Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated January 19, 2021.
In the amendment dated on January 19, 2021, claims 1-11, 13, 16 and 19-20 have been amended, and all other claims are previously presented.
Claims 1, 3-11, 13-16 and 18-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Daniel M. Fitzgerald of registration number 38,880, on February 11. 2021. During the telephone conference, Mr. Fitzgerald has agreed and authorized the examiner to further amend Claims 1, 3-11, 13-16 and 18-20 on the amendment dated on January 19, 2021.

Claims
Replacing Claims 1, 3-11, 13-16 and 18-20 of the amendment dated on January 19, 2021 with the following:

Claim 1:  
A data update computing device comprising at least one processor in communication with a memory device and a database, the database storing values for a plurality of user data elements of a plurality of users, the memory device storing instructions that are executable by the at least one processor to cause the at least one processor to:
receive, from one of a user computing device and a first relying party computing device, a first access authorization message, wherein the first access authorization message identifies (i) a first relying party and (ii) a label for a first element of a first user of the plurality of users, the first access authorization message indicating that updates to the value of the first user data element are to be shared with the first relying party;
create, in response to the first access authorization message, a first record in a globally unique identifier (GUID) database table in the database, the GUID database table containing a plurality of records, each of the records associating a respective GUID, a corresponding label of one of the user data elements of one of the users, and a corresponding relying party, wherein the first record associates a first GUID, the label of the first user data element, and the first relying party, and wherein each of the GUIDs in the GUID database table is unique; 
receive, and store in the database, an updated value of the first user data element of the user;
flag the first record as updated in the GUID database table; [[and]]
receive, from the first relying party computing device, an update status request identifying the first relying party; 
parse the GUID database table to identify flagged records associated with the first relying party, including the first record;
extract the first GUID from the first record for transmission to the first relying party; and
transmit the first GUID to the first relying party.
Claim 2:  	(cancelled)  

Claim 3:  
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to transmit the first GUID in response to:
retrieving, from the database, a watch list comprising a plurality of subscribed relying parties, each of the subscribed relying parties having authorization to receive updates associated with at least one of the plurality of users;
identifying the first relying party in the watch list; 
parsing the GUID database table to identify flagged records associated with the first relying party, including the first record; and
extracting the first GUID from the first record for transmission to the first relying party.
Claim 4:	  
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to, prior to transmitting the GUID to the first relying party:
encrypt the first GUID in a first encryption layer using a private key A associated with the data update computing device to generate an A-encrypted first GUID; and
encrypt the A-encrypted first GUID in a second encryption layer using a public key B associated with the first relying party to generate a double-encrypted first GUID, wherein transmitting the first GUID comprises transmitting the double-encrypted first GUID to the first relying party.
Claim 5:   
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to:
transmit the first GUID by transmitting an update list including the first GUID to the first relying party;
receive, in response to transmitting the update list, an update pull request from the first relying party, the update pull request including the first GUID; and
transmit, in response to the update pull request, the updated value to the first relying party.
Claim 6:   
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to transmit the updated value to the first relying party simultaneously with the transmission of the first GUID.
Claim 7:  
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to transmit the updated value to a representational state transfer (REST)-compliant endpoint  maintained by the first relying party.
Claim 8:  
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to:
encrypt the updated value in a first encryption layer using a private key A associated with the data update computing device to generate an A-encrypted updated value; 
encrypt the A-encrypted updated value in a second encryption layer using a public key B associated with the first relying party to generate a double-encrypted updated value; and 
transmit the double-encrypted updated value to the first relying party.
Claim 9:   
The data update computing device of claim 1, wherein the first access authorization message further includes an authentication key, and wherein the instructions are further executable by the at least one processor to cause the at least one processor to validate that the user authorizes the first relying party to access the first user data element based on the authentication key.
Claim 10:  
The data update computing device of claim 1, wherein the instructions are further executable by the at least one processor to cause the at least one processor to:
receive, from one of the user computing device and a second relying party computing device, a second access authorization message, wherein the second access authorization message identifies (i) a second relying party and (ii) the first user data element;
create, in response to the second access authorization message, a second record in the GUID database table, wherein the second record associates a second globally unique identifier (GUID), the first user data element, and the second relying party; 
in response to receiving and storing the updated value of the first user data element, flag the second record as updated in the GUID database table; and 
transmit the second GUID to the second relying party.

Claim 11:  
A computer-implemented method for propagating updates to user profile data, the user profile data comprising values for a plurality of user data elements of a plurality of users, the method implemented using a data update computing device in communication with a database storing the user profile data, the method comprising:
receiving, from one of a user computing device and a first relying party computing device, a first access authorization message, wherein the first access authorization message identifies (i) a first relying party and (ii) a label for a first element of a first user of the plurality of users, the first access authorization message indicating that updates to a value of the first user data element are to be shared with the first relying party;
creating, in response to the first access authorization message, a first record in a globally unique identifier (GUID) database table in the database, the GUID database table containing a plurality of records, each of the records associating a respective GUID, a corresponding label of one of the user data elements of one of the users, and a corresponding relying party, wherein the first record associates a first GUID, the label of the first user data element, and the first relying party, and wherein each of the GUIDs in the GUID database table is unique; 
receiving, and storing in the database, an updated value of the first user data element of the user;
flagging the first record as updated in the GUID database table; [[and]]
receiving, from the first relying party computing device, an update status request identifying the first relying party; 
parsing the GUID database table to identify flagged records associated with the first relying party, including the first record; 
extracting the first GUID from the first record for transmission to the first relying party; and 
transmitting the first GUID to the first relying party.
Claim 12:  	(cancelled)  
Claim 13:  
The method of claim 11, wherein transmitting the first GUID further comprises:
retrieving, from the database, a watch list comprising a plurality of subscribed relying parties, each of the subscribed relying parties having authorization to receive updates associated with at least one of the plurality of users;
identifying the first relying party in the watch list; 
parsing the GUID database table to identify flagged records associated with the first relying party, including the first record; and
extracting the first GUID from the first record for transmission to the first relying party.

Claim 14:   
The method of claim 11, further comprising, prior to transmitting the GUID to the first relying party:
encrypting the first GUID in a first encryption layer using a private key A associated with the data update computing device to generate an A-encrypted first GUID; and
encrypting the A-encrypted first GUID in a second encryption layer using a public key B associated with the first relying party to generate a double-encrypted first GUID, wherein transmitting the first GUID comprises transmitting the double-encrypted first GUID to the first relying party.
Claim 15:  
The method of claim 11, further comprising:
encrypting the updated value in a first encryption layer using a private key A associated with the data update computing device to generate an A-encrypted updated value; and
encrypting the A-encrypted updated value in a second encryption layer using a public key B associated with the first relying party to generate a double-encrypted updated value; and
transmitting the double-encrypted updated value to the first relying party.

Claim 16:  
A non-transitory computer readable medium that includes computer-executable instructions for propagating updates to user profile data comprising values for a plurality of user data elements of a plurality of users, wherein when executed by at least one processor of a data update computing device, the at least one processor in communication with a database storing the user profile data, the computer-executable instructions cause the at least one processor to:
receive, from one of a user computing device and a first relying party computing device, a first access authorization message, wherein the first access authorization message identifies (i) a first relying party and (ii) a label for a first element of a first user of the plurality of users, the first access authorization message indicating that updates to a value of the first user data element are to be shared with the first relying party;
create, in response to the first access authorization message, a first record in globally unique identifier (GUID) database table in the database, the GUID database table containing a plurality of records, each of the records associating a respective GUID, a corresponding label of one of the user data elements of one of the users, and a corresponding relying party, wherein the first record associates a first GUID, the label of the first user data element, and the first relying party, and wherein each of the GUIDs in the GUID database table is unique; 
receive and store in the database an updated value of the first user data element of the user;

receive, from the first relying party computing device, an update status request identifying the first relying party; 
parse the GUID database table to identify flagged records associated with the first relying party, including the first record;
extract the first GUID from the first record for transmission to the first relying party; and
transmit the first GUID to the first relying party.
Claim 17:   	(cancelled)  
Claim 18:   
The non-transitory computer readable medium of claim 16, wherein the computer-executable instructions further cause the at least one processor to transmit the updated value to the first relying party simultaneously with the transmission of the first GUID.
Claim 19:  
The non-transitory computer readable medium of claim 16, wherein the first access authorization message further includes an authentication key, wherein the computer-executable instructions further cause the at least one processor to validate that the first user authorizes the first relying party to access the first user data element based on the authentication key.
Claim 20:   
The non-transitory computer readable medium of claim 16, wherein the computer-executable instructions further cause the at least one processor to:
receive, from one of the user computing device and a second relying party computing device, a second access authorization message, wherein the second access authorization message identifies (i) a second relying party and (ii) the first user data element;
create, in response to the second access authorization message, a second record in the GUID database table, wherein the second record associates a second globally unique identifier (GUID), the label for the first user data element, and the second relying party; 
in response to receiving and storing the updated value of the first user data element, flag the second record as updated in the GUID database table; and 
transmit the second GUID to the second relying party.

Allowable Subject Matter
Claims 1, 3-11, 13-16 and 18-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claim 1 is allowable based on the amendment presented in the amendment dated on January 19, 2021 and the examiner’s amendment dated on February 16, 2021.
Specifically, the independent claim 1 now recites limitations as follows:
“A data update computing device comprising at least one processor in communication with a memory device and a database, the database storing values for a plurality of user data elements of a plurality of users, the memory device storing instructions that are executable by the at least one processor to cause the at least one processor to:
receive, from one of a user computing device and a first relying party computing device, a first access authorization message, wherein the first access authorization message identifies (i) a first relying party and (ii) a label for a first user data element of a first user of the plurality of users, the first access authorization message indicating that updates to the value of the first user data element are to be shared with the first relying party;
create, in response to the first access authorization message, a first record in a globally unique identifier (GUID) database table in the database, the GUID database table containing a plurality of records, each of the records associating a respective GUID, a corresponding label of one of the user data elements of one of the users, and a corresponding relying party, wherein the first record associates a first GUID, the label of the first user data element, and the first relying party, and wherein each of the GUIDs in the GUID database table is unique; 

flag the first record as updated in the GUID database table;
receive, from the first relying party computing device, an update status request identifying the first relying party; 
parse the GUID database table to identify flagged records associated with the first relying party, including the first record;
extract the first GUID from the first record for transmission to the first relying party; and
transmit the first GUID to the first relying party”.

The cited reference Bailey et al. (US PGPUB. # US 2015/0088759) discloses, as a background, theft of sensitive data (such as credit card numbers, prepaid debit card numbers, social security numbers, etc.) has become a serious problem. As more and more vendors store sensitive data on their local systems, the security of that data may be compromised. Hackers and others with malicious intent may access sensitive data and utilize that data for identity theft, credit card theft, etc. While many vendors may encrypt the sensitive data, such encryptions may be subject to security issues. Additionally, storage of sensitive data at a vendor computing device is not desirable. (¶18). The user computing device 102a may be any mobile or non-mobile computing device configured for facilitating electronic transactions. As an example, the user computing (¶24-¶25). FIG. 3 depicts a flowchart for utilizing a database model to send a token and token identifier to a vendor, according to embodiments disclosed herein. As illustrated at block 330, encrypted sensitive data may be received from a vendor. More specifically, at the point of sale, a vendor (or user) may enter sensitive data for a transaction. The received sensitive data may be encrypted, (Fig. 3(330), ¶35). The tokenization computing device 104 may again include any mobile or non-mobile computing device and function as part of a financial institution, such as a bank, lender, mortgage company, etc. The tokenization computing device 104 may receive the sensitive data from the user computing device 102a and/or vendor computing device 102b, as described above and may include a memory component 140 that stores token logic 144a and token identifier (ID) logic 144b. With the token logic 144a and the token ID logic 144b, tokenization and de-tokenization of sensitive data may be performed. (¶27). At block 338 a token and token ID may be generated. Generation of a token may include determining the vendor. Once the vendor is determined, a token key may be determined. The token may then be generated, based on an algorithm that depends on the token key. Additionally, the token identifier may identify the key (which may include a version number of the token), as well as a token sanity value for ensuring that the token is accurately generated. At block 340, the token and token ID may be sent to the vendor. (Fig. 3(338), ¶35). FIG. 7 depicts a flowchart for updating tokens in a database model, according to embodiments disclosed herein. As illustrated, at block 730, a request to change a token may be received, where the request includes a token and token identifier. While FIG. 7 indicates that a single token and a single (Fig. 7(730), ¶40).
The reference by Gassner et al. (US PGPUB. # US 2018/0218121) discloses, At 601, a user (HCP) visits a service provider web portal and selects to log in using the identity management system 110 as the identity provider. (Fig. 6(601), ¶78). At 701, a user (HCP) visits the relying party's web site and chooses to login with the identity management system 110 as the identity provider. (Fig. 7(701), ¶95). The identity data storage device 112 may store data for identity management, including physician professional information (e.g., name, specialty, license information, affiliated health care organization ("HCO"), and contact information at the affiliated HCO), HCP profile information, login information and other (Fig. 1(112), ¶24). The present invention provides a globally unique identifier (GUID) which is a unique ID for the HCP's identity. This is system generated and returned in authentication API calls. Each HCP identity has one and only one GUID. (¶103).
Updated search has yielded the following reference:
The reference by Kenji Kawasumi (US PGPUB. # US 2015/0331736) discloses, FIG. 7 is a diagram illustrating an example of pieces of the device information of the embodiment. In the example illustrated in FIG. 7, a piece of the device information is information in which a GUID, a serial number, a MAC address, an IP address, a host name, a vendor name, a model name, a firmware version, an installation date, a lease expiry date, an initial installation cost, and a group ID are associated with one another. The GUID is an identifier for identifying a record (a piece) of the device information (a column of the device information). The serial number (an example of a piece of device identification information) is an identifier for identifying a device. A device identified by the serial number is owned by a group identified by the group ID (in particular, a customer with a customer ID associated with the group ID in the pieces of the group information illustrated in the FIG. 5). The MAC address is a MAC address of the device. The IP address is an IP address of the device. The host name is a host name of the device. The vendor name is a vendor name of the (¶52-¶53).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…the first access authorization message indicating that updates to the value of the first user data element are to be shared with the first relying party…..receive, and store in the database, an updated value of the first user data element of the user; flag the first record as updated in the GUID database table; receive, from the first relying party computing device, an update status request identifying the first relying party; parse the GUID database table to identify flagged records associated with the first relying party, including the first record; extract the first GUID from the first record for transmission to the first relying party; and transmit the first GUID to the first relying party”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 11 is a method claim of above device claim 1 and Claim 16 is a non-transitory computer readable medium claim of above device claim 1, and therefore, they are also allowed.
Claims 3-10 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 13-15 depend on the allowed claim 11, and therefore, they are also allowed.
Claims 18-20 depend on the allowed claim 16, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARSHAN I DHRUV/Examiner, Art Unit 2498