Access Controls for a Decentralized Network

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . CONTINUATION This application is a continuation application of U.S. application no. 18/402,627 filed on January 2, 2024, now U.S. Patent 12,254,453 (“Parent Application”), which is a continuation application of U.S. application no. 18/194,562 filed on March 31, 2023, now U.S. Patent 11,900,340, which is a continuation application of U.S. application no. 18/090,039 filed on December 28, 2022, now U.S. Patent 11,790,334. See MPEP §201.07. In accordance with MPEP §609.02 A. 2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the Parent Application. Also in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the Parent Application are now considered cited or ‘of record’ in this application. Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the Parent Application need not be resubmitted in this application unless Applicants desire the information to be printed on a patent issuing from this application. See MPEP §609.02 A. 2. Finally, Applicants are reminded that the prosecution history of the Parent Application is relevant in this application. See e.g., Microsoft Corp. v. Multi-Tech Sys., Inc., 357 F.3d 1340, 1350, 69 USPQ2d 1815, 1823 (Fed. Cir. 2004) (holding that statements made in prosecution of one patent are relevant to the scope of all sibling patents). Applicant’s claim for the benefit of U.S. provisional patent application 63/348,571 filed June 3, 2022 under 35 U.S.C. 119(e) is acknowledged. Information Disclosure Statement The information disclosure statement (IDS) was submitted on May 7, 2025. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Benson et al. (U.S. Patent 10,965,474, hereinafter referred to as Benson) in view of Thandapani et al. (U.S. Patent 11,615,403, hereinafter referred to as Thandapani). As per claims 1 and 11 Benson discloses receiving an input via a sensor of a wallet hardware key device to initiate a recovery process of an device (1:51-56 “In some embodiments, the method for authenticating the security device begins by establishing a connection with the security device (e.g., determines that a smart card has been inserted into a card reader of the target device, has been wirelessly detected within a particular range of the target device, etc.)” Benson discloses authenticating ownership of the wallet hardware key device based on the input (1:60-66 “Upon determining that the connection with the security device has been established, the method of some embodiments sends a challenge to the security device to authenticate the security device. In some embodiments, the challenge includes a verification value that is encrypted such that only the security device is able to decrypt the encrypted verification value”, 2:13-21 “In some embodiments, the security device processes the challenge to retrieve the verification value and to return a response that includes the verification value. The method of some embodiments receives the response from the security device and determines whether the response is a valid response. In some embodiments, the method determines whether the response is valid by determining whether the verification value of the response matches the verification value that was sent in the challenge”) Benson discloses responsive to the authenticating, transmitting a communication by the wallet hardware key device for receipt by the edge device, the communication configured to cause the edge device to unlock In some embodiments, the security device processes the challenge to retrieve the verification value and to return a response that includes the verification value. The method of some embodiments receives the response from the security device and determines whether the response is a valid response. In some embodiments, the method determines whether the response is valid by determining whether the verification value of the response matches the verification value that was sent in the challenge”, 2:38-49 “When the response is determined to be a valid response, the method of some embodiments modifies accessibility (or a security state) for the target device. In some embodiments, the authentication process further requires additional authentication information (e.g., passwords, passcodes, biometric information, etc.) from a user of the security device before authenticating the security device and modifying the accessibility to the target device. In some embodiments, when the response is valid, the method modifies the accessibility in various ways, such as unlocking the device, decrypting files at the device, providing elevated security access to the device, etc.”) Benson does not explicitly disclose that the unlocking involves an identity wallet, however as Benson teaches at 2:38-49 that the access to the target device is modified in various ways such as “…unlocking the device, decrypting files at the device, providing elevated security access to the device, etc.” the teaching can be viewed as encompassing the unlocking of any function on the target device based on the determination that the verification value received by the target device matches that which the target device sent to the security device (in encrypted form such that only the security device possesses the private key necessary to decrypt the encrypted verification value). Nonetheless, Thandapani teaches the unlocking of an identity wallet (5:35-43 “In some embodiments, the user device associated with the user unlocks access to a digital identity wallet (DIW) application with at least one of: (i) a biometric; or (ii) a Personal Identification Number (PIN) code of the user. In some embodiments, the digital identity wallet application verifies at least one of (i) the biometric or (ii) the PIN code by comparing the at least one of the biometric or the PIN code with at least one of a previously registered biometric associated with the user or a previously registered PIN code associated with the user”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani for the purpose of improving on existing approaches for providing benefits of the digitally signed identity claims (2:1-2). Claims 2, 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani as applied to claims 1 and 11 above, and further in view of Mars et al. (U.S. Patent Publication 2023/0308851, hereinafter referred to as Mars). As per claims 2 and 12 Benson discloses the requirement for biometric information from the security device and where the input is a pin (2:40-45 “In some embodiments, the authentication process further requires additional authentication information (e.g., passwords, passcodes, biometric information, etc.) from a user of the security device before authenticating the security device and modifying the accessibility to the target device”). With regard to the other types of authentication inputs (spoken utterance, fingerprint, palm reading or eye reading) as those skilled in the art would view these alternative inputs as known substitutes involving voice recognition, or image recognition as involving simple substitution of known substitutes to obtain predictable results (MPEP § 2143(I)(B)) the types of inputs not explicitly disclosed by Benson can be held as not patentably distinguishing the claim from the prior art such as Mars teaches these substitutes in a manner that clearly shows that one type of input can be substituted for another (0064 “In another embodiment, where access to a service provider server may not be available, tokens can be generated on a device, such as a lock, using other factors, such as biometrics fingerprint, voice recognition, face recognition or retina scanner part of the device, geo-location, expiration time, and so on”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the method for presence monitoring of Mars for the purpose of creating a personal signal for an individual (0003). As per claim 4 Benson, while disclosing the limitations of claim 1 and disclosing wherein the wallet hardware key device is configured to work in physical proximity to the edge device as part of the recovery processing (1:51-56 “In some embodiments, the method for authenticating the security device begins by establishing a connection with the security device (e.g., determines that a smart card has been inserted into a card reader of the target device, has been wirelessly detected within a particular range of the target device, etc.)” the absence of an explicit recitation of the use of near field communication (NFC) does not patentably distinguish the claimed invention from Benson as the recitation from 1:51-56 would suggest to those skilled in the art short range wireless communications that require proximity such Bluetooth and NFC and therefore a person of ordinary skill would not need an explicit recitation of NFC in order to realize that Benson envisioned its use as shown by Mars which demonstrates that NFC is a known substitute that obtains predictable results (MPEP § 2143(I)(B)) (0059 “In some embodiments, transmission 1112 may be performed via short-range communications, such as BLE, Zigbee, NFC, or the like.”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the method for presence monitoring of Mars for the purpose of creating a personal signal for an individual (0003). Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani as applied to claims 1 and 11 above, and further in view of Shah et al. (U.S. Patent Publication 2020/0007334, hereinafter referred to as Shah). As per claims 3 and 13 Benson in view of Thandapani disclose the limitations of claims 1 and 11, but do not explicitly disclose wherein the communication includes a transaction signed using a cryptographic key maintained in hardware of the wallet hardware key device. Shah teaches wherein the communication includes a transaction signed using a cryptographic key maintained in hardware of the wallet hardware key device (0046 “Companion device authentication application 212 may provide the secured user credential to user authentication service 108, for example, by signing a token that includes a value (e.g., a blob or nonce value) provided by user authentication service 108 with a private signing key that is stored in secure memory 206 and then returning the signed token to user authentication service 108 via mobile device authentication application 216. User authentication service 108 can then verify the signed token using a previously-registered public signing key that corresponds to the private signing key”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the method of user authentication using a companion device of Shah for the purpose of enabling the user to gain access to the resource using a multi-factor authentication (MFA) user authentication approach in which the user enters a password into the primary computing device to provide a first authentication factor and then one or more additional authentication factors are obtained from the smart phone (0025) or a companion device, such as a smart watch or other wearable computing device, to carry out a user authentication process using credentials that are stored on either the mobile computing device or the wearable computing device (0039). Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani as applied to claims 1 and 11 above, and further in view of Whaley (U.S. Patent Publication 2018/0181741). As per claims 5 and 14 Benson in view of Thandapani disclose the limitations of claims 1 and 11 including a wallet hardware key device and an unlocked identity wallet, but do not explicitly disclose initiating a transaction using both the wallet hardware key device and the unlocked identity wallet of the edge device. Whaley teaches initiating a transaction using both the wallet hardware key device and the edge device (0062 “In some embodiments, instead of using the security score for an authentication decision, the security score is used to detect fraud. In these embodiments, the security score is fed to a fraud/risk engine, which makes a determination about whether an interaction may be fraudulent, and if so performs some action, such as: blocking the transaction; flagging the transaction as potentially fraudulent; or logging the transaction to be investigated at a later time”, 0063 “Otherwise, if the security score is not greater than the threshold (NO at step 606), the client causes a challenge to be issued to the user (step 608) either on the same device or on a different device. The challenge can be an “active challenge” that requires the user to perform some action, or a “passive challenge” that happens unbeknownst to the user and requires the system to obtain more-detailed sensor data or perform more-sophisticated processing of the sensor data”, 0065 “Responding to a challenge can also involve using additional factors to authenticate, including: an NFC “bump” between a wearable device and a mobile device”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the opportunistic collection of sensor data of Whaley for the purpose of identifying and/or authenticating the user of the mobile device while maintaining a low resource footprint (0002). Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani as applied to claims 1 and 11 above, and further in view of Warner (U.S. Patent Publication 2018/0330369). As per claims 6 and 15 Benson in view of Thandapani disclose the limitations of claims 1 and 11 but do not explicitly disclose setting a transaction limit such that transactions over the transaction limit are limited to both the wallet hardware key device and the identity wallet to be signed using corresponding cryptographic keys. Warner, while not explicitly mentioning a wallet hardware key device or an identity wallet, teaches a mobile wallet (Abstract), a plurality of signature devices (0047 “exemplary embodiments of systems 400 including a computing device 102 and a plurality of external signature devices 104 (including first external signature device 104-1 and second external signature device 104-2), where system 400A of FIG. 4A implements a multi-party key split methodology while system 400B of FIG. 4B implements a multi-party multiple signature (multi sig) methodology”) and teaches the practice of requiring a plurality of signatures when a transaction amount is considered “large” (0047 “Either of these methodology may be used in situations where it is desirable that multiple external signature devices 104 (which could be possessed by multiple parties) be required to sign/authorize a transaction (such as for large amounts)”). Therefore the claim amounts to nothing more than use of a known technique to improve similar devices and methods and therefore is obvious over Benson in view of Thandapani and in further view of Warner (MPEP § 2143(I)(C)). It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the authentication for mobile payments using separate signatures of Warner for the purpose of avoiding the issues involving mobile wallets that are compromised by rogue applications, viruses, etc. that may have relayed the private key to an external party (0016). Claims 7 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani as applied to claims 1 and 11 above, and further in view of Reed et al. “Decentralized Identifiers (DIDs) v1.0: Core architecture, data model and representations”, W3C Working Draft, July 13, 2020, 113 pages, hereinafter referred to as Reed_1. As per claim 7 Benson in view of Thandapani disclose the limitations of claim 1 but do not explicitly disclose wherein the identity wallet as unlocked at the edge device is configurable to access a personal datastore located using a decentralized identifier, the personal datastore is included as part of a network of decentralized nodes. Reed_1 teaches wherein the identity wallet as unlocked at the edge device is configurable to access a personal datastore located using a decentralized identifier, the personal datastore is included as part of a network of decentralized nodes Section 2 - distributed ledger (DLT) A distributed database in which the various nodes use a consensus protocol to maintain a shared ledger in which each transaction is cryptographically signed and chained to the previous transaction. verifiable data registry - A system that facilitates the creation, verification, updating, and/or deactivation of decentralized identifiers and DID documents . A verifiable data registry may also be used for other cryptographically-verifiable data structures such as verifiable credentials. PNG media_image1.png 482 842 media_image1.png Greyscale It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the decentralized identifiers of Reed_1 for the purpose of enabling individuals and organizations to generate their own identifiers using systems they trust and to prove control of those identifiers (authenticate) using cryptographic proofs (for example, digital signatures, privacy-preserving biometric protocols, and so on). (Section 1 Introduction). As per claim 9 Reed_1 teaches wherein the decentralized identifier is configured as a uniform resource identifier that associates a decentralized identity subject with a decentralized identity document (2 “Uniform Resource Identifier (URI) The standard identifier format for all resources on the World Wide Web as defined by [RFC3986]. A DID is a type of URI scheme”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the decentralized identifiers of Reed_1 for the purpose of enabling individuals and organizations to generate their own identifiers using systems they trust and to prove control of those identifiers (authenticate) using cryptographic proofs (for example, digital signatures, privacy-preserving biometric protocols, and so on). (Section 1 Introduction). Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani in view of Reed_1 as applied to claim 7 above, and further in view of Reed et al. “Decentralized Identifiers (DIDs) v0.13: Data Model and Syntaxes”, Final Community Group Report, August 10, 2019, 56 pages, hereinafter referred to as Reed_2 and Sabadello et al. “Decentralized Identifier Resolution (DID Resolution) v0.2: Resolution of Decentralized identifiers (DIDs), Draft Community Group Report, February 16, 2022, 46 pages, hereinafter referred to as Sabadello). As per claim 8 Benson in view of Thandapani and Reed_1, while disclosing the limitations of claim 7, do not explicitly disclose wherein the personal datastore is configured to control third party access to decentralized identity data via a plurality of application programming interfaces based on rules specified by a third-party entity. Reed_2 teaches wherein the personal datastore is configured to control third party access to decentralized identity data via a plurality of application programming interfaces (8. DID Resolvers “A DID Resolver is a software or hardware component with an API for resolving DIDs of at least one DID method. It executes the corresponding DID method's Read operation to obtain the authoritative DID Document. The interfaces and algorithms for resolving DIDs and dereferencing DID URLs are specified in [DID-RESOLUTION]” It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the decentralized identifiers of Reed_1 further with the decentralized identifiers of Reed_2 for the purpose of enabling the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority. Neither Benson nor Thandapani, Reed_1 or Reed_2 explicitly disclose that the APIs are based on rules specified by a third-party entity. Sabadello teaches that the APIs are based on rules specified by a third-party entity (2, “binding A concrete mechanism through which a client invokes a DID resolver. This could be a local binding such as a local command line tool or library API”, 5.1 “In the case of blockchain-based DID methods, a remote blockchain explorer API operated by an third party may be used to look up data from the blockchain”, 5.2 Resolver Architectures - “The following diagram shows how the resolve() and resolveRepresentation() functions use production and consumption rules of DID document representation can apply in an architecture that involves both a local resolver and a remote resolver” PNG media_image2.png 366 808 media_image2.png Greyscale It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the decentralized identifiers of Reed_1 further with the decentralized identifiers of Reed_2 further with the decentralized identifier resolution of Sabadello for the purpose of obtaining DID documents – simple documents that describe how to use that specific DID. Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani in view of Reed_1 as applied to claim 7 above, and further in view of Davis (U.S. Patent Publication 2023/0206364) As per claim 10 Benson in view of Thandapani and Reed_1, while disclosing the limitations of claim 7, do not explicitly disclose wherein personal datastore is configured to output a user interface configured to receive inputs to specify an application programming interface of a plurality of application programming interfaces, via which, decentralized identity data is accessible. Davis teaches wherein personal datastore is configured to output a user interface configured to receive inputs to specify an application programming interface of a plurality of application programming interfaces, via which, decentralized identity data is accessible (0088 “Application interface 142 of system 100 is an application programming interface (API) that represents a set of rules that dictate how two components of system 100 communicate with each other. For example, application interface 142 provide for interactions such as application server 140 communicating with decentralized application 150, application server 140 pinging other application servers, decentralized application communicating with an operating system, and so on. In certain embodiments, application interface 142 allows users 122 to provide input to and/or receive output from decentralized application 150. Decentralized application 150 of system 100 represents an application that provides legal, financial, and/or accounting functionality to users 122 that have DIDs 152. Decentralized application 150 may operate through the use of hybrid legal contracts 154 and/or hybrid journal entries 158 that are implemented on computing infrastructure selected by users 122”, 0204 “As indicated at step 1958 of flow diagram 1900, logical functions 172 that implement legal logic 170a included in the hybrid legal contract file may be obtained from many different sources. For example, contracting party 122a and asset owner 122b may build out their own executable code (e.g., contracting party custom logic 170b) to implement legal logic 170a. As another example, contracting party 122a or asset owner 122b may elect standardized code from repositories 134 (e.g., third-party/open-source logic repository 134a or application logic repository 134b) that implement typical legal logic.”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani with the decentralized identifiers of Reed_1 further with the systems and methods in a decentralized network of Davis for the purpose of using a framework based on DIDs for making legal contracts interactive and more amenable to machine learning techniques (0073). Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani in view of Reed_1. As per claim 16 Benson discloses a processing device (15:59-67 “Many of the above-described features and applications are implemented as software processes that are specified as a set of instructions recorded on a computer readable storage medium (also referred to as a computer readable medium). When these instructions are executed by one or more computational or processing unit(s) (e.g., one or more processors, cores of processors, or other processing units), they cause the processing unit(s) to perform the actions indicated in the instructions”) Benson discloses a computer-readable storage medium storing instructions that responsive to execution by the processing device (15:59-67 “Many of the above-described features and applications are implemented as software processes that are specified as a set of instructions recorded on a computer readable storage medium (also referred to as a computer readable medium). When these instructions are executed by one or more computational or processing unit(s) (e.g., one or more processors, cores of processors, or other processing units), they cause the processing unit(s) to perform the actions indicated in the instructions”) Benson discloses receiving a communication from a wallet hardware key device, the communication signed using a cryptographic key maintained in hardware of the wallet hardware device (2:13-21 “In some embodiments, the security device processes the challenge to retrieve the verification value and to return a response that includes the verification value. The method of some embodiments receives the response from the security device and determines whether the response is a valid response. In some embodiments, the method determines whether the response is valid by determining whether the verification value of the response matches the verification value that was sent in the challenge”, 2:38-49 “When the response is determined to be a valid response, the method of some embodiments modifies accessibility (or a security state) for the target device. In some embodiments, the authentication process further requires additional authentication information (e.g., passwords, passcodes, biometric information, etc.) from a user of the security device before authenticating the security device and modifying the accessibility to the target device. In some embodiments, when the response is valid, the method modifies the accessibility in various ways, such as unlocking the device, decrypting files at the device, providing elevated security access to the device, etc.”) Benson does not explicitly disclose unlocking an identity wallet maintained in the computer-readable storage medium based on verifying the signed communication. Thandapani teaches unlocking an identity wallet maintained in the computer-readable storage medium based on verifying the signed communication (5:35-43 “In some embodiments, the user device associated with the user unlocks access to a digital identity wallet (DIW) application with at least one of: (i) a biometric; or (ii) a Personal Identification Number (PIN) code of the user. In some embodiments, the digital identity wallet application verifies at least one of (i) the biometric or (ii) the PIN code by comparing the at least one of the biometric or the PIN code with at least one of a previously registered biometric associated with the user or a previously registered PIN code associated with the user”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani for the purpose of improving on existing approaches for providing benefits of the digitally signed identity claims (2:1-2). Neither Benson nor Thandapani explicitly disclose accessing decentralized identity data associated with an entity that is maintained by at least one decentralized node of a plurality of decentralized nodes. Reed_1 teaches accessing decentralized identity data associated with an entity that is maintained by at least one decentralized node of a plurality of decentralized nodes. Section 2 - distributed ledger (DLT) A distributed database in which the various nodes use a consensus protocol to maintain a shared ledger in which each transaction is cryptographically signed and chained to the previous transaction. verifiable data registry - A system that facilitates the creation, verification, updating, and/or deactivation of decentralized identifiers and DID documents . A verifiable data registry may also be used for other cryptographically-verifiable data structures such as verifiable credentials. PNG media_image1.png 482 842 media_image1.png Greyscale It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the decentralized identifiers of Reed_1 for the purpose of enabling individuals and organizations to generate their own identifiers using systems they trust and to prove control of those identifiers (authenticate) using cryptographic proofs (for example, digital signatures, privacy-preserving biometric protocols, and so on). (Section 1 Introduction). As per claim 19 Reed_1 teaches wherein the identity wallet as unlocked is configurable to access a personal datastore located using a decentralized identifier, the personal datastore is included as part of a network of decentralized nodes Section 2 - distributed ledger (DLT) A distributed database in which the various nodes use a consensus protocol to maintain a shared ledger in which each transaction is cryptographically signed and chained to the previous transaction. verifiable data registry - A system that facilitates the creation, verification, updating, and/or deactivation of decentralized identifiers and DID documents . A verifiable data registry may also be used for other cryptographically-verifiable data structures such as verifiable credentials. PNG media_image1.png 482 842 media_image1.png Greyscale It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani further with the decentralized identifiers of Reed_1 for the purpose of enabling individuals and organizations to generate their own identifiers using systems they trust and to prove control of those identifiers (authenticate) using cryptographic proofs (for example, digital signatures, privacy-preserving biometric protocols, and so on). (Section 1 Introduction). Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani in view of Reed_1 as applied to claim 16 above, and further in view of Shah. As per claim 17 Benson in view of Thandapani in view of Reed_1 disclose the limitations of claim 16. Reed_1 teaches wherein the communication includes a transaction as maintained on a blockchain (1 “This enables implementers to design specific types of DIDs to work with the computing infrastructure they trust(e.g., blockchain, distributed ledger, decentralized file system, distributed database, peer-to-peer network). The specification for a specific type of DID is called a DID method”). It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani with the decentralized identifiers of Reed_1 for the purpose of enabling individuals and organizations to generate their own identifiers using systems they trust and to prove control of those identifiers (authenticate) using cryptographic proofs (for example, digital signatures, privacy-preserving biometric protocols, and so on). (Section 1 Introduction). Benson in view of Thandapani and Reed_1 do not explicitly disclose wherein the communication includes a transaction signed using a cryptographic key maintained in hardware of the wallet hardware key device. Shah teaches a transaction signed using a cryptographic key maintained in hardware of the wallet hardware key device (0046 “Companion device authentication application 212 may provide the secured user credential to user authentication service 108, for example, by signing a token that includes a value (e.g., a blob or nonce value) provided by user authentication service 108 with a private signing key that is stored in secure memory 206 and then returning the signed token to user authentication service 108 via mobile device authentication application 216. User authentication service 108 can then verify the signed token using a previously-registered public signing key that corresponds to the private signing key”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani with the decentralized identifiers of Reed_1 further with the method of user authentication using a companion device of Shah for the purpose of enabling the user to gain access to the resource using a multi-factor authentication (MFA) user authentication approach in which the user enters a password into the primary computing device to provide a first authentication factor and then one or more additional authentication factors are obtained from the smart phone (0025) or a companion device, such as a smart watch or other wearable computing device, to carry out a user authentication process using credentials that are stored on either the mobile computing device or the wearable computing device (0039). Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani in view of Reed_1 as applied to claim 16 above, and further in view of Warner (U.S. Patent Publication 2018/0330369). As per claim 18 Benson in view of Thandapani in view of Reed_1 disclose the limitations of claim 18 but do not explicitly disclose setting a transaction limit such that transactions over the transaction limit are limited to both the wallet hardware key device and the identity wallet to be signed using corresponding cryptographic keys. Warner, while not explicitly mentioning a wallet hardware key device or an identity wallet, teaches a mobile wallet (Abstract), a plurality of signature devices (0047 “exemplary embodiments of systems 400 including a computing device 102 and a plurality of external signature devices 104 (including first external signature device 104-1 and second external signature device 104-2), where system 400A of FIG. 4A implements a multi-party key split methodology while system 400B of FIG. 4B implements a multi-party multiple signature (multi sig) methodology”) and teaches the practice of requiring a plurality of signatures when a transaction amount is considered “large” (0047 “Either of these methodology may be used in situations where it is desirable that multiple external signature devices 104 (which could be possessed by multiple parties) be required to sign/authorize a transaction (such as for large amounts)”). Therefore the claim amounts to nothing more than use of a known technique to improve similar devices and methods and therefore is obvious over Benson in view of Thandapani in view of Reed_1 and in further view of Warner (MPEP § 2143(I)(C)). It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani with the decentralized identifiers of Reed_1 further with the authentication for mobile payments using separate signatures of Warner for the purpose of avoiding the issues involving mobile wallets that are compromised by rogue applications, viruses, etc. that may have relayed the private key to an external party (0016). Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Benson in view of Thandapani in view of Reed_1 as applied to claim 16 above, and further in view of Whaley. As per claim 20 Benson in view of Thandapani in view of Reed_1 disclose the limitations of claim 16 including a wallet hardware key device and an unlocked identity wallet, but do not explicitly disclose initiating a transaction using both the wallet hardware key device and the unlocked identity wallet of the edge device. Whaley teaches initiating a transaction using both the wallet hardware key device and the edge device (0062 “In some embodiments, instead of using the security score for an authentication decision, the security score is used to detect fraud. In these embodiments, the security score is fed to a fraud/risk engine, which makes a determination about whether an interaction may be fraudulent, and if so performs some action, such as: blocking the transaction; flagging the transaction as potentially fraudulent; or logging the transaction to be investigated at a later time”, 0063 “Otherwise, if the security score is not greater than the threshold (NO at step 606), the client causes a challenge to be issued to the user (step 608) either on the same device or on a different device. The challenge can be an “active challenge” that requires the user to perform some action, or a “passive challenge” that happens unbeknownst to the user and requires the system to obtain more-detailed sensor data or perform more-sophisticated processing of the sensor data”, 0065 “Responding to a challenge can also involve using additional factors to authenticate, including: an NFC “bump” between a wearable device and a mobile device”) It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the method for modifying a device security state with highly secured devices of Benson with the system and method for dynamically retrieving an attribute value of an identity claim of Thandapani with the decentralized identifiers of Reed_1 further with the opportunistic collection of sensor data of Whaley for the purpose of identifying and/or authenticating the user of the mobile device while maintaining a low resource footprint (0002). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES D NIGH whose telephone number is (571)270-5486. The examiner can normally be reached 6:00 to 9:45 and 10:30 to 2:45. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES D NIGH/ Senior Examiner, Art Unit 3699