DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/15/2020 has been entered.

Response to Amendment
Claims 1, 7 and 13 have been amended. Claims 1-18 are currently pending. 

Response to Arguments
Applicant’s other arguments with respect to claim 1 have been considered but are moot in view of new grounds of rejections. Applicant’s remaining arguments are based on Applicant's arguments against claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 6-10, 12-16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deobhakta et al., US-20090326982-A1 (hereinafter “Deobhakta ‘982”; provided by IDS dated 10/05/2018) in view of Douglas et al., US-20090326982-A1 (hereinafter “Douglas ‘982”).
Per claim 1 (independent):
Deobhakta ‘982 discloses: A system comprising: a secure data storage device; one or more processors coupled with the secure storage device, the one or more processors to maintain, on the secure data storage device to store at least one electronic personal record having information corresponding to a user (FIG. 1, [0012], “FIG. 1 illustrates an electronic medical record management system 100 that facilitates the storage and sharing of electronic medical records between patients and healthcare providers … a patient 110 may access an electronic medical record 139 of the patient stored at a database system 130 via a patient interface 132” [Emphasis added.] where the electronic medical record 139 (electronic personal record) of a patient (user) is securely stored in the database system 130.);
user-defined permission information for one or more portions of the electronic personal record, the electronic personal record comprising at least a first portion from a static document provided by the user and (FIG. 5, [0036], “the healthcare provider may request permission from the access the patient's medical record by prompting the patient to exchange a shared secret with the healthcare provider … by providing the patient with a validation question, to which the patient may respond with a validation answer” [Emphasis added.]; [0037], “the validation question may inquire as to a maiden name of the patient's mother, the patient's city of birth, or a name of the patient's first pet” [Emphasis added.]; FIG. 11, [0041], “The validation request may specify one or more of the following parameters: … the validation question, the validation answer, a patient identifier identifying the patient, a provider identifier identifying the healthcare provider, and an access request” [Emphasis added.]; [0043], “The action identifier identifies one or more actions to be performed by the healthcare provider with respect to the medical information identified by the medical information identifier. For example, the action identifier may identify whether the healthcare provider may read the corresponding medical information from the electronic medical record or write the corresponding medical information to the electronic medical record” [Emphasis added.];  FIG. 8, [0048], “stored at the database system in a PENDING_REQUESTS table along with … the validation question (i.e., VALIDATION_QUESTION), the validation answer (i.e., VALIDATION_ANSWER),” [Emphasis added.]; [0046], “each of the access permissions specified by the medical information identifier and corresponding action identifier may be approved or denied by the patient on an individual basis, while in other embodiments the patient may approve or deny all of the access permissions as a group” [Emphasis added.]  where a validation answer (static document) for a validation question has been submitted to the electronic database system 130 via the patient interface 132 before a medical record (electronic personal record) is accessed (See step 520 in FIG. 5). Note that the validation answer is usually fixed (or static). Furthermore, the validation answer may be stored as a part of the electronic medical record 139 (See FIG. 8) of the database system 130 for dealing with access requests. In subsequent to a completion of the validation request including a provider identifier identifying a healthcare provider and the access request, the patient grants an access permission for the types of their medical information and the actions such as read or write, which is 
at least a second portion that is dynamic information obtained via an integration with an external data source (FIG. 5, [0038], “The healthcare provider, upon receiving the validation answer from the patient at 512 of FIG. 5, may submit a validation request to the database system at 514 of FIG. 5” [Emphasis added.]; [0041], “The validation request may specify one or more of the following parameters: … the validation question, the validation answer, a patient identifier identifying the patient, a provider identifier identifying the healthcare provider, and an access request” [Emphasis added.]; [0043], “The access request which may be specified by the validation code request may further specify a medical information identifier and an action identifier… The medical information identifier identifies medical information to be accessed by the healthcare provider … The action identifier identifies one or more actions to be performed by the healthcare provider” [Emphasis added.] where a validation request (dynamic information) submitted by the healthcare provider (external data source), upon receiving a validation answer, identifies the health care provider and an access request which further specifies a medical information identifier and an action identifier (corresponding attributes). Note that the healthcare provider and the access request including the medical information identifier and the action identifier would be dynamically changing based on a medical service that the patient receives);
to maintain connection information for each of one or more portions of the electronic personal record, wherein the connection information comprises at least indications of entities that are granted access to the corresponding one or more portions of the electronic personal record (FIG. 6, “614: STORE ONE OR MORE OF THE VALIDATION CODE, PATIENT IDENTIFIER, VALIDATION QUESTION, VALIDATION ANSWER, AND ACCESS REQUEST AT DATA STORE OF ELECTRONIC DATABASE SYSTEM … PATIENT APPROVAL BY PRESENTING ACCESS REQUEST PATIENT VIA PATIENT INTERFACE, THE ACCESS REQUEST SPECIFYING ONE OR MORE OF PROVIDER IDENTIFIER, PRIVACY STATEMENT, SERVICE AGREEMENT, MEDICAL INFORMATION IDENTIFIER, AND ACTION IDENTIFIER ASSOCIATED WITH CHILD APPLICATION IDENTIFICATION CODE … 630: PERMIT HEALTHCARE PROVIDER / CLINICAL SYSTEM TO ACCESS MEDICAL INFORMATION FROM ELECTRONIC MEDICAL RECORD VIA API ONLY AFTER VALIDATION CODE AND VALIDATION ANSWER ARE RECEIVED FROM PATIENT” [Emphasis added] where the (connection) information such as the validation code, patient identifier, and access request that specifies provider identifier, medical information identifier and action identifier etc. (entities) has been stored (maintained) at the electronic database system and the healthcare provider is permitted to access medical information (electronic personal record) after the validation code is verified.);
to evaluate claims and attributes for portions of the electronic personal record from service providers with attribute-based security mechanisms and the permission information by combining claims on data in the electronic personal record with attributes involving the data in the electronic personal record, wherein claims indicate entities that are granted access to data within the electronic personal record and to selectively provide the corresponding portions of the electronic personal record to the corresponding provider in response to results of the evaluation (FIG. 4, [0054], “the healthcare provider may optionally update medical information of the patient stored locally at the clinical system … the medical information stored at data store 146 may include more, less, or different medical information than the electronic medical record stored at data store 136 for the same patient. The medical information of the patient stored at data store 146 may be later written to the medical record stored at 136 upon approval of the access request by the patient” [Emphasis added.]; [0043], “The medical information identifier identifies medical information to be accessed by the healthcare provider via the clinical system upon approval of the access request by the patient. The action identifier identifies one or more actions to be performed by the healthcare provider with respect to the medical identify whether the healthcare provider may read the corresponding medical information from the electronic medical record or write the corresponding medical information to the electronic medical record” [Emphasis added.]; FIG. 11, [0046], “In some embodiments, each of the access permissions specified by the medical information identifier and corresponding action identifier may be approved or denied by the patient on an individual basis” [Emphasis added.] where the healthcare provider (claim) may update the medical information (electronic personal record) of the patient at the data store 136 in the electronic database system 130 (service provider) upon the approval of the access request granted by the patient who can selectively choose the portion of the medical information to be accessed by the healthcare provider based on the medical information identifier and the action identifier (attributes. See FIG. 11).).
Deobhakta ‘982 does not disclose but Douglas ‘982 discloses: the external data source not owned by the user or the system (FIG. 1, [0021], “enable the use of wearable devices storing tokens (e.g., a secure software mechanism that may be used to authorize or identify) associated with digital versions of physical documents/cards … communicate with one or more other components of system 100 … wearable device 110, user device 120, third-party server 140, token vault operator server 150, token vault 155, or requestor device 160 ” [Emphasis added.]; [0035], “Third-party server 140 may be associated with any entity capable of requesting or providing information to token vault operator server 150 and/or token vault 155 … a bank, credit card issuer, or any other type of financial service entity” [Emphasis added.]; [0038], “third-party server 140 … associated with a doctor's office, emergency room, etc., that may request insurance information and/or the medical history associated with user 115.  ”; FIG. 4, [0049], “information stored in token vault(s) 155 … Each of records 452-456 contain one or more fields 401 (e.g., 451A, 451B, 451C, 451D, 451E, and 451F).” where the third-party server 140 (external data source) such as financial or medical service entity provides the digital versions of physical 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Deobhakta ‘982 with the third-party server providing information to the token vault operator system for authorizing or identifying users in association with digital versions of physical documents/cards as taught by Douglas ‘982 because it would provide more secure service of various kinds such as finance or healthcare by directly providing the digital versions of documents as the system requests [0003].

Per claim 2 (dependent on claim 1):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Deobhakta ‘982 discloses: The system of claim 1 wherein the providers comprise at least one financial service provider ([0014], “As such, healthcare providers may refer to any suitable entity having legitimate reason to access electronic medical records of a patient, including health insurance providers, medical researchers, and government agencies.” [Emphasis added.]).

Per claim 3 (dependent on claim 1):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Deobhakta ‘982 discloses: The system of claim 1 wherein the providers comprise at least one legal service provider. ([0014], “As such, healthcare providers may refer to any suitable entity having government agencies.” [Emphasis added.]).

Per claim 4 (dependent on claim 1):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Deobhakta ‘982 discloses: The system of claim 1 wherein the providers comprise at least one medical service provider. ([0014], “Healthcare providers 120 may refer generally to providers of healthcare services.”).

Per claim 6 (dependent on claim 1):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Deobhakta ‘982 discloses: The system of claim 1 wherein at least one provider is allowed to update the at least one portion of the electronic personal record based on an analysis by the provider of the static document provided by the user and dynamic information obtained via the integration with the external data source (FIG. 5, [0036], “the healthcare provider may request permission from the patient to access the patient's medical record by prompting the patient to exchange a shared secret with the healthcare provider … by providing the patient with a validation question, to which the patient may respond with a validation answer” [Emphasis added.]; [0037], “the validation question may inquire as to a maiden name of the patient's mother, the patient's city of birth, or a name of the patient's first pet” [Emphasis added.]; FIG. 11, [0041], “The validation request may specify one or more of the following parameters: … the validation question, the validation answer, a patient identifier identifying the patient, a provider identifier identifying the healthcare provider, and an access request” [Emphasis the healthcare provider may optionally update medical information of the patient stored locally at the clinical system … the medical information stored at data store 146 may include more, less, or different medical information than the electronic medical record stored at data store 136 for the same patient. The medical information of the patient stored at data store 146 may be later written to the medical record stored at 136 upon approval of the access request by the patient” [Emphasis added.]; [0043], “The medical information identifier identifies medical information to be accessed by the healthcare provider via the clinical system upon approval of the access request by the patient. The action identifier identifies one or more actions to be performed by the healthcare provider with respect to the medical information identified by the medical information identifier. For example, the action identifier may identify whether the healthcare provider may read the corresponding medical information from the electronic medical record or write the corresponding medical information to the electronic medical record” [Emphasis added.]; FIG. 11, [0046], “In some embodiments, each of the access permissions specified by the medical information identifier and corresponding action identifier may be approved or denied by the patient on an individual basis” [Emphasis added.] where the healthcare provider (external data source) may update the medical information (electronic personal record) of the patient at the data store 136 in the electronic database system 130 (provider) upon the approval of the access request through the validation answer (static document) granted by the patient who can selectively choose the portion of the medical information to be accessed by the healthcare provider based on the medical information identifier and the action identifier (dynamic information. See FIG. 11).).

Per claim 7 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 8 (dependent on claim 7):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 9 (dependent on claim 7):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Per claim 10 (dependent on claim 7):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 12 (dependent on claim 7):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Per claim 13 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 14 (dependent on claim 13):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 15 (dependent on claim 13):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Per claim 16 (dependent on claim 13):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 18 (dependent on claim 13):

The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Claim(s) 5, 11 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deobhakta ‘982 in view of Douglas ‘982  as applied to claim 1, 7 and 13 above, and further in view of BESSETTE et al., WO-2016168922-A1 (hereinafter “BESSETTE ‘922”; provided by IDS dated 10/05/2018).
Per claim 5 (dependent on claim 1):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Deobhakta ‘982 discloses: The system of claim 1 wherein utilizing the attribute based security mechanisms comprises accessing corresponding information stored in ([0043], “The medical information identifier identifies medical information to be accessed by the healthcare provider via the clinical system upon approval of the access request by the patient. The action identifier identifies one or more actions to be performed by the healthcare provider with respect to the medical information identified by the medical information identifier. For example, the action identifier may identify whether the healthcare provider may read the corresponding medical information from the electronic medical record or write the corresponding medical information to the electronic medical record” [Emphasis added.]).
Deobhakta ‘982 in view of Douglas ‘982 does not disclose but BESSETTE ‘922 discloses: a blockchain. ([Pg. 30], ll. 9-15, 28-29, “the querying of the centralized EHR network 108 may be done to access and update the first patient's health records on the EHR system upon request from the physician and/or the physician's EHR system 104. For example, when the physician desires to obtain the new to access the centralized EHR network 108 such as on a regular interval (e.g., daily, weekly, month basis and/or any other suitable timeframe) … the EHR network 108 may be implemented to include the use of block-chains” [Emphasis added.]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Deobhakta ‘982 in view of Douglas ‘982 with the use of blockchains as taught by BESSETTE ‘922 because when the EHR network is the non-centralized network by way of the blockchains, it would provide greater transparency, enhanced security and improved traceability [Pg. 30], l. 28- [Pg. 31], l.9.

Per claim 11 (dependent on claim 7):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Per claim 17 (dependent on claim 13):
Deobhakta ‘982 in view of Douglas ‘982 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332.  The examiner can normally be reached on Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                         
/Kevin Bechtel/Primary Examiner, Art Unit 2491