Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .	
Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 12/15/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to amendments/arguments
3. 	This office action is in response to an amendment filed on 12/15/2020 in response to PTO office action dated 03/01/2021. The amendment has been entered and considered. 

4. 	Claims 1, 10 and 19 have been amended. Claims 1-27 are now pending in this office action. 

5. 	Applicant’s arguments with respect to the rejection of claims under 35 U.S.C. § 102 (a)(i) and 103(a) have been fully considered but are moot because the arguments are directed towards amended claims, thus necessitated the new ground of rejection as presented in this Office action. 
Claim Rejections - 35 U.S.C. § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6. 	Claims 1-27 are rejected under 35 U.S.C. 103 as being unpatentable over Ford; Christopher Todd (US 20170041296 A1) in view of McCarthy; Kevin L (US 20150163206 A1) and in further view of Stone; Darrel (US 20100280959 A1).

Regarding independent claim 1, Ford; Christopher Todd ( US 20170041296 A1) teaches, a method comprising: providing a data exchange by a cloud computing service on behalf of an entity (Fig. 1A Paragraph [0106] the secure exchange server may utilize a secure cloud architecture with meshed data centers, various enterprise clouds, private clouds, hosted clouds, and the like.  Enterprises working in association with the secure exchange server may have their enterprise clouds linked to a secure cloud associated with the secure exchange server), the data exchange comprising a plurality of data listings provided by one or more data providers, each data listing referencing one or more data sets stored in a data storage platform associated with the cloud computing service (FIG. 6 Paragraph [0140] the dashboard facility 210 may provide organized facilities for managing exchanges amongst the plurality of exchange 
set access control rules for one or more of the plurality of data listings, wherein access control rules for a data listing comprise … to view data underlying the data listing and a list of consumers  that may access and manipulate the data underlying the data listing (Paragraph [0071] In embodiments, the exchange may provide one or more secure sites for placing documents and messages to be transmitted over a secure virtual network and may allow authorized users to read or edit messages according to their level of authorization. Any documents that are edited may be immediately available on the system so that other persons involved in the exchange have access to the edited or modified documents immediately. In addition, the exchange may provide tracking of each document to allow selected users to see who has had access to the messages and documents and who has modified or edited any of the documents. Content and communications shared amongst a group may be included in a work stream, where the work stream may be focused on or associated with a particular topic, task, project, event, and the like. Content and communications may also be presented to users based on activity, thus creating an activity stream that shows users what is active, such as in a work stream, within a group of work steams, and the like. In this way, the activity-based work stream provides a location were a user might go to see what is active in one or more work streams, exchanges, and the like);
designating a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity and is to: set viewing rules for one or more of the plurality of data listings, wherein viewing rules for a data listing comprise a list of consumers that may view an indicator of the data listing indicating that the data listing is available to the list of consumers; and grant or deny requests from data providers to publish data listings on the data exchange; and in response to a data consumer that has been granted access to the data exchange adding to a user record of the data consumer one or more of the 2Application No.16/746,673 plurality of data listings, providing to the data consumer access to the data sets referenced by the one or more data listings without copying the data sets.
McCarthy; Kevin L (US 20150163206 A1) teaches, designating a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity and is to: set viewing rules for one or more of the plurality of data listings, wherein viewing rules for a data listing comprise a list of consumers that may view an indicator of the data listing indicating that the data listing is available to the list of consumers; …a list of consumers  that may select the indicator of the data listing … (Paragraph [0117] a permissions ‘view-as’ facility may be provided during staging of permissions for an exchange. For example, as a user is establishing permissions for an exchange, a project, a work stream, or the like, a user may initiate the “view-as” permissioning feature, such as by drop down menu selection, clicking on an icon, or the like, which may include a menu or data entry capability (e.g., a text field, box or the like) for selecting another user 
and in response to a data consumer that has been granted access to the data exchange adding to a user record of the data consumer one or more of the 2Application No.16/746,673 plurality of data listings, providing to the data consumer access to the data sets referenced by the one or more data listings without copying the data sets. (Paragraph [0025] teaches, receiving from at least one user of the third business entity an indication of permission for the user of the second business entity to access the computer data content (i.e., based on the access/permission granted to the data listing); by the secure exchange server, permitting access to the computer data content to the user of the second business entity through an exchange content access facility, wherein the exchange content access facility is hosted by the intermediate business entity; by the secure exchange server, granting access to the computer data content to the user of the second business entity; and providing, by the secure exchange server, at least one of: a secure cloud architecture with meshed data centers and various enterprise clouds. [0026] teaches, a customizable secure data exchange environment system may comprise: a server-based secure data exchange system for secure sharing of content between a first client device accessed by 
Therefore it would have been obvious to one of the ordinarily skilled in the art at the time of the filing of the invention to have modified the teachings of Ford et al and is related to networked secure content, and more particularly to sharing, viewing, and collaboration of networked secure content between entities as taught by McCarthy (Paragraph [0002]).
It would have been obvious to one of the ordinary skill in the art, to provide systems and for users to utilize the systems in such a way that does not force them to adopt new infrastructure, software, and business and personal processes in their daily workflow in order to achieve a shared and potentially secure extended work environment and to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes and can securely share content between entities or companies as taught by McCarthy (Paragraph [0003]- [0005]).
Ford et al and McCarthy et al fails to explicitly teach, grant and deny requests from data providers to publish data listings on the data exchange.
Stone; Darrel (US 20100280959 A1) also teach, designating a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity … (Paragraph [0019] The group component 140 manages groups that providers may join. For example, a group may exist for registered contractors, plumbers, eco-friendly contractors, and so on); 
Stone et al further teaches, grant and deny requests from data providers to publish data listings on the data exchange (Paragraph [0019] The system tracks a group administrator for each group that can determine the membership of the group (e.g., by accepting or denying requests to join the group and publish data) and set criteria for membership in the group (i.e., designating an administrator for each entity/provider associated with that group in a data sharing environment)).
Therefore it would have been obvious to one of the ordinarily skilled in the art at the time of the filing of the invention to have modified the teachings of Ford et al and McCarthy et al and provides a real-time sourcing system that is described herein that matches consumers with service requests to providers that perform the requested services. In addition, the system automates communication between consumers and providers. The real-time sourcing system provides automated and integrated end-to-end management of a transaction. The system receives a request from a consumer that describes a particular service needed by the consumer, and sends notifications to registered providers based on the requested service. The system receives an offer from one or more notified providers that indicates terms under which the provider would perform the requested service, and sends offers that match the consumer's criteria to the consumer for evaluation. The system receives an acceptance of an offer from the consumer. Thus, the real-time sourcing system reduces the time involved with finding providers to perform services, and provides consumers with more relevant selections of providers to perform services as taught by Stone et al (Abstract). 
It would have been obvious to one of the ordinary skill in the art, to provide a real-time sourcing system that is described herein that matches consumers with service requests to providers that perform the requested services. In addition, the system automates communication between consumers and providers. The real-time sourcing system provides automated and integrated end-to-end management of a transaction. The system receives a request from a consumer that describes a particular service needed by the consumer, and sends notifications to registered providers based on the requested service. The system receives an offer from one or more notified providers that indicates terms under which the provider would perform the requested service, and sends offers that match the consumer's criteria to the consumer for evaluation. The system receives an acceptance of an offer from the consumer. Thus, the real-time sourcing system reduces the time involved with finding providers to perform services, and provides consumers with more relevant selections of providers to perform services as taught by Stone et al (Abstract). 

Regarding dependent claim 2, Ford et al, McCarthy et al and Stone et al teach, the method of claim 1. 
Ford et al further teaches, further comprising: receiving a request from one of the one more data providers to publish a data listing on the data exchange; routing the request to the data exchange administrator account (Fig. 35 Paragraph [0341], [0344] Each time a protected content item is opened on a client device (to update/modify/publish the data), corresponding access policies are requested from a corresponding DRM engine. The DRM engine forwards/routed the request to a content protection server. The content protection server retrieves the access policies from the rights issuer, and provides the retrieved access policies to the DRM engine in a format readable by the DRM engine. Also see [0346]-348];
receiving an authorization indication from the data exchange administrator account approving the request to publish the data listing; and publishing the data listing on the data exchange (Paragraph [0362] According to example implementation, the content protection server 150B sends a publishing license identification (ID) and information indicative of existence access policies (authorization indication) associated with the content item to the DRM engine for registering the content item (publishing the data). At 230B, the encrypted content item 185B is sent to the content sharing application 110B to share with to the one or more user devices 180B for consumption).
 
Regarding dependent claim 3, Ford et al, McCarthy et al and Stone et al teach, the method of claim 2. 
Ford et al further teaches, where in publishing the data listing comprises allowing at least one data consumer to view the data listing within the data exchange (Paragraph [0077] when the external user (data consumer) accesses the secure exchange system, the secure exchange system may recognize the user and associate the user with a particular one of the companies A and B. Also see [0087], [0108], [0109] a user may have access to data in various parts of the on enterprise premises system 110, such access being managed by the secure exchange system 102 and/or the orchestration services 165 in various embodiments, such as to confirm the identity of the user of a user device 120, to confirm the authorization of the user and device to access particular data).

Regarding dependent claim 4, Ford et al, McCarthy et al and Stone et al teach, the method of claim 1. 
Ford et al further teaches, where in the entity is one of the one or more data providers (Paragraph [0078], [0092] The secure exchange system may be organized as a customizable hybrid system to accommodate the needs of organizational entities. In embodiments, data stored by the plurality of organizational entities may be at least in part centrally stored, stored at least in part in distributed locations, stored at least in part on the premises of the organizational entity, and the like (entity is data provider)).

Regarding dependent claim 5, Ford et al, McCarthy et al and Stone et al teach, the method of claim 1. 
Ford et al further teaches, wherein accessing data underlying a data listing comprises running queries on the one or more data sets referenced by the data listing (Paragraph [0089] when a user enters a search query to search for items in various content nodes to which the user has access, such as to search for a specific text string, the search location service 176 may operate to identify the relevant content nodes to which the user has access and to distribute the search query to each relevant node separately. The query may then be run locally on each of those nodes. The search results from each content node may then be sent back to the user's computing device, and collated, such as by a collating module running on the user's browser, to present a single set of search results to the user. In this manner, the content on each content node remains secure and localized, and is not shared among various content nodes, or shared with an intermediate business entity operating the orchestration services 165 or providing other services to the user).

Regarding dependent claim 6, Ford et al, McCarthy et al and Stone et al teach, the method of claim 1. 
Stone et al further teaches, wherein the data exchange administrator account is further to add a new account to the data exchange and set a type of the new account to one of a data consumer, data provider, or exchange administrator (Paragraph [0013] The profile component 110 manages user accounts for consumers and providers that register to use the system 100. When a user initially registers as a member of the system, the profile component 110 collects certain information from the user, such as an email address, demographic information, a default location (e.g., home address), a mobile number, and so forth. For example, the component 110 may collect references to other profiles of the user, such as a Twitter, Linkedln, Facebook, or other account with which the system may provide integration for communication, information gathering, and other actions. The profile component 110 may also track a subscription status that indicates whether the member has paid for access to certain upgraded services (e.g., increased priority of postings). In addition, the profile component 110 tracks a reputation score for each member and initializes the score during member registration. The system may provide a verification process to allow members to verify their identity and other profile information by supplying authentication information (e.g., a credit card, responding to a phone message, and so forth). The profile component 110 modifies the score later based on feedback that the component 110 receives from other members resulting from transactions with the member. A particular member may register as a consumer, provider, or both. [0019] The group component 140 manages groups that providers may join (i.e., the administrator can add a new account and set a type as provider or consumer). For example, a group may exist for registered contractors, plumbers, eco-friendly contractors, and so on. The system tracks a group administrator for each group that can determine the membership of the group (e.g., by accepting or denying requests to join the group) and set criteria for membership in the group).

Regarding dependent claim 7, Ford et al, McCarthy et al and Stone et al teach, the method of claim 1. 
Ford et al further teaches, further comprising: receiving a request from a user to access the data exchange, wherein the user has not been previously approved to access the data exchange; routing the request to the data exchange administrator account (Paragraph [0251] trigger events for an examination or reexamination of a user's authentication level may include such as a determination is made that a user changed geographic location (e.g., based on corresponding GPS location, network IP address, or the like) where, a triggering event for additional authentication for a user may include an administrator policy implemented change in access due to an administrator-sensed event (e.g., an administrator may determine that an attack is actually or potentially underway and opt to increase security for all users temporarily) or an automatic policy implemented change in access due to an automation-sensed event (e.g., an automated system may determine that an attack is actually or potentially underway and automatically opt to increase security for all users temporarily), based on time of day (e.g., outside of business hours may require an increased level or frequency of authorization as compared to during regular business hours), and the like (when a request for data is made based on the time the access is not approved, but the request is routed to the administrator);
receiving an authorization indication from the data exchange administrator account approving the request to access the data exchange; and granting the user access to the data exchange (Paragraph [0250] Once a re-authentication procedure is triggered, if the user's authentication level matches or exceeds the authentication level associated with the content to be accessed, the dynamic access authorization facility 267 may allow access to that content. If the user's authentication level is below that associated with the content, then access may be denied, or a further authentication challenge may be presented to the user).

Regarding dependent claim 8, Ford et al, McCarthy et al and Stone et al teach, the method of claim 7. 
Ford et al further teaches, where in granting the user access to the data exchange comprises enabling the user to view and run queries against data referenced by a first data listing but not against a second data listing (Paragraph [0224] a Johns Hopkins doctor may be in drug trials with two different pharmaceutical companies, and if the doctor accesses through the channel of the Company A's website (referencing a particular company), then they only see Company A's information).

Regarding dependent claim 9, Ford et al, McCarthy et al and Stone et al teach, the method of claim 1. 
Ford et al further teaches, where in the data exchange is manageable by the cloud computing service and is displayable within an online resource associated with the entity, wherein the online resource is one of an online web domain or an interconnected network application (Paragraph [0075], [0085] Connections may be provided, either through various interfaces and APIs, or through bindings, to outside storage, such as to cloud data storage 118 resources (including public and private clouds), and to more general resources, such as accessible through search engines 116).

Regarding independent claim 10, Ford; Christopher Todd (US 20170041296 A1) teaches, a system, comprising: a processing device (Paragraph [0696]) to: provide a data exchange by a cloud computing service on behalf of an entity, the data exchange comprising a plurality of data listings provided by one or more data 4Application No.16/746,673 providers, each data listing referencing one or more data sets stored in a data storage platform associated with the cloud computing service (FIG. 6 Paragraph [0140] the dashboard facility 210 may provide organized facilities for managing exchanges amongst the plurality of exchange service users 110, disseminate to users of multiple groups of users, separating exchange environments, and the like. For example, for a corporate M&A or private equity group, the dashboard may provide users with the ability to take their information, and create a profile and expose the information to other parties (e.g., to private equity investors showing performance of their individual funds);
set access control rules for one or more of the plurality of data listings, wherein access control rules for a data listing comprise … to view data underlying the data listing and a list of consumers that may access and manipulate the data underlying the data listing (Ford teaches, [0071] In embodiments, the exchange may provide one or more secure sites for placing documents and messages to be transmitted over a secure virtual network and may allow authorized users to read or edit messages according to their level of authorization. Any documents that are edited may be immediately available on the system so that other persons involved in the exchange have access to the edited or modified documents immediately. In addition, the exchange may provide tracking of each document to allow selected users to see who has had access to the messages and documents and who has modified or edited any of the documents. Content and communications shared amongst a group may be included in a work stream, where the work stream may be focused on or associated with a particular topic, task, project, event, and the like. Content and communications may also be presented to users based on activity, thus creating an activity stream that shows users what is active, such as in a work stream, within a group of work steams, and the like. In this way, the activity-based work stream provides a location were a user might go to see what is active in one or more work streams, exchanges, and the like);
Ford et al fails to explicitly teach, designate a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity and is to: set viewing rules for one or more of the plurality of data listings, wherein viewing rules for a data listing comprise a list of consumers that may view an indicator of the data listing indicating that the data listing is available to the list of consumers; … that may select the indicator of the data listing…and grant or deny requests from data providers to publish data listings on the data exchange; and in response to a data consumer  that has been granted access to the data exchange adding to a user record of the data consumer one or more of the plurality of data listings, providing to the data consumer access to the data sets referenced by the one or more data listings without copying the data sets; … that may select the indicator of the data listing…
McCarthy; Kevin L (US 20150163206 A1) teaches, designate a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity and is to: set viewing rules for one or more of the plurality of data listings, wherein viewing rules for a data listing comprise a list of consumers that may view an indicator of the data listing indicating that the data listing is available to the list of consumers; … that may select the indicator of the data listing…(Paragraph [0117] a permissions ‘view-as’ facility may be provided during staging of permissions for an exchange. For example, as a user is establishing permissions for an exchange, a project, a work stream, or the like, a user may initiate the “view-as” permissioning feature, such as by drop down menu selection, clicking on an icon, or the like, which may include a menu or data entry capability (e.g., a text field, box or the like) for selecting another user or category of user for which the permissioning user wishes to simulate viewing. Upon initiation of the “view as” capability and selecting the user or category of user to be simulated by the permissioning user (i.e., list of consumers satisfying the viewing rules based on permissions set and selecting the data listing), the system may display an exchange, a work stream, a dashboard, a project, a store, or a particular content item to the permissioning user as if the permissioning user were the other user selected by the permissioning user or as if the permissioning user is a member of the selected category of user); 
and in response to a data consumer  that has been granted access to the data exchange adding to a user record of the data consumer one or more of the plurality of data listings, providing to the data consumer access to the data sets referenced by the one or more data listings without copying the data sets (Paragraph [0025] teaches, receiving from at least one user of the third business entity an indication of permission for the user of the second business entity to access the computer data content (i.e., based on the access/permission granted to the data listing); by the secure exchange server, permitting access to the computer data content to the user of the second business entity through an exchange content access facility, wherein the exchange content access facility is hosted by the intermediate business entity; by the secure exchange server, granting access to the computer data content to the user of the second business entity; and providing, by the secure exchange server, at least one of: a secure cloud architecture with meshed data centers and various enterprise clouds. [00260 teaches, a customizable secure data exchange environment system may comprise: a server-based secure data exchange system for secure sharing of content between a first client device accessed by a user associated with a first organizational entity and a second client device accessed by a user associated with a second organizational entity, wherein the content has shared relevance with the first organizational entity and the second organizational entity, the secure data exchange system comprising a data management facility managed by a third organizational entity and adapted to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes, wherein the first organizational entity is granted permissioned control of a first data storage node by the third organizational entity, wherein content is shared between the first client device and the second client device through the first data storage node, wherein the data management facility manages secure data exchange of the content through the first data storage node, the content being comprised of data content and metadata, and wherein the data management facility has access to the metadata of the content for managing sharing of the content via the first data storage node, but the data management facility does not have access to the shared content; wherein the data management facility is distributed into a plurality of data management sites to enable management of the plurality of data storage nodes, wherein the plurality of data storage nodes are located at network locations separate from the data management facility and specified by the plurality of organizational entities. In embodiments, each of the plurality of data storage nodes may be controlled by a separate organizational entity (i.e., the user is directed to access the data/content referenced by the data listing/metadata listing without copying the actual data).
Therefore it would have been obvious to one of the ordinarily skilled in the art at the time of the filing of the invention to have modified the teachings of Ford et al and is related to networked secure content, and more particularly to sharing, viewing, and collaboration of networked secure content between entities as taught by McCarthy (Paragraph [0002]).
It would have been obvious to one of the ordinary skill in the art, to provide systems and for users to utilize the systems in such a way that does not force them to adopt new infrastructure, software, and business and personal processes in their daily workflow in order to achieve a shared and potentially secure extended work environment and to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes and can securely share content between entities or companies as taught by McCarthy (Paragraph [0003]- [0005]).
Ford et al and McCarthy et al fails to explicitly teach, grant and deny requests from data providers to publish data listings on the data exchange.
Stone; Darrel (US 20100280959 A1) also teach, designating a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity … (Paragraph [0019] The group component 140 manages groups that providers may join. For example, a group may exist for registered contractors, plumbers, eco-friendly contractors, and so on); 
Stone et al further teaches, grant and deny requests from data providers to publish data listings on the data exchange (Paragraph [0019] The system tracks a group administrator for each group that can determine the membership of the group (e.g., by accepting or denying requests to join the group and publish data) and set criteria for membership in the group (i.e., designating an administrator for each entity/provider associated with that group in a data sharing environment)).
Therefore it would have been obvious to one of the ordinarily skilled in the art at the time of the filing of the invention to have modified the teachings of Ford et al and McCarthy et al and provides a real-time sourcing system that is described herein that matches consumers with service requests to providers that perform the requested services. In addition, the system automates communication between consumers and providers. The real-time sourcing system provides automated and integrated end-to-end management of a transaction. The system receives a request from a consumer that describes a particular service needed by the consumer, and sends notifications to registered providers based on the requested service. The system receives an offer from one or more notified providers that indicates terms under which the provider would perform the requested service, and sends offers that match the consumer's criteria to the consumer for evaluation. The system receives an acceptance of an offer from the consumer. Thus, the real-time sourcing system reduces the time involved with finding providers to perform services, and provides consumers with more relevant selections of providers to perform services as taught by Stone et al (Abstract). 
It would have been obvious to one of the ordinary skill in the art, to provide a real-time sourcing system that is described herein that matches consumers with service requests to providers that perform the requested services. In addition, the system automates communication between consumers and providers. The real-time sourcing system provides automated and integrated end-to-end management of a transaction. The system receives a request from a consumer that describes a particular service needed by the consumer, and sends notifications to registered providers based on the requested service. The system receives an offer from one or more notified providers that indicates terms under which the provider would perform the requested service, and sends offers that match the consumer's criteria to the consumer for evaluation. The system receives an acceptance of an offer from the consumer. Thus, the real-time sourcing system reduces the time involved with finding providers to perform services, and provides consumers with more relevant selections of providers to perform services as taught by Stone et al (Abstract). 

Regarding dependent claim 11, Ford et al, McCarthy et al and Stone et al teach, the system of claim 10. 
Ford et al further teaches, wherein the processing device is further to:  receive a request from one of the one or more data providers to publish a data listing on the data exchange; route the request to the data exchange administrator account (Fig. 35 Paragraph [0341], [0344] Each time a protected content item is opened on a client device (to update/modify/publish the data), corresponding access policies are requested from a corresponding DRM engine. The DRM engine forwards/routed the request to a content protection server. The content protection server retrieves the access policies from the rights issuer, and provides the retrieved access policies to the DRM engine in a format readable by the DRM engine. Also see [0346]-348];
receive an authorization indication from the data exchange administrator account approving the request to publish the data listing; and publish the data listing on the data exchange (Paragraph [0362] According to example implementation, the content protection server 150B sends a publishing license identification (ID) and information indicative of existence access policies (authorization indication) associated with the content item to the DRM engine for registering the content item (publishing the data). At 230B, the encrypted content item 185B is sent to the content sharing application 110B to share with to the one or more user devices 180B for consumption).

Regarding dependent claim 12, Ford et al, McCarthy et al and Stone et al teach, the system of claim 11. 
Ford et al further teaches, wherein to publish the data listing, the processing device to allow at least one data consumer to view the data listing within the data exchange (Paragraph [0077] when the external user (data consumer) accesses the secure exchange system, the secure exchange system may recognize the user and associate the user with a particular one of the companies A and B. Also see [0087], [0109] a user may have access to data in various parts of the on enterprise premises system 110, such access being managed by the secure exchange system 102 and/or the orchestration services 165 in various embodiments, such as to confirm the identity of the user of a user device 120, to confirm the authorization of the user and device to access particular data).

Regarding dependent claim 13, Ford et al, McCarthy et al and Stone et al teach, the system of claim 10. 
Ford et al further teaches, Where in the entity is one of the one or more data providers (Paragraph [0078], [0092] The secure exchange system may be organized as a customizable hybrid system to accommodate the needs of organizational entities. In embodiments, data stored by the plurality of organizational entities may be at least in part centrally stored, stored at least in part in distributed locations, stored at least in part on the premises of the organizational entity, and the like (entity is data provider)).

Regarding dependent claim 14, Ford et al, McCarthy et al and Stone et al teach, the system of claim 10. 
Ford et al further teaches, wherein to access data underlying a data listing, the processing device is to run queries on the one or more data sets referenced by the data listing (Paragraph [0089] when a user enters a search query to search for items in various content nodes to which the user has access, such as to search for a specific text string, the search location service 176 may operate to identify the relevant content nodes to which the user has access and to distribute the search query to each relevant node separately. The query may then be run locally on each of those nodes. The search results from each content node may then be sent back to the user's computing device, and collated, such as by a collating module running on the user's browser, to present a single set of search results to the user. In this manner, the content on each content node remains secure and localized, and is not shared among various content nodes, or shared with an intermediate business entity operating the orchestration services 165 or providing other services to the user).

Regarding dependent claim 15, Ford et al, McCarthy et al and Stone et al teach, the system of claim 10. 
Stone et al further teaches, wherein the processing device is further to add a new account to the data exchange and set a type of the new account to one of a data consumer, data provider, or exchange administrator (Paragraph [0013] The profile component 110 manages user accounts for consumers and providers that register to use the system 100. When a user initially registers as a member of the system, the profile component 110 collects certain information from the user, such as an email address, demographic information, a default location (e.g., home address), a mobile number, and so forth. For example, the component 110 may collect references to other profiles of the user, such as a Twitter, Linkedln, Facebook, or other account with which the system may provide integration for communication, information gathering, and other actions. The profile component 110 may also track a subscription status that indicates whether the member has paid for access to certain upgraded services (e.g., increased priority of postings). In addition, the profile component 110 tracks a reputation score for each member and initializes the score during member registration. The system may provide a verification process to allow members to verify their identity and other profile information by supplying authentication information (e.g., a credit card, responding to a phone message, and so forth). The profile component 110 modifies the score later based on feedback that the component 110 receives from other members resulting from transactions with the member. A particular member may register as a consumer, provider, or both. [0019] The group component 140 manages groups that providers may join (i.e., the administrator can add a new account and set a type as provider or consumer). For example, a group may exist for registered contractors, plumbers, eco-friendly contractors, and so on. The system tracks a group administrator for each group that can determine the membership of the group (e.g., by accepting or denying requests to join the group) and set criteria for membership in the group).

Regarding dependent claim 16, Ford et al, McCarthy et al and Stone et al teach, the system of claim 10. 
Ford et al further teaches, Where in the processing device is further to: receive a request from a user to access the data exchange, wherein the user has not been previously approved to access the data exchange; route the request to the data exchange administrator account (Paragraph [0251] trigger events for an examination or reexamination of a user's authentication level may include such as a determination is made that a user changed geographic location (e.g., based on corresponding GPS location, network IP address, or the like) where, a triggering event for additional authentication for a user may include an administrator policy implemented change in access due to an administrator-sensed event (e.g., an administrator may determine that an attack is actually or potentially underway and opt to increase security for all users temporarily) or an automatic policy implemented change in access due to an automation-sensed event (e.g., an automated system may determine that an attack is actually or potentially underway and automatically opt to increase security for all users temporarily), based on time of day (e.g., outside of business hours may require an increased level or frequency of authorization as compared to during regular business hours), and the like (when a request for data is made based on the time the access is not approved, but the request is routed to the administrator);
receive an authorization indication from the data exchange administrator account approving the request to access the data exchange; and grant the user access to the data exchange (Paragraph [0250] Once a re-authentication procedure is triggered, if the user's authentication level matches or exceeds the authentication level associated with the content to be accessed, the dynamic access authorization facility 267 may allow access to that content. If the user's authentication level is below that associated with the content, then access may be denied, or a further authentication challenge may be presented to the user).

Regarding dependent claim 17, Ford et al, McCarthy et al and Stone et al teach, the system of claim 16. 
Ford et al further teaches, wherein to grant the user access to the data exchange, the processing device to enable the user to view and run queries against data referenced by a first data listing but not against a second data listing (Paragraph [0224] a Johns Hopkins doctor may be in drug trials with two different pharmaceutical companies, and if the doctor accesses through the channel of the Company A's website (referencing a particular company), then they only see Company A's information).

Regarding dependent claim 18, Ford et al, McCarthy et al and Stone et al teach, the system of claim 10. 
Ford et al further teaches, wherein the data exchange is manageable by the cloud computing service and is displayable within an online resource associated with the entity, wherein the online resource is one of an online web domain or an interconnected network application  (Paragraph [0075], [0085] Connections may be provided, either through various interfaces and APIs, or through bindings, to outside storage, such as to cloud data storage 118 resources (including public and private clouds), and to more general resources, such as accessible through search engines 116).

Regarding independent claim 19, Ford; Christopher Todd ( US 20170041296 A1) teaches, a non-transitory computer-readable medium having instructions stored thereon that, when executed by a processing device, cause processing device (Paragraph [0696]) to: provide a data exchange by a cloud computing service on behalf of an entity, the data exchange comprising a plurality of data listings provided by one or more data providers, each data listing referencing one or more data sets stored in a data storage platform associated with the cloud computing service (Fig. 1A Paragraph [0106] the secure exchange server may utilize a secure cloud architecture with meshed data centers, various enterprise clouds, private clouds, hosted clouds, and the like.  Enterprises working in association with the secure exchange server may have their enterprise clouds linked to a secure cloud associated with the secure exchange server);
set access control rules for one or more of the plurality of data listings, wherein access control rules for a data listing comprise… to view data underlying the data listing and a list of consumers that may access and manipulate the data underlying the data listing; and grant or deny requests from data providers to publish data listings on the data exchange (Paragraph [0071] In embodiments, the exchange may provide one or more secure sites for placing documents and messages to be transmitted over a secure virtual network and may allow authorized users to read or edit messages according to their level of authorization. Any documents that are edited may be immediately available on the system so that other persons involved in the exchange have access to the edited or modified documents immediately. In addition, the exchange may provide tracking of each document to allow selected users to see who has had access to the messages and documents and who has modified or edited any of the documents. Content and communications shared amongst a group may be included in a work stream, where the work stream may be focused on or associated with a particular topic, task, project, event, and the like. Content and communications may also be presented to users based on activity, thus creating an activity stream that shows users what is active, such as in a work stream, within a group of work steams, and the like. In this way, the activity-based work stream provides a location were a user might go to see what is active in one or more work streams, exchanges, and the like);
Ford et al fails to explicitly teach, designate, by the processing device, a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity and is to: 7Application No.16/746,673 set viewing rules for one or more of the plurality of data listings, wherein viewing rules for a data listing comprise a list of consumers that may view an indicator of the data listing indicating that the data listing is available to the list of consumers; …a list of consumers  that may select the indicator of the data listing … ; grant and deny requests from data providers to publish data listings on the data exchange; and in response to a data consumer that has been granted access to the data exchange adding to a user record of the data consumer one or more of the plurality of data listings, providing to the data consumer access to the data sets referenced by the one or more data listings without copying the data sets.
McCarthy; Kevin L (US 20150163206 A1) teaches, designate, by the processing device, a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity and is to: 7Application No.16/746,673 set viewing rules for one or more of the plurality of data listings, wherein viewing rules for a data listing comprise a list of consumers that may view an indicator of the data listing indicating that the data listing is available to the list of consumers; …a list of consumers  that may select the indicator of the data listing …(Paragraph [0117] a permissions ‘view-as’ facility may be provided during staging of permissions for an exchange. For example, as a user is establishing permissions for an exchange, a project, a work stream, or the like, a user may initiate the “view-as” permissioning feature, such as by drop down menu selection, clicking on an icon, or the like, which may include a menu or data entry capability (e.g., a text field, box or the like) for selecting another user or category of user for which the permissioning user wishes to simulate viewing. Upon initiation of the “view as” capability and selecting the user or category of user to be simulated by the permissioning user (i.e., list of consumers satisfying the viewing rules based on permissions set and selecting the data listing), the system may display an exchange, a work stream, a dashboard, a project, a store, or a particular content item to the permissioning user as if the permissioning user were the other user selected by the permissioning user or as if the permissioning user is a member of the selected category of user); 
and in response to a data consumer that has been granted access to the data exchange adding to a user record of the data consumer one or more of the plurality of data listings, providing to the data consumer access to the data sets referenced by the one or more data listings without copying the data sets (Paragraph [0025] teaches, receiving from at least one user of the third business entity an indication of permission for the user of the second business entity to access the computer data content (i.e., based on the access/permission granted to the data listing); by the secure exchange server, permitting access to the computer data content to the user of the second business entity through an exchange content access facility, wherein the exchange content access facility is hosted by the intermediate business entity; by the secure exchange server, granting access to the computer data content to the user of the second business entity; and providing, by the secure exchange server, at least one of: a secure cloud architecture with meshed data centers and various enterprise clouds. [00260 teaches, a customizable secure data exchange environment system may comprise: a server-based secure data exchange system for secure sharing of content between a first client device accessed by a user associated with a first organizational entity and a second client device accessed by a user associated with a second organizational entity, wherein the content has shared relevance with the first organizational entity and the second organizational entity, the secure data exchange system comprising a data management facility managed by a third organizational entity and adapted to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes, wherein the first organizational entity is granted permissioned control of a first data storage node by the third organizational entity, wherein content is shared between the first client device and the second client device through the first data storage node, wherein the data management facility manages secure data exchange of the content through the first data storage node, the content being comprised of data content and metadata, and wherein the data management facility has access to the metadata of the content for managing sharing of the content via the first data storage node, but the data management facility does not have access to the shared content; wherein the data management facility is distributed into a plurality of data management sites to enable management of the plurality of data storage nodes, wherein the plurality of data storage nodes are located at network locations separate from the data management facility and specified by the plurality of organizational entities. In embodiments, each of the plurality of data storage nodes may be controlled by a separate organizational entity (i.e., the user is directed to access the data/content referenced by the data listing/metadata listing without copying the actual data).
Therefore it would have been obvious to one of the ordinarily skilled in the art at the time of the filing of the invention to have modified the teachings of Ford et al and is related to networked secure content, and more particularly to sharing, viewing, and collaboration of networked secure content between entities as taught by McCarthy (Paragraph [0002]).
It would have been obvious to one of the ordinary skill in the art, to provide systems and for users to utilize the systems in such a way that does not force them to adopt new infrastructure, software, and business and personal processes in their daily workflow in order to achieve a shared and potentially secure extended work environment and to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes and can securely share content between entities or companies as taught by McCarthy (Paragraph [0003]- [0005]).
Ford et al and McCarthy et al fails to explicitly teach, grant and deny requests from data providers to publish data listings on the data exchange.
Stone; Darrel (US 20100280959 A1) also teach, designating a data exchange administrator account of the data exchange, wherein the data exchange administrator account is associated with the entity … (Paragraph [0019] The group component 140 manages groups that providers may join. For example, a group may exist for registered contractors, plumbers, eco-friendly contractors, and so on); 
Stone et al further teaches, grant and deny requests from data providers to publish data listings on the data exchange (Paragraph [0019] The system tracks a group administrator for each group that can determine the membership of the group (e.g., by accepting or denying requests to join the group and publish data) and set criteria for membership in the group (i.e., designating an administrator for each entity/provider associated with that group in a data sharing environment)).
Therefore it would have been obvious to one of the ordinarily skilled in the art at the time of the filing of the invention to have modified the teachings of Ford et al and McCarthy et al and provides a real-time sourcing system that is described herein that matches consumers with service requests to providers that perform the requested services. In addition, the system automates communication between consumers and providers. The real-time sourcing system provides automated and integrated end-to-end management of a transaction. The system receives a request from a consumer that describes a particular service needed by the consumer, and sends notifications to registered providers based on the requested service. The system receives an offer from one or more notified providers that indicates terms under which the provider would perform the requested service, and sends offers that match the consumer's criteria to the consumer for evaluation. The system receives an acceptance of an offer from the consumer. Thus, the real-time sourcing system reduces the time involved with finding providers to perform services, and provides consumers with more relevant selections of providers to perform services as taught by Stone et al (Abstract). 
It would have been obvious to one of the ordinary skill in the art, to provide a real-time sourcing system that is described herein that matches consumers with service requests to providers that perform the requested services. In addition, the system automates communication between consumers and providers. The real-time sourcing system provides automated and integrated end-to-end management of a transaction. The system receives a request from a consumer that describes a particular service needed by the consumer, and sends notifications to registered providers based on the requested service. The system receives an offer from one or more notified providers that indicates terms under which the provider would perform the requested service, and sends offers that match the consumer's criteria to the consumer for evaluation. The system receives an acceptance of an offer from the consumer. Thus, the real-time sourcing system reduces the time involved with finding providers to perform services, and provides consumers with more relevant selections of providers to perform services as taught by Stone et al (Abstract). 

Regarding dependent claim 20, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 19. 
Ford et al further teaches, wherein the instructions further cause the processing device to: receive a request from one of the one or more data providers to publish a data listing on the data exchange; route the request to the data exchange administrator account (Fig. 35 Paragraph [0341], [0344] Each time a protected content item is opened on a client device (to update/modify/publish the data), corresponding access policies are requested from a corresponding DRM engine. The DRM engine forwards/routed the request to a content protection server. The content protection server retrieves the access policies from the rights issuer, and provides the retrieved access policies to the DRM engine in a format readable by the DRM engine. Also see [0346]-348];
receive an authorization indication from the data exchange administrator account approving the request to publish the data listing; and publish the data listing on the data exchange (Paragraph [0362] According to example implementation, the content protection server 150B sends a publishing license identification (ID) and information indicative of existence access policies (authorization indication) associated with the content item to the DRM engine for registering the content item (publishing the data). At 230B, the encrypted content item 185B is sent to the content sharing application 110B to share with to the one or more user devices 180B for consumption).

Regarding dependent claim 21, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 20. 
Ford et al further teaches, where in to publish the data listing, the processing device to enable at least one data consumer to view the data listing within the data exchange (Paragraph [0077] when the external user (data consumer) accesses the secure exchange system, the secure exchange system may recognize the user and associate the user with a particular one of the companies A and B. Also see [0087], [0109] a user may have access to data in various parts of the on enterprise premises system 110, such access being managed by the secure exchange system 102 and/or the orchestration services 165 in various embodiments, such as to confirm the identity of the user of a user device 120, to confirm the authorization of the user and device to access particular data).

Regarding dependent claim 22, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 19. 
Ford et al further teaches, where in the entity is one of the one or more data providers (Paragraph [0078], [0092] The secure exchange system may be organized as a customizable hybrid system to accommodate the needs of organizational entities. In embodiments, data stored by the plurality of organizational entities may be at least in part centrally stored, stored at least in part in distributed locations, stored at least in part on the premises of the organizational entity, and the like (entity is data provider)).

Regarding dependent claim 23, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 19. 
Ford et al further teaches, wherein to access data underlying a data listing, the processing device is to run queries on the one or more data sets referenced by the data listing (Paragraph [0089] when a user enters a search query to search for items in various content nodes to which the user has access, such as to search for a specific text string, the search location service 176 may operate to identify the relevant content nodes to which the user has access and to distribute the search query to each relevant node separately. The query may then be run locally on each of those nodes. The search results from each content node may then be sent back to the user's computing device, and collated, such as by a collating module running on the user's browser, to present a single set of search results to the user. In this manner, the content on each content node remains secure and localized, and is not shared among various content nodes, or shared with an intermediate business entity operating the orchestration services 165 or providing other services to the user).

Regarding dependent claim 24, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 19. 
Stone et al further teaches, wherein, the processing device is further to add a new account to the data exchange and set a type of the new 9Application No.16/746,673 account to one of a data consumer, data provider, or exchange administrator (Paragraph [0013] The profile component 110 manages user accounts for consumers and providers that register to use the system 100. When a user initially registers as a member of the system, the profile component 110 collects certain information from the user, such as an email address, demographic information, a default location (e.g., home address), a mobile number, and so forth. For example, the component 110 may collect references to other profiles of the user, such as a Twitter, Linkedln, Facebook, or other account with which the system may provide integration for communication, information gathering, and other actions. The profile component 110 may also track a subscription status that indicates whether the member has paid for access to certain upgraded services (e.g., increased priority of postings). In addition, the profile component 110 tracks a reputation score for each member and initializes the score during member registration. The system may provide a verification process to allow members to verify their identity and other profile information by supplying authentication information (e.g., a credit card, responding to a phone message, and so forth). The profile component 110 modifies the score later based on feedback that the component 110 receives from other members resulting from transactions with the member. A particular member may register as a consumer, provider, or both. [0019] The group component 140 manages groups that providers may join (i.e., the administrator can add a new account and set a type as provider or consumer). For example, a group may exist for registered contractors, plumbers, eco-friendly contractors, and so on. The system tracks a group administrator for each group that can determine the membership of the group (e.g., by accepting or denying requests to join the group) and set criteria for membership in the group).

Regarding dependent claim 25, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 19. 
Ford et al further teaches, where in the instructions further cause the processing device to: receive a request from a user to access the data exchange, wherein the user has not been previously approved to access the data exchange; route the request to the data exchange administrator account (Paragraph [0251] trigger events for an examination or reexamination of a user's authentication level may include such as a determination is made that a user changed geographic location (e.g., based on corresponding GPS location, network IP address, or the like) where, a triggering event for additional authentication for a user may include an administrator policy implemented change in access due to an administrator-sensed event (e.g., an administrator may determine that an attack is actually or potentially underway and opt to increase security for all users temporarily) or an automatic policy implemented change in access due to an automation-sensed event (e.g., an automated system may determine that an attack is actually or potentially underway and automatically opt to increase security for all users temporarily), based on time of day (e.g., outside of business hours may require an increased level or frequency of authorization as compared to during regular business hours), and the like (when a request for data is made based on the time the access is not approved, but the request is routed to the administrator);
receive an authorization indication from the data exchange administrator account approving the request to access the data exchange; and granting the user access to the data exchange (Paragraph [0250] Once a re-authentication procedure is triggered, if the user's authentication level matches or exceeds the authentication level associated with the content to be accessed, the dynamic access authorization facility 267 may allow access to that content. If the user's authentication level is below that associated with the content, then access may be denied, or a further authentication challenge may be presented to the user).
 
Regarding dependent claim 26, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 25. 
Ford et al further teaches, wherein to grant the user access to the data exchange, the processing device to enable the user to view and run queries against data referenced by a first data listing but not against a second data listing (Paragraph [0224] a Johns Hopkins doctor may be in drug trials with two different pharmaceutical companies, and if the doctor accesses through the channel of the Company A's website (referencing a particular company), then they only see Company A's information).

Regarding dependent claim 27, Ford et al, McCarthy et al and Stone et al teach, the non-transitory computer readable storage medium of claim of claim 19. 
Ford et al further teaches, wherein the data exchange is manageable by the cloud computing service and is displayable within an on line resource associated with the entity, wherein the online resource is one of an online web domain or an interconnected network application (Paragraph [0075], [0085] Connections may be provided, either through various interfaces and APIs, or through bindings, to outside storage, such as to cloud data storage 118 resources (including public and private clouds), and to more general resources, such as accessible through search engines 116).


Conclusion
Applicant’s amendment necessitated the rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN RAJAPUTRA whose telephone number is (571) 272-4669. The examiner can normally be reached between 8:00 AM - 5:00 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas (571) 272-0631 can be reached. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/S. R./ 
Examiner, Art Unit 2164

/ASHISH THOMAS/Supervisory Patent Examiner, Art Unit 2164