DETAILED ACTION


1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending.  Claims 1, 8, and 15 are independent.  

3.	Four IDS’es submitted on 2/11/2020, 7/6/2020, 10/20/2020, and 1/27/2021 have been considered.

Claim Rejections - 35 USC § 112
4.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


5.	Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent claims 1 and 8 recite “carrying out authentication of the record owner required for accessing one or more data items” (emphasis added).  It is unclear whether the “one or more data items” are the same the “one or more data items” recited previously in the “receiving …” and “sending …” steps.  The article “the” must be added to refer to the same one or more data items”.  Accordingly, claims 2-7 and 9-14 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite based on their dependency of the rejected claims 1 and 8.
Similarly, independent claim 15 recites “a record owner authentication unit configured for carrying out authentication of the record owner required for accessing one or more data items” (emphasis added).  It is unclear whether the “one or more data items” are the same the “one or more data items” recited previously in “a service provider communication unit configured for receiving, from a service provider, a request for validating one or more data items in order to carry out a transaction between the record owner and the service provider” (emphasis added).  The article “the” must be added to refer to the same “one or more data items”.  Accordingly, claims 16-20 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite based on their dependency of the rejected claim 15.
To expedite examination, all “one or more data items” recited in the claims are construed as the same one “one or more data items”.








Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ramatchandirane (US PG Pub. 2016/0276674) in view of Winner (US PG Pub. 2016/0065541)
	As regarding claim 1, Ramatchandirane discloses A method, implemented on a machine having at least one processor, storage, and a communication platform for secure data management by a record owner, comprising: 
	receiving, from a service provider via the communication platform, a request for validating one or more data items in order to carry out a transaction between the record owner and the service provider [FIG. 28, para. 237-239; FIG. 29A and para. 246-247; receiving a proposed transaction]; 
sending the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items [para. ; 
carrying out authentication of the record owner required for accessing one or more data items [para. 61 and 233; authenticating the user]; 
Ramatchandirane does not explicitly disclose receiving, from the trusted party upon successful authentication, a cloaked identifier to be used for validating the one or more data items; and 
sending the cloaked identifier to the service provider, wherein the transaction is conducted when the service provider validates the one or more data items.  
However, Winner discloses it [FIG. 1 and para. 32; receiving, from the online system 140 an anonymous identifier and sending it the anonymous identifier to the third-party system 105 to login].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Ramatchandirane’s system to further comprise the missing claim limitations, as disclosed by Winner, to provide anonymous login of the user into a third-party service provider [Winner abstract and para. 3-4].

As regarding claim 2, Ramatchandirane further discloses The method of claim 1, wherein the trusted party includes one of a trusted entity that is in possession of the one or more data items and a transaction engine that is to interface with the trusted entity on behalf of the record owner to seek validation of the one or more data items [para. 241 and 251; the remote payment verifies the proposed transaction].  

3, Ramatchandirane further discloses The method of claim 1, wherein the cloaked identifier comprises at least one of 
a record owner identifier comprising a string of pseudo-random characters that is ephemeral [para. 247]; and  121 
4817-9479-5140.vla contextual identity [para. 247; accessing user’s record is limited to expiration time of the transaction code].  

As regarding claim 4, Ramatchandirane further discloses The method of claim 3, wherein the contextual identity comprises at least some of 
one or more parameters related to the transaction [para. 247; timestamp]; 
at least one limitation related to accessing the one or more data items [para. 247; accessing user’s record is limited to expiration time of the transaction code]; 
one or more response types permitted with respect to the one or more data items; 
a limitation on related to accessing the one or more data items based on recency of the one or more data items; and 
the one or more data items [para. 247].  

As regarding claim 5, Ramatchandirane further discloses The method of claim 1, wherein access of each of the one or more data items is subject to at least one access limitation [para. 247; accessing user’s record is limited to expiration time of the transaction code].  

6, Ramatchandirane further discloses The method of claim 5, wherein the at least one access limitation includes one or more of: 
an access restriction related to a period of time to of the access [para. 247; accessing user’s record is limited to expiration time of the transaction code]; 
a maximum number of times the data item is to be accessed; and 
a restriction on a geographical region from which an access request is initiated [para. 69 and 277].  

As regarding claim 7, Ramatchandirane further discloses The method of claim 6, wherein the at least one access limitation further comprises at least one restriction on at least one of: 
a type of validation request permitted [para. 89; determining whether the transaction request is correct prior to allowing access to user’s record for further verification || para. 69 and 277; determining locations associated with  the transaction request prior to allowing access to user’s record for further verification]; and 
a type of validation response permitted.  

As regarding claim 8, Ramatchandirane and Winner disclose Machine readable and non-transitory medium having information recorded thereon for secure data management, wherein the information, when read by the machine, causes the machine to perform: 
receiving, from a service provider, a request for validating one or more data items in order to carry out a transaction between the record owner and the service provider ; 
sending the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items [Ramatchandirane para. 240 and 250; transmitting a request including the proposed transaction to remote payment server]; 
carrying out authentication of the record owner required for accessing one or more data items [Ramatchandirane para. 61 and 233; authenticating the user]; 
receiving, from the trusted party upon successful authentication, a cloaked identifier to be used for validating the one or more data items [Winner FIG. 1 and para. 32; receiving, from the online system 140 an anonymous identifier and sending it the anonymous identifier to the third-party system 105 to login]; and 
sending the cloaked identifier to the service provider, wherein the transaction is conducted when the service provider validates the one or more data items [Winner FIG. 1 and para. 32; receiving, from the online system 140 an anonymous identifier and sending it the anonymous identifier to the third-party system 105 to login].  

As regarding claim 9, Ramatchandirane further discloses The medium of claim 8, wherein the trusted party includes one of a trusted entity that is in possession of the one or more data items and a transaction engine that is to interface with the trusted entity on behalf of the record owner to seek validation of the one or more data items [para. 241 and 251; the remote payment verifies the proposed transaction].  

10, Ramatchandirane further discloses The medium of claim 8, wherein the cloaked identifier comprises at least one of 
a record owner identifier comprising a string of pseudo-random characters that is ephemeral [para. 247]; and  123 
4817-9479-5140.vla contextual identity [para. 247; accessing user’s record is limited to expiration time of the transaction code].  

As regarding claim 11, Ramatchandirane further discloses The medium of claim 10, wherein the contextual identity comprises at least some of 
one or more parameters related to the transaction [para. 247; timestamp]; 
at least one limitation related to accessing the one or more data items [para. 247; accessing user’s record is limited to expiration time of the transaction code]; 
one or more response types permitted with respect to the one or more data items; 
a limitation on related to accessing the one or more data items based on recency of the one or more data items; and 
the one or more data items [para. 247].  

As regarding claim 12, Ramatchandirane further discloses The medium of claim 8, wherein access of each of the one or more data items is subject to at least one access limitation [para. 247; accessing user’s record is limited to expiration time of the transaction code].  

13, Ramatchandirane further discloses The medium of claim 12, wherein the at least one access limitation includes one or more of: 
an access restriction related to a period of time to of the access [para. 247; accessing user’s record is limited to expiration time of the transaction code]; 
a maximum number of times the data item is to be accessed; and 
a restriction on a geographical region from which an access request is initiated [para. 69 and 277].  

As regarding claim 14, Ramatchandirane further discloses The medium of claim 13, wherein the at least one access limitation further comprises at least one restriction on at least one of: 
a type of validation request permitted [para. 89; determining whether the transaction request is correct prior to allowing access to user’s record for further verification || para. 69 and 277; determining locations associated with  the transaction request prior to allowing access to user’s record for further verification]; and  124 
4817-9479-5140.vta type of validation response permitted.  

As regarding claim 15, Ramatchandirane and Winner disclose A system for secure data management by a record owner, comprising: 
a service provider communication unit configured for receiving, from a service provider, a request for validating one or more data items in order to carry out a transaction between the record owner and the service provider [Ramatchandirane FIG. 28, para. 237-239; FIG. 29A and para. 246-247; receiving a proposed transaction]; 
a record owner authentication unit configured for carrying out authentication of the record owner required for accessing one or more data items [Ramatchandirane para. 61 and 233; authenticating the user]; and 
a communication unit configured for 
sending the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items [Ramatchandirane para. 240 and 250; transmitting a request including the proposed transaction to remote payment server], 
receiving, from the trusted party upon successful authentication, a cloaked identifier to be used for validating the one or more data items [Winner FIG. 1 and para. 32; receiving, from the online system 140 an anonymous identifier and sending it the anonymous identifier to the third-party system 105 to login], and 
sending the cloaked identifier to the service provider, wherein the transaction is conducted when the service provider validates the one or more data items [Winner FIG. 1 and para. 32; receiving, from the online system 140 an anonymous identifier and sending it the anonymous identifier to the third-party system 105 to login].  

As regarding claim 16, Ramatchandirane further discloses The system of claim 15, wherein the trusted party includes one of a trusted entity that is in possession of the one or more data items and a transaction engine that is to interface with the trusted entity on behalf of the record owner to seek validation of the one or more data items [para. 241 and 251; the remote payment verifies the proposed transaction].  

17, Ramatchandirane further discloses The system of claim 15, wherein the cloaked identifier comprises at least one of 125 
4817-9479-5140.vla record owner identifier comprising a string of pseudo-random characters that is ephemeral [para. 247]; and 
a contextual identity [para. 247; accessing user’s record is limited to expiration time of the transaction code].  

As regarding claim 18, Ramatchandirane further discloses The system of claim 17, wherein the contextual identity comprises at least some of 
one or more parameters related to the transaction [para. 247]; 
at least one limitation related to accessing the one or more data items [para. 247; accessing user’s record is limited to expiration time of the transaction code]; 
one or more response types permitted with respect to the one or more data items; 
a limitation on related to accessing the one or more data items based on recency of the one or more data items; and 
the one or more data items [para. 247; timestamp].  

As regarding claim 19, Ramatchandirane further discloses The system of claim 15, wherein access of each of the one or more data items is subject to at least one access limitation [para. 247; accessing user’s record is limited to expiration time of the transaction code].  

20, Ramatchandirane further discloses The method of claim 19, wherein the at least one access limitation includes one or more of: 
an access restriction related to a period of time to of the access [para. 247; accessing user’s record is limited to expiration time of the transaction code]; 
a maximum number of times the data item is to be accessed; 
a restriction on a geographical region from which an access request is initiated [para. 69 and 277]; and 
at least one restriction on at least one of a type of validation request permitted and a type of validation response permitted [para. 89; determining whether the transaction request is correct prior to allowing access to user’s record for further verification || para. 69 and 277; determining locations associated with the transaction request prior to allowing access to user’s record for further verification].











Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433


/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433