also rejection of claim 31 regarding third party. Harris teaches limiting access to services 270b based on failure to authenticate by vServer 275 which limits the communication to failure only, in at least [0287].) Wolfond and Harris fail to explicitly teach federate where communication of confidence levels is selectively shared, However, Vij teaches, wherein the at least one second node is configured to selectively share confidence levels of nodes via a federation network. (Vij, fig. 4 teaches providing services between different federated trust domains / “outside of the federated network” where multiple nodes exist. [0029] describing fig. 4, teaches first time inter-domain interactions between different federated trust domains, where trust agents/entities may inherit the trust properties of the domain they are associated with. Thus, association with a trusted domain is necessary before communication / trust scoring of [0042] may occur (“selectively share confidence levels”). [0030] teaches access requirements for a resource, including credentials for authentication / authorization, to establish first time access. See fig. 4 description in full [0029-42].) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Vij, which also teaches authentication ([0003]) based on attributes (Abstract), and additionally teaches using reputation based attributes exchanged between peers in a federated network using a trust level (Abstract) and teaches that trust is established using scores, and that the federated network of fig. 5 is decentralized ([0042-43]), and also teaches inter-federated domain access / authentication (fig. 4). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to utilize federated networks to provide identity / authentication and inter-federated domain authentication / access, as taught by Vij, for the purpose of increasing security by using a distributed network that is federated for identification / authentication. Regarding claim 39, Wolfond and Harris teach, The system of claim 18, wherein the at least one second node is configured to selectively limit communication of the confidence level based on the comparison of the identification (Harris, fig. 2b teaches at least three parties, clients 102 including agents 120, appliance 200 including vServers 275a-n which perform authentication, and Services 270, thus “third party” verification is taught. See also rejection of claim 31 regarding third party. Harris teaches limiting access to services 270b based on failure to authenticate by vServer 275 which limits the communication to failure only, in at least [0287].) Wolfond and Harris fail to explicitly teach comparison of the identification to the authorized user data, However, Vij teaches, wherein the at least one second node is configured to selectively limit communication of the confidence level based on the comparison of the identification to the authorized user data. (Vij, fig. 4 teaches providing services between different federated trust domains / “outside of the federated network” where multiple nodes exist. [0029] describing fig. 4, teaches first time inter-domain interactions between different federated trust domains, where trust agents/entities may inherit the trust properties of the domain they are associated with. Thus, association with a trusted domain is necessary before communication / trust scoring of [0042] teaching access may occur after association is determined (“comparison of the identification to the authorized user data”). [0030] teaches access requirements for a resource, including credentials for authentication / authorization, to establish first time access. See fig. 4 description in full [0029-42].) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Vij, which also teaches authentication ([0003]) based on attributes (Abstract), and additionally teaches using reputation based attributes exchanged between peers in a federated network using a trust level (Abstract) and teaches that trust is established using scores, and that the federated network of fig. 5 is decentralized ([0042-43]), and also teaches inter-federated domain access / authentication (fig. 4). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to utilize federated networks to provide identity / authentication and inter-federated domain authentication / access, as taught by Vij, for the purpose of increasing security by using a distributed network that is federated for identification / authentication. Regarding claim 40, Wolfond and Harris teach, The system of claim 18, wherein the system is configured to provide a decentralized identity via sharing the confidence level and detail with a different set of (Wolfond, Abstract teaches different scoring levels for the credentials used in authentication, as discussed in the rejection of claim 1.) (Harris, fig. 2b teaches services 170a-n / servers that are independent but part of a larger grouping that use vServers 275a-n / “federated nodes”. Fig. 2b teaches vServers 275a-n which are decentralized.) Wolfond and Harris fail to explicitly teach the use of federated network with nodes, However, Vij teaches, wherein the system is configured to provide a decentralized identity via sharing the confidence level and detail with a different set of federated nodes. (Vij, fig. 4 teaches providing services between different federated trust domains / “outside of the federated network” where multiple nodes exist. [0029] describing fig. 4, teaches first time inter-domain interactions between different federated trust domains, where trust agents/entities may inherit the trust properties of the domain they are associated with. See also fig. 4 description in full [0029-42].) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Vij, which also teaches authentication ([0003]) based on attributes (Abstract), and additionally teaches using reputation based attributes exchanged between peers in a federated network using a trust level (Abstract) and teaches that trust is established using scores, and that the federated network of fig. 5 is decentralized ([0042-43]), and also teaches inter-federated domain access / authentication (fig. 4). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond and Harris with the added ability to utilize federated networks to provide identity / authentication and inter-federated domain authentication / access, as taught by Vij, for the purpose of increasing security by using a distributed network that is federated for identification / authentication. Claim 37 is rejected under 35 U.S.C. 103 as being unpatentable over Wolfond, in view of Harris, in view of Strong, in view of Vij. Regarding claim 37, Wolfond, Harris, and Strong teach, The system of claim 31, wherein the third-party verification service is configured to share the verification and the at least one second node is configured to limit communication of the confidence level to the (Harris, fig. 2b teaches at least three parties, clients 102 including agents 120, appliance 200 including vServers 275a-n which perform authentication, and Services 270, thus “third party” verification is taught. See also rejection of claim 31 regarding third party. Harris teaches limiting access to services 270b based on failure to authenticate by vServer 275 which limits the communication to failure only, in at least [0287].) Wolfond, Harris, and Strong fail to explicitly teach limiting communications of confidence level to a third party, However, Vij teaches, wherein the third-party verification service is configured to share the verification and the at least one second node is configured to limit communication of the confidence level to the third-party verification service. (Vij, fig. 4 teaches providing services between different federated trust domains / “outside of the federated network” where multiple nodes exist. [0029] describing fig. 4, teaches first time inter-domain interactions between different federated trust domains, where trust agents/entities may inherit the trust properties of the domain they are associated with. Thus, association with a trusted domain is necessary before communication / trust scoring of [0042] may occur (“limit communication of the confidence level”). [0030] teaches access requirements for a resource, including credentials for authentication / authorization, to establish first time access. See fig. 4 description in full [0029-42].) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Wolfond, which teaches authenticating a user based on at least a first and second credential, both of which are scored, to obtain in ultimate score (Abstract and fig. 7), with Harris, which also teaches authentication using credentials ([0007]), and additionally teaches select an authentication virtual server of the plurality of authentication virtual servers to authenticate the client ([0013]), and the use of agents and APIs ([0067]), with Strong, which also teaches authentication and endpoint services (Abstract), and additionally teaches server that accesses the endpoint computer and provides threat detection / malware detection and authentication / verification to provide insight into the nodes ([0019]), with Vij, which also teaches authentication ([0003]) based on attributes (Abstract), and additionally teaches using reputation based attributes exchanged between peers in a federated network using a trust level (Abstract) and teaches that trust is established using scores, and that the federated network of fig. 5 is decentralized ([0042-43]), and also teaches inter-federated domain access / authentication (fig. 4). One of ordinary skill in the art would have been motivated to perform such an addition to provide Wolfond, Harris, and Strong with the added ability to utilize federated networks to provide identity / authentication and inter-federated domain authentication / access, as taught by Vij, for the purpose of increasing security by using a distributed network that is federated for identification / authentication. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942. The examiner can normally be reached on 9AM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /B.W.A./ /FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495