Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/15/2018 was filed after the mailing date of the application on 11/15/2018.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowable Subject Matter
Claims 3 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Response to Arguments
Applicant's arguments filed 12/13/2020 have been fully considered but they are not persuasive. 
2.	Applicant argues that the prior art White in view of Trotter does not disclose “obtaining an encryption key associated with the purpose”, as recited in independent claims.
In response to Applicants arguments, the Examiner respectfully disagrees with the applicant and would like to show that White in view of Trotter discloses obtaining an Paragraph 33). Further, Trotter discloses encrypting the unique URL to a recording or other data, which is preferably generated as described above with respect to FIG. 5, into a NW-HIN direct message using the doctor-of-interest's public key, a user can share any health record, including recordings, with any NW-HIN doctor in the United States (Paragraph 46). Examiner points out that the pending claims must be "given their broadest reasonable interpretation consistent with the specification”.
As such the Examiner maintains the rejection.

Double Patenting
1.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

2.	Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 16/161,105.  Although the conflicting claims are not identical, they are not patentably distinct from each other because claim 1 of copending Application No. 16/161,105 contain every element of claims 1-20 of the instant application and such anticipate claims 1-20 of the instant application.
3.	This is a provisional obviousness-type double patenting rejection since the conflicting claims have not yet been patented. The mapping of the rejected claims of the instant application to the co-pending application is as follows:
Claim 1 in the instant application #16/191,490 corresponds to claim 1 in the co-pending application #16/161,105. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 4-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over White (US Patent Pub. 20180020001) in view of Trotter (US Patent Pub. 20120173881).

As per claims 1-2 and 14-15:  A method comprising:
having data of a subject, wherein an approval for usage of the data for a purpose is provided (Paragraph [0014] In an example embodiment, an extension is provided to a mobile application access control mechanism that takes into account dynamic, situational, locational, environmental, or other context of the data when it is used. A mechanism to enforce specific preferences of data providers/owners for data usage may also be provided. When using the extension, mobile applications request data, but the data is specially tagged and the specially tagged data is passed through a mobile data privacy service, which acts as a filter for private and sensitive data. Any request for access to data tagged as private or sensitive can be evaluated, alongside the context of the user/application/device making the request, against data access policies for the data. These data access policies may be used to assess approval for use of the data in the context at hand, or to identify obligations or advice over the use of the private or sensitive data in this context);
obtaining an encryption key associated with the purpose, wherein a decryption key is required for decrypting information encrypted with the encryption key (See White; Paragraph [0022] The encrypted capsule 120 ensures that the piece of data 118 is only subsequently viewed by the user 110 in a context that meets the boundaries of the policy constraints and requirements (just as the context did when the original request was made). This helps prevent, for example, a user 110 from requesting the data 118 in a location in which viewing the data 118 is permitted and then moving to a location in which viewing the data 118 is not permitted. Paragraph [0024] When it is determined that a piece of sensitive data is being requested, one or more policies associated with that piece of sensitive data may be obtained. While a tagged piece of data 118 may indicate that the data 118 is potentially sensitive, it does not inform as to whether the data 118 is, for example, private and allowed in the current context of the end-user device 104, private and not allowed in the context of the end-user device 104, not considered private in the context of the end-user device 104, or other potential policy outcomes (e.g, certain types of sensitive data may permit emergency overrides, e.g., in life-threatening medical emergencies). How this determination is made can be based on a whole set of context information available, including data 118 based in an entity (so that customer or related information can be identified), information on the specific user 110 requesting the data 118 and how, situational or environmental information, or any other relevant context. The policies may be maintained by the data access platform 122 and access based on the policies may be requested by the mobile services cloud platform 102. If private access is allowed, a token or key may be returned by the data access platform 122 to the mobile services cloud platform 102, which then may embed this token or key in the encrypted capsule 120 to be returned to the end-user device 104. This enforces that the end-user device 104 can only open the capsule 120 in a context that matches the context when the original request was made);
enabling access to the purpose-based encrypted data to one or more data consumers, whereby access to the data is obtainable by decrypting the purpose-based encrypted data using the decryption key that is available to data consumers that are certified for the purpose (Paragraph [0035] The data privacy module 108 decrypts the policy decision ciphertext, revealing the decision and context requirements. Then the data privacy module 108 contains the current contextual attributes of the application 106/device 104/user 110 and compares these contextual attributes with the context requirements. It should be noted that the context requirements can be expressed in any number of different manners, including, for example, fixed requirements, conditions (sets of requirements), fuzzy requirements, etc. Additionally, one or more obligations may be specified (e.g., conditions on display). Paragraph [0048] At operation 324, the encapsulated data, policy constraints 202, and policy decision are returned to the data privacy module 108. At operation 326, when the data is to be used by the application 106 (for example, when it is displayed, played, or used in a nonvisual background process), the data privacy module 108 decrypts the data. To this, a cryptography mechanism is used).
White does not specifically disclose encrypting the data using the encryption key, whereby obtaining purpose-based encrypted data that is encoded with the purpose for which the data can be used (Paragraph [0046] In particular, users can share specific recordings or other data with doctors using the Nationwide Health Information Network (NW-HIN) Direct SMTP (Simple Mail Transfer Protocol) and certificate infrastructure. The NW-HIN is a set of protocols that enables a secure health information exchange to occur over the open Internet. This encrypted network relies on a PKI infrastructure based on standard X.509 PKI, which is compatible with typical PKI implementations of this method. As a result, a user can encrypt a combined token plus URL that, when merged, would provide unfettered access to a recording or other data. By encrypting the unique URL to a recording or other data, which is preferably generated as described above with respect to FIG. 5, into a NW-HIN direct message using the doctor-of-interest's public key, a user can share any health record, including recordings, with any NW-HIN doctor in the United States. Current Health IT regulation ensures that the NW-HIN will become the de-facto health information exchange in the United States, and probably later internationally).
Trotter, Paragraph 8).
As per claim 4:  The method of Claim 3, wherein the conjunctive restriction is an identity of an authorized service provider, whereby only the authorized service provider is able to access the data and only for using the data for the purpose (See Trotter, Paragraph 4; ensuring that only those users have access to their own data (perfect privacy) or holding the keys for the user, ensuring that the user's privacy is in the hands of potentially untrustworthy system administrators (the insider threat)).
As per claims 5 and 17:  The method of Claim 3, wherein the conjunctive restriction is one of:
a restriction on a minimal threshold score of a service provider using the data; and a restriction on a geographic location of a service provider using the data (See Trotter; Paragraph 48; distance based on geo-location calculations).
As per claims 6 and 18:  The method of Claim 1, wherein said enabling comprises at least one of:
retaining the purpose-based encrypted data on a data storage accessible to the one or more data consumers; and transmitting the purpose-based encrypted data to the one or more data consumers (See White; Paragraph [0022] The encrypted capsule 120 ensures that the piece of data 118 is only subsequently viewed by the user 110 in a context that meets the boundaries of the policy constraints and requirements (just as the context did when the original request was made). This helps prevent, for example, a user 110 from requesting the data 118 in a location in which viewing the data 118 is permitted and then moving to a location in which viewing the data 118 is not permitted).
As per claims 7 and 19:  The method of Claim 1, wherein distribution of the decryption key to one or more data consumers is performed by a Purpose Certification Authority (PCA) module and is restricted to data consumers that have been certified by the PCA for using data for the purpose (See Trotter, Paragraph 45; a PKI is an arrangement that binds public keys of users with their respective user identities by means of a certificate authority (CA)).
As per claim 8:  The method of Claim 1, wherein the approval for usage of the data for a first purpose is provided by the subject or per policy (See Trotter, Paragraph 31; This ensures that only pragmatically active portions of a data host can be tracked. Other static data files, such as privacy policy, end user agreements, and software licensing files can also be tracked in this way).
As per claims 9 and 20:  The method of Claim 1, wherein said encrypting further comprises:
encoding in a header of the purpose-based encrypted data an identifier of the purpose, whereby enabling a data consumer to determine whether the data consumer is authorized to utilize the data based on an intended usage purpose (See White; Paragraph [0022] The encrypted capsule 120 ensures that the piece of data 118 is only subseguently viewed by the user 110 in a context that meets the boundaries of the policy constraints and requirements (just as the context did when the original request was made). This helps prevent, for example, a user 110 from requesting the data 118 in a location in which viewing the data 118 is permitted and then moving to a location in which viewing the data 118 is not permitted).
As per claim 10:  White discloses a method comprising: 
obtaining a purpose-based encrypted data that encrypts data, wherein an approval for usage of the data for the purpose is provided (Paragraph [0022] The encrypted capsule 120 ensures that the piece of data 118 is only subsequently viewed by the user 110 in a context that meets the boundaries of the policy constraints and requirements (just as the context did when the original request was made). This helps prevent, for example, a user 110 from requesting the data 118 in a location in which viewing the data 118 is permitted and then moving to a location in which viewing the data 118 is not permitted. Paragraph [0024] When it is determined that a piece of sensitive data is being requested, one or more policies associated with that piece of sensitive data may be obtained. While a tagged piece of data 118 may indicate that the data 118 is potentially sensitive, it does not inform as to whether the data 118 is, for example, private and allowed in the current context of the end-user device 104, private and not allowed in the context of the end-user device 104, not considered private in the context of the end-user device 104, or other potential policy outcomes (e.g, certain types of sensitive data may permit emergency overrides, e.g., in life-threatening medical emergencies). How this determination is made can be based on a whole set of context information available, including data 118 based in an entity (so that customer or related information can be identified), information on the specific user 110 requesting the data 118 and how, situational or environmental information, or any other relevant context. The policies may be maintained by the data access platform 122 and access based on the policies may be requested by the mobile services cloud platform 102. If private access is allowed, a token or key may be returned by the data access platform 122 to the mobile services cloud platform 102, which then may embed this token or key in the encrypted capsule 120 to be returned to the end-user device 104. This enforces that the end-user device 104 can only open the capsule 120 in a context that matches the context when the original request was made);
decrypting the purpose-based encrypted data using a decryption key that is associated with the purpose, wherein the decryption key is useable for decrypting information encrypted with the encryption key, whereby obtaining the data and using the data by a data consumer (Paragraph [0035] The data privacy module 108 decrypts the policy decision ciphertext, revealing the decision and context requirements. Then the data privacy module 108 contains the current contextual attributes of the application 106/device 104/user 110 and compares these contextual attributes with the context requirements. It should be noted that the context requirements can be expressed in any number of different manners, including, for example, fixed requirements, conditions (sets of requirements), fuzzy requirements, etc. Additionally, one or more obligations may be specified (e.g., conditions on display). Paragraph [0048] At operation 324, the encapsulated data, policy constraints 202, and policy decision are returned to the data privacy module 108. At operation 326, when the data is to be used by the application 106 (for example, when it is displayed, played, or used in a nonvisual background process), the data privacy module 108 decrypts the data. To this, a cryptography mechanism is used).
Trotter does not specifically disclose wherein the purpose-based encrypted data is encrypted using an encryption key associated with a purpose (See White, Paragraph [0046] In particular, users can share specific recordings or other data with doctors using the Nationwide Health Information Network (NW-HIN) Direct SMTP (Simple Mail Transfer Protocol) and certificate infrastructure. The NW-HIN is a set of protocols that enables a secure health information exchange to occur over the open Internet. This encrypted network relies on a PKI infrastructure based on standard X.509 PKI, which is compatible with typical PKI implementations of this method. As a result, a user can encrypt a combined token plus URL that, when merged, would provide unfettered access to a recording or other data. By encrypting the unigue URL to a recording or other data, which is preferably generated as described above with respect to FIG. 5, into a NW-HIN direct message using the doctor-of-interest's public key, a user can share any health record, including recordings, with any NW-HIN doctor in the United States. Current Health IT regulation ensures that the NW-HIN will become the de-facto health information exchange in the United States, and probably later internationally).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by White to incorporate generating a link pointing to a first alias of the data, the first alias being associated with the first purpose; encrypting the link pointing to the first alias with the first encryption key to obtain a first encrypted link taught by Trotter such that the method of White is capable of generating a link pointing to a first alias of the data, the first alias being associated with the first purpose; encrypting the link pointing to the first alias with the first encryption key to obtain a first encrypted link. One would have been motivated to make such combination in order to restrict access to stored sensitive information (Trotter, Paragraph 8).
As per claim 11:  The method of Claim 10, wherein said decrypting is performed within a protected process, wherein access to a memory region of the protected process is restricted from other processes, whereby preventing access to the decryption key to other processes (See White; Paragraph [0035] The data privacy module 108 decrypts the policy decision ciphertext, revealing the decision and context requirements. Then the data privacy module 108 contains the current contextual attributes of the application 106/device 104/user 110 and compares these contextual attributes with the context requirements).
As per claim 12:  The method of Claim 11, wherein said using the data is performed within the protected process (See Trotter; Paragraph 37; the user can share access with that service by encrypting the symmetric key(s), e.g., file key 314, of protected data elements with the public key for that service).
As per claim 13:  The method of Claim 11, wherein said decrypting comprises: 
providing a header of the purpose-based encrypted data to the protected process, wherein the header comprises an indication of at least one of the purpose, data consumer, and a conjunctive restriction; and receiving from the protected process, the decryption key; and wherein said using the data is performed externally to the protected process (See White; Paragraph [0035] The data privacy module 108 decrypts the policy decision ciphertext, revealing the decision and context requirements. Then the data privacy module 108 contains the current contextual attributes of the application 106/device 104/user 110 and compares these contextual attributes with the context requirements).



Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472.  The examiner can normally be reached on 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 



/ANTHONY D BROWN/Primary Examiner, Art Unit 2433