Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/355,417 is presented for examination by the examiner.


Claim Objections
Claims 18-20 are objected to because of the following informalities:  
the numbering needs to be fixed because claim 17 was omitted from the claim set.  Alternatively, claim 17 can be explicitly canceled.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-16, 18, and 19 are rejected under 35 U.S.C. 101 as directed to the non-statutory subject matter of a computer program.  The claims lack the necessary physical articles or objects to constitute a machine or manufacture within the meaning of 35 U.S.C. 101.  They are clearly not a series of steps or acts to be a process, nor are they a combination of chemical compounds to be a composition of matter.  As such, they fail 

Claims 1-16 and 18-20 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a policy controlling access to data, thus grouped as a certain method of organizing human interactions. This judicial exception is not integrated into a practical application because a human can perform this practice as disclosed in the claims.  People are capable of using decentralized IDs in performing authentication and then knowing or looking up policies that govern access control of data.  Data also is abstract. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because there is nothing in the claim which would require nonconventional computers which can comparing IDs, store data, transfer data, and write to data.  Claim 12 requires a ledger but computer ledgers are modeled after paper ledgers and no specific functions directed to the ledger concerning blockchain or other cryptographic operations are present in the claims.  The claim merely handle a request by using set rules.  This is not enough to transform the abstract idea into statutory subject matter.


 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):


Claims 6 is rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

As per claim 6, a personal rule is defined twice.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


s 1-9 and 12-16, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2018/0020001 to White et al., hereinafter White in view of USP 10,587,413 to Todd et al hereinafter Todd.

As per claims 1 and 20, White teaches one or more processors; and one or more computer-readable media having thereon computer-executable instructions that are structured such that, when executed by the one or more processors [Fig. 1], cause the computing system to: 
manage a plurality of  identifiers (0020, 0051, 0056) and a plurality of storages [backend], each of the plurality of storages being associated with at least one of the plurality of IDs (0020); 
receive a request from an entity for operating on data stored or to be stored in one of the plurality of storages that is associated with a ID (0019); 
determine a type of the data requested to be operated on (0021); 
access one or more policy rules that are applicable to the type of the data (0024); 
based on the one or more policy rules, determine if the operation [function; 0018] to be performed on the data will result in the data complying with the one or more policy rules [0024 and 0044]; and 
based on the determination, allow the request when the operation will result in the data complying with the one or more policy rules (0024 and 0025).
White does not explicitly teach the identifiers are decentralized.  Todd teaches identifiers that are decentralized (col. 6, lines 50-66).  In Todd’s system 

As per claim 12, White teaches, a method for enforcing one or more policy rules that are applicable to a type of data (0014), the method comprising:
managing a plurality of identifiers (IDs) and a plurality of storages, each of the plurality of storages being associated with at least one of the plurality of IDs (0020);
receiving a request from an entity for operating on data stored or to be stored in one of the plurality of storages that is associated with a particular ID (0019);
 determining a type of the data requested to be operated on (0021); 
accessing one or more policy rules that are applicable to the type of the data (0024); 

based on the determination, allowing the request when the operation will result the data complying with the one or more policy rules (0024 and 0025).
White is silent in explicitly teaching a computing system that is implemented in a decentralized network that implements a distributed ledger, the distributed ledger being configured to back one or more decentralized identities (DID) for one or more users of the computing system.   Todd teaches a computing system that is implemented in a decentralized network that implements a distributed ledger, the distributed ledger being configured to back one or more decentralized identities (DID) for one or more users of the computing system (col. 1 lines 53-55 and col. 6, lines 50-66). In Todd’s system there are many identity servers and enterprises.  White teaches trust across many different organizations (0027).  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.   The system of White could have used decentralized identifiers for the entities/user/owner so long as each identity server can authenticate the user.  White’s method teaches how this is performed by distributed ledgers and that doing so allows for control authentication and/or authorization across a class of systems or situations, i.e., in a cross enterprise environment (col. 1, lines 65-66).  


As per claims 3 and 14, White teaches the request from an entity for operating on data is a request to store data generated by the entity in the storage associated with the particular DID or a request to read data stored in the storage associated with the particular DID (0039 and 0048).
As per claims 4 and 15, White teaches the determining if the operation to be performed on the data will result in the data complying with the one or more policy rules comprises: analyzing the one or more applicable rules' relationship (0044), and based on the analysis, determining whether at least one rule is to overwrite another rule (0026, 0036, 0037 and 0054; additional rules/constraints are required).
As per claims 5 and 16, White teaches wherein the determining the type of the data comprises: scanning the data's metadata (0044; tagged), and based on the scanned metadata, determining at least one type of the data (sensitive; 0044).
As per claim 6, White teaches the one or more policy rules include a personal rule that is determined by an owner of the particular DID [owner is 
As per claim 7, White teaches at least one of the one or more policy rules are stored in the storage associated with the particular DID, at least one of the one or more policy rules is stored with at least one of the plurality of storages; at least one of the one or more policy rules is stored at a remote server [data access platform 122; 0024 and 0062], and/or at least one of the one or more policy rules is stored at a DID owner's DID management module.
As per claim 8, White teaches based on information of the entity, filter the one or more policy rules to determine a subset of one or more policy rules that are applicable to the requested data (0044 and 0062), wherein the determine if the operation to be performed on the data will result in the data complying with the one or more policy rules is determined based on the subset of one or more policy rules (0024, 0044, and 0045).
As per claims 9 and 19, White teaches generating a notification to the owner of the particular DID, the entity and/or a third party when the operation to be performed on the data will result in the data not complying with the one or more policy rules [error to user; 0053.
.

Claims 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over White and Todd as applied to claim 1 above, and further in view of USP Application Publication  2021/0049586 to Teitelbaum.
As per claim 10, White and Todd are silent is silent in explicitly teaching the entity is an owner of a second DID, the second DID is the same as the first DID or different from the first DID.  Teitelbaum teaches the entity is an owner of a second DID, the second DID is the same as the first DID or different from the first DID (0022 and 0055).  Specifically Teitelbaum teaches that in a decentralized network having a ledger there may be identifier repository that link multiple user IDs to one owner.  This provides a means of having particular username for specific purposes (0055).  This allows for a user to specify which account the transactions is to be initiated on precisely the same type of network at White/Todd.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  

As per claim 11, White teaches filtering the one or more policy rules based on the geographic information of the first and/or the second DID owner(s) to determine a subset of one or more policy rules that are applicable to the requested data (0039 and 0062), wherein the determine if the operation to be performed on the data will result in .



Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431