Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION

1.	The pending claims 1-28 are presented for examination.

Specification
2.	The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Amended claims 1 and 6 recite the limitations “a corresponding tokenized informational object”. The limitations is not clear defined in the Applicant’s specification. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

The following is a quotation of the first paragraph of 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.


3.	Claims 1-14 are rejected under 35 U.S.C. 112, first paragraph, as containing subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the time the application was filed, had possession of the claimed invention. 
The original disclosure does not contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art that it pertains the limitation “a corresponding tokenized informational object”. The new limitation “a corresponding tokenized informational object” in the claims 1 and 6 are considered to be new matter. 
Dependent claims are rejected for inheriting the deficiencies of the base claims.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

4.		Claims 1-14 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Claims 1 and 6 recite the limitation “a corresponding tokenized informational object”. It is unclear what is “a corresponding tokenized informational object” since there is no definition of the limitation in the applicant’s specification.
Dependent claims are rejected for inheriting the deficiencies of the base claims.

Double Patenting
5	Claims 1, 6, 15 and 20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of Holcombe et al (US Patent 9690765 B2, hereinafter “Holcombe”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because the inventions are obvious variants. 
	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed  determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claim Rejections - 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

7.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
8.	Claims 1-3 and 6-10 are rejected under 35 U.S.C. 103(a) as being obvious by Freeman et al (U.S. 6308266 B1 hereinafter, “Freeman”) in view of Hsiao et al (U.S. 6564215 B1 hereinafter, “Hsiao”).
9.	With respect to claim 1,
Freeman discloses a method for maintaining data for use by authoring and accessing members to track uniquely identified products and informational objects, comprising:
enabling an authorized authoring member to create data comprising a draft informational object, which uniquely identifies a product for tracking purposes;
authenticating the draft informational object, which uniquely identifies the product for tracking purposes, created by the authorized authoring member (Freeman col. 2 line 19 – col. 3 line 7 e.g.(12)   To enable the stronger cryptography with the product, the user must first obtain a certificate that contains the capabilities to expose the stronger cryptography in the product.  The certificate is issued to the user from a certifying authority.  The certifying authority, in turn, obtains the enabling capabilities from the product provider.  The process of requesting and receiving the certificate enables the product provider to ensure that the certifying authority, and ultimately the user, is legally able to employ the stronger cryptography in the product. (13)   According to one implementation, the certifying authority submits a request to the product provider for higher strength cryptography.  The request contains an identity certificate that uniquely identifies the certifying authority.  The product provider authenticates the identity certificate and verifies whether the certifying authority can use higher strength cryptography.  The product provider may evaluate such policy considerations as where the certifying authority resides, to whom the certifying authority intends to issue certificate, and the purpose for which the enhanced strength product is to be used.  If the policy considerations are met, the product provider creates a token that contains the capabilities to enable the higher strength cryptography within the product.  The token should have a means of verifying the integrity of the token such as a digital signature to ensure that any attempt to alter the token can be detected.  The token also contains a hash digest of the identity certificate, thereby binding the certifying authority to the enabling token. (14)   When the user desires higher strength cryptography, the user submits a request to the certifying authority for the higher strength cryptography.  The request contains the user's public key.  The certifying authority authenticates the user and determines whether the user can use the higher strength cryptography.  The certifying authority may have its own set of policy considerations such as where the user is located, the purpose for using the higher strength cryptography, and so on.  If the policy parameters are satisfied, the certifying authority creates a certificate that contains the certifying authority identity and the signed token issued by the product provider.  The certifying authority returns the certificate with the signed token to the user, where it is stored locally on the user's computer. (15)   When the user desires the extra strength cryptography from the product, the certificate containing the signed token is passed into the product.  The cryptographic product evaluates the certificate and signed token in several ways.  First, the product verifies that the certificate is truly from the certifying authority.  Second, the product verifies that the signed token is truly from the product provider.  Third, the product ensures that the signed token contains the hash digest of the certifying authority, thereby linking the certifying authority with the product provider.  Fourth, the product determines whether the certificate or signed token has expired.  Fifth, the product determines whether the certificate or token has been revoked [as
enabling an authorized authoring member to create data comprising a draft informational object (e.g. certificate), which uniquely identifies a product for tracking purposes;
authenticating the draft informational object, which uniquely identifies the product for tracking purposes, created by the authorized authoring member]);
converting authenticated informational object created by the authorized authoring member to a corresponding tokenized informational object which is identified by a unique identifier for tracking the tokenized informational object;
writing the created tokenized informational object into a memory for use by independent authorized accessing members (Freeman col. 6 line 56 – col. 7 line 3 e.g. (27)   At step 120 in FIG. 4, the cryptographic product provider 22 creates the cryptographic-based product with varying grades of cryptographic functionality.  The product is configured to expose exportable-strength cryptography functionality.  Higher strength cryptography is also implemented in the product, but securely hidden within the product.  The higher strength cryptography can be exposed only through capabilities granted by the cryptographic product provider 22.  These capabilities might be implemented, for example, as a digital key used to unlock a signing algorithm to permit access to the higher strength cryptography.  The first step 120 is optional (and hence illustrated as a dashed box) in that it assumes the product provider 22 is also the manufacturer.  In situations where the product provider is not the manufacturer, step 120 may be omitted [as
converting authenticated informational object created by the authorized authoring member to a corresponding tokenized informational object (e.g. token - capabilities) which is identified by a unique identifier for tracking the tokenized informational object;
writing the created tokenized informational object into a memory for use by independent authorized accessing members]);
enabling, in response to receipt of offer data from the authorized authoring member, an independent member identified in the offer data to
access a copy of the tokenized informational object to an extent and for a duration defined by permissions set by the authorized authoring member in the offer data (Freeman col. 10 lines 51-58 e.g. The product provider occasionally publishes the CRL with all token IDs that have been revoked (e.g., once a day or once a week).  The token is considered valid if it is within its validity period and its serial number has not been published on the currently valid CRL).
Although Freeman substantially teaches the claimed invention, Freeman does not explicitly indicate revise data contained in the copy of the tokenized informational object to the extent and for the duration defined by the permissions.
Hsiao teaches the limitations by stating
access a copy of the tokenized informational object to an extent and for a duration defined by permissions set by the authorized authoring member in the offer data; and
revise data contained in the copy of the tokenized informational object to the extent and for the duration defined by the permissions (see Hsiao, Col. 3, lines 23-39, col. 4 lines 3-31, (15) In another aspect of the invention, the external data object is accessed by first setting write permission of the object to the database management system, which thereafter controls access to the data object.  A user update request, when granted by the DBMS, will receive a write token that gives the user permission to update the file in-place.  The permission is revoked when the user has completed the update operation or when a pre-determined time period has expired; In accordance with the invention, a computer program application 114 at the client node 113 updates a data object 109 stored at one of the file sites 106, 108 by directly accessing and updating the data object in the external store through a file system application program interface (API) 116 at each respective file site without first making a copy of the data object).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Hsiao’s teaching would have allowed Freeman to provide provide an improved technique for supplying cryptographically enhanced products throughout the world (Freeman col. 2 lines 1-3).
10.	With respect to claim 2,
	Hsiao further discloses relating the copy of the tokenized informational object, containing the revised data, to the tokenized informational object (see Hsiao, Col. 3, lines 23-39, col. 4 lines 3-31, (15) In another aspect of the invention, the external data object is accessed by first setting write permission of the object to the database management system, which thereafter controls access to the data object.  A user update request, when granted by the DBMS, will receive a write token that gives the user permission to update the file in-place.  The permission is revoked when the user has completed the update operation or when a pre-determined time period has expired; In accordance with the invention, a computer program application 114 at the client node 113 updates a data object 109 stored at one of the file sites 106, 108 by directly accessing and updating the data object in the external store through a file system application program interface (API) 116 at each respective file site without first making a copy of the data object).
11.	With respect to claim 3,
	Hsiao further disclose blocking access to the copy of the tokenized informational object upon expiry of the duration defined by the offer data (see Hsiao, Col. 3, lines 23-39, col. 4 lines 3-31, (15) In another aspect of the invention, the external data object is accessed by first setting write permission of the object to the database management system, which thereafter controls access to the data object.  A user update request, when granted by the DBMS, will receive a write token that gives the user permission to update the file in-place.  The permission is revoked when the user has completed the update operation or when a pre-determined time period has expired; In accordance with the invention, a computer program application 114 at the client node 113 updates a data object 109 stored at one of the file sites 106, 108 by directly accessing and updating the data object in the external store through a file system application program interface (API) 116 at each respective file site without first making a copy of the data object).
12.	With respect to claim 6,
	Hsiao further discloses access and change the tokenized informational object to an extent and for a duration defined by permissions set by the authorized authoring member in the offer data (see Hsiao, Col. 3, lines 23-39, col. 4 lines 3-31, (15) In another aspect of the invention, the external data object is accessed by first setting write permission of the object to the database management system, which thereafter controls access to the data object.  A user update request, when granted by the DBMS, will receive a write token that gives the user permission to update the file in-place.  The permission is revoked when the user has completed the update operation or when a pre-determined time period has expired; In accordance with the invention, a computer program application 114 at the client node 113 updates a data object 109 stored at one of the file sites 106, 108 by directly accessing and updating the data object in the external store through a file system application program interface (API) 116 at each respective file site without first making a copy of the data object).
13.	With respect to claim 7,
	Freeman further discloses creating a copy of the tokenized informational object (Freeman col. 6 line 56 – col. 7 line 3).
14.	With respect to claim 8,
	Hsiao further discloses enabling an identified independent member to revise data contained in the copy of the tokenized informational object to the extent and for the duration defined by the permissions (see Hsiao, Col. 3, lines 23-39, col. 4 lines 3-31, (15) In another aspect of the invention, the external data object is accessed by first setting write permission of the object to the database management system, which thereafter controls access to the data object.  A user update request, when granted by the DBMS, will receive a write token that gives the user permission to update the file in-place.  The permission is revoked when the user has completed the update operation or when a pre-determined time period has expired; In accordance with the invention, a computer program application 114 at the client node 113 updates a data object 109 stored at one of the file sites 106, 108 by directly accessing and updating the data object in the external store through a file system application program interface (API) 116 at each respective file site without first making a copy of the data object).
15.	Claims 9-10 are same as claims 2-3 and are rejected for the same reasons as applied hereinabove.

16.	Claims 1-4 and 6-11 are rejected under 35 U.S.C. 103(a) as being obvious by Freeman in view of Steele et al (U.S. 20060179003 A1 hereinafter, “Steele”).
17.	With respect to claim 1,
Freeman discloses a method for maintaining data for use by authoring and accessing members to track uniquely identified products and informational objects, comprising:
enabling an authorized authoring member to create data comprising a draft informational object, which uniquely identifies a product for tracking purposes;
authenticating the draft informational object, which uniquely identifies the product for tracking purposes, created by the authorized authoring member (Freeman col. 2 line 19 – col. 3 line 7 e.g.(12)   To enable the stronger cryptography with the product, the user must first obtain a certificate that contains the capabilities to expose the stronger cryptography in the product.  The certificate is issued to the user from a certifying authority.  The certifying authority, in turn, obtains the enabling capabilities from the product provider.  The process of requesting and receiving the certificate enables the product provider to ensure that the certifying authority, and ultimately the user, is legally able to employ the stronger cryptography in the product. (13)   According to one implementation, the certifying authority submits a request to the product provider for higher strength cryptography.  The request contains an identity certificate that uniquely identifies the certifying authority.  The product provider authenticates the identity certificate and verifies whether the certifying authority can use higher strength cryptography.  The product provider may evaluate such policy considerations as where the certifying authority resides, to whom the certifying authority intends to issue certificate, and the purpose for which the enhanced strength product is to be used.  If the policy considerations are met, the product provider creates a token that contains the capabilities to enable the higher strength cryptography within the product.  The token should have a means of verifying the integrity of the token such as a digital signature to ensure that any attempt to alter the token can be detected.  The token also contains a hash digest of the identity certificate, thereby binding the certifying authority to the enabling token. (14)   When the user desires higher strength cryptography, the user submits a request to the certifying authority for the higher strength cryptography.  The request contains the user's public key.  The certifying authority authenticates the user and determines whether the user can use the higher strength cryptography.  The certifying authority may have its own set of policy considerations such as where the user is located, the purpose for using the higher strength cryptography, and so on.  If the policy parameters are satisfied, the certifying authority creates a certificate that contains the certifying authority identity and the signed token issued by the product provider.  The certifying authority returns the certificate with the signed token to the user, where it is stored locally on the user's computer. (15)   When the user desires the extra strength cryptography from the product, the certificate containing the signed token is passed into the product.  The cryptographic product evaluates the certificate and signed token in several ways.  First, the product verifies that the certificate is truly from the certifying authority.  Second, the product verifies that the signed token is truly from the product provider.  Third, the product ensures that the signed token contains the hash digest of the certifying authority, thereby linking the certifying authority with the product provider.  Fourth, the product determines whether the certificate or signed token has expired.  Fifth, the product determines whether the certificate or token has been revoked [as
enabling an authorized authoring member to create data comprising a draft informational object (e.g. certificate), which uniquely identifies a product for tracking purposes;
authenticating the draft informational object, which uniquely identifies the product for tracking purposes, created by the authorized authoring member]);
converting authenticated informational object created by the authorized authoring member to a corresponding tokenized informational object which is identified by a unique identifier for tracking the tokenized informational object;
writing the created tokenized informational object into a memory for use by independent authorized accessing members (Freeman col. 6 line 56 – col. 7 line 3 e.g. (27)   At step 120 in FIG. 4, the cryptographic product provider 22 creates the cryptographic-based product with varying grades of cryptographic functionality.  The product is configured to expose exportable-strength cryptography functionality.  Higher strength cryptography is also implemented in the product, but securely hidden within the product.  The higher strength cryptography can be exposed only through capabilities granted by the cryptographic product provider 22.  These capabilities might be implemented, for example, as a digital key used to unlock a signing algorithm to permit access to the higher strength cryptography.  The first step 120 is optional (and hence illustrated as a dashed box) in that it assumes the product provider 22 is also the manufacturer.  In situations where the product provider is not the manufacturer, step 120 may be omitted [as
converting authenticated informational object created by the authorized authoring member to a corresponding tokenized informational object (e.g. token - capabilities) which is identified by a unique identifier for tracking the tokenized informational object;
writing the created tokenized informational object into a memory for use by independent authorized accessing members]);
enabling, in response to receipt of offer data from the authorized authoring member, an independent member identified in the offer data to
access a copy of the tokenized informational object to an extent and for a duration defined by permissions set by the authorized authoring member in the offer data (Freeman col. 10 lines 51-58 e.g. The product provider occasionally publishes the CRL with all token IDs that have been revoked (e.g., once a day or once a week).  The token is considered valid if it is within its validity period and its serial number has not been published on the currently valid CRL).
Although Freeman substantially teaches the claimed invention, Freeman does not explicitly indicate revise data contained in the copy of the tokenized informational object to the extent and for the duration defined by the permissions.
Steele teaches the limitations by stating
access a copy of the tokenized informational object to an extent and for a duration defined by permissions set by the authorized authoring member in the offer data; and
revise data contained in the copy of the tokenized informational object to the extent and for the duration defined by the permissions (Steele 003 [0050] – [0057] e.g. [0050] In addition, in various embodiments, the client device 104 may transmit a request for a ticket, or a request that a ticket be provided to a vendor server 114.  The term "ticket" in the present context generally refers to a temporary authorization.  (also referred to as an authorization code or authorization identifier) for at least partial access to a consumer's information account 110. [0052] The ticket authentication module 120 may further compare the ticket information against data in the ticket authentication table 122 in order to determine, for example, whether the ticket is being used by the authorized party during a valid time period and/or for an authorized purpose, and whether the ticket has expired.  The ticket authentication module 120 may also use the ticket authentication table 122 to determine the access privileges (read, write and/or modify) associated with the ticket. [0054] The use of tickets allows a consumer to provide select third parties with access to the consumer's information account 110, on terms specified by the consumer.  Thus, the consumer is able to delegate certain responsibilities for managing and/or accessing the data stored in the information account 110.  The use of tickets in conjunction with an on-line central data repository 102 relieves the consumer from the burden of having to carry, deliver and/or manage paper files in order to conduct personal and business affairs.  Instead, the consumer may simply authorize a third party to access the information account 110 and retrieve, insert and/or modify any necessary information on behalf of the consumer. [0055] For example, the consumer may issue to his doctor a ticket that provides the doctor with access to the consumer's medical-related information stored within the information account 110.  The doctor's ticket may carry read-only privileges or may allow the doctor to add new medical information to or modify existing medical information within the information account 110.  The consumer may issue multiple tickets to multiple third parties (e.g., doctors, etc.) Each ticket may provide access to the same or different information and carry the same or different privileges.  Also, the consumer may issue the same ticket to multiple third parties in another example, the consumer may provide his trusted agent or representative (e.g., manager or attorney) with a ticket that authorizes full access to the information account 110 for an unspecified duration (i.e., until revoked by the consumer).  As may be seen the present invention allows the consumer to control the types, amounts and recipients of information stored in a central on-line data repository.  For clarity, it should be appreciated that the "ticket" provided to a third-party may refer to a unique authorization identifier or code, while the attributes associated with the ticket are stored separately therefrom, such as in the ticket authentication table 122 [as
revise (e.g. write; modify) data contained in the copy of the tokenized informational object to the extent and for the duration (e.g. during a valid time period; duration) defined by the permissions (e.g. authorization)]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Steele’s teaching would have allowed Freeman to provide provide an improved technique for supplying cryptographically enhanced products throughout the world (Freeman col. 2 lines 1-3).
18.	With respect to claim 2,
Steele further discloses relating the copy of the tokenized informational object, containing the revised data, to the tokenized informational object (Steele 003 [0050] – [0057] e.g. [0050] In addition, in various embodiments, the client device 104 may transmit a request for a ticket, or a request that a ticket be provided to a vendor server 114.  The term "ticket" in the present context generally refers to a temporary authorization.  (also referred to as an authorization code or authorization identifier) for at least partial access to a consumer's information account 110. [0052] The ticket authentication module 120 may further compare the ticket information against data in the ticket authentication table 122 in order to determine, for example, whether the ticket is being used by the authorized party during a valid time period and/or for an authorized purpose, and whether the ticket has expired.  The ticket authentication module 120 may also use the ticket authentication table 122 to determine the access privileges (read, write and/or modify) associated with the ticket. [0054] The use of tickets allows a consumer to provide select third parties with access to the consumer's information account 110, on terms specified by the consumer.  Thus, the consumer is able to delegate certain responsibilities for managing and/or accessing the data stored in the information account 110.  The use of tickets in conjunction with an on-line central data repository 102 relieves the consumer from the burden of having to carry, deliver and/or manage paper files in order to conduct personal and business affairs.  Instead, the consumer may simply authorize a third party to access the information account 110 and retrieve, insert and/or modify any necessary information on behalf of the consumer. [0055] For example, the consumer may issue to his doctor a ticket that provides the doctor with access to the consumer's medical-related information stored within the information account 110.  The doctor's ticket may carry read-only privileges or may allow the doctor to add new medical information to or modify existing medical information within the information account 110.  The consumer may issue multiple tickets to multiple third parties (e.g., doctors, etc.) Each ticket may provide access to the same or different information and carry the same or different privileges.  Also, the consumer may issue the same ticket to multiple third parties in another example, the consumer may provide his trusted agent or representative (e.g., manager or attorney) with a ticket that authorizes full access to the information account 110 for an unspecified duration (i.e., until revoked by the consumer).  As may be seen the present invention allows the consumer to control the types, amounts and recipients of information stored in a central on-line data repository.  For clarity, it should be appreciated that the "ticket" provided to a third-party may refer to a unique authorization identifier or code, while the attributes associated with the ticket are stored separately therefrom, such as in the ticket authentication table 122).
19.	With respect to claim 3,
	Steele further discloses blocking access to the copy of the tokenized informational object upon expiry of the duration defined by the offer data (Steele 003 [0050] – [0057] e.g. [0050] In addition, in various embodiments, the client device 104 may transmit a request for a ticket, or a request that a ticket be provided to a vendor server 114.  The term "ticket" in the present context generally refers to a temporary authorization.  (also referred to as an authorization code or authorization identifier) for at least partial access to a consumer's information account 110. [0052] The ticket authentication module 120 may further compare the ticket information against data in the ticket authentication table 122 in order to determine, for example, whether the ticket is being used by the authorized party during a valid time period and/or for an authorized purpose, and whether the ticket has expired.  The ticket authentication module 120 may also use the ticket authentication table 122 to determine the access privileges (read, write and/or modify) associated with the ticket. [0054] The use of tickets allows a consumer to provide select third parties with access to the consumer's information account 110, on terms specified by the consumer.  Thus, the consumer is able to delegate certain responsibilities for managing and/or accessing the data stored in the information account 110.  The use of tickets in conjunction with an on-line central data repository 102 relieves the consumer from the burden of having to carry, deliver and/or manage paper files in order to conduct personal and business affairs.  Instead, the consumer may simply authorize a third party to access the information account 110 and retrieve, insert and/or modify any necessary information on behalf of the consumer. [0055] For example, the consumer may issue to his doctor a ticket that provides the doctor with access to the consumer's medical-related information stored within the information account 110.  The doctor's ticket may carry read-only privileges or may allow the doctor to add new medical information to or modify existing medical information within the information account 110.  The consumer may issue multiple tickets to multiple third parties (e.g., doctors, etc.) Each ticket may provide access to the same or different information and carry the same or different privileges.  Also, the consumer may issue the same ticket to multiple third parties in another example, the consumer may provide his trusted agent or representative (e.g., manager or attorney) with a ticket that authorizes full access to the information account 110 for an unspecified duration (i.e., until revoked by the consumer).  As may be seen the present invention allows the consumer to control the types, amounts and recipients of information stored in a central on-line data repository.  For clarity, it should be appreciated that the "ticket" provided to a third-party may refer to a unique authorization identifier or code, while the attributes associated with the ticket are stored separately therefrom, such as in the ticket authentication table 122).
20.	With respect to claim 4,
Steele further discloses associating the unique identifier assigned to the created tokenized informational object with the unique identifiers that correspond to a selected set of a plurality of data elements (Steele Fig. 12).
21.	With respect to claim 6,
	Steele further discloses access and change the tokenized informational object to an extent and for a duration defined by permissions set by the authorized authoring member in the offer data (Steele 003 [0050] – [0057] e.g. [0050] In addition, in various embodiments, the client device 104 may transmit a request for a ticket, or a request that a ticket be provided to a vendor server 114.  The term "ticket" in the present context generally refers to a temporary authorization.  (also referred to as an authorization code or authorization identifier) for at least partial access to a consumer's information account 110. [0052] The ticket authentication module 120 may further compare the ticket information against data in the ticket authentication table 122 in order to determine, for example, whether the ticket is being used by the authorized party during a valid time period and/or for an authorized purpose, and whether the ticket has expired.  The ticket authentication module 120 may also use the ticket authentication table 122 to determine the access privileges (read, write and/or modify) associated with the ticket. [0054] The use of tickets allows a consumer to provide select third parties with access to the consumer's information account 110, on terms specified by the consumer.  Thus, the consumer is able to delegate certain responsibilities for managing and/or accessing the data stored in the information account 110.  The use of tickets in conjunction with an on-line central data repository 102 relieves the consumer from the burden of having to carry, deliver and/or manage paper files in order to conduct personal and business affairs.  Instead, the consumer may simply authorize a third party to access the information account 110 and retrieve, insert and/or modify any necessary information on behalf of the consumer. [0055] For example, the consumer may issue to his doctor a ticket that provides the doctor with access to the consumer's medical-related information stored within the information account 110.  The doctor's ticket may carry read-only privileges or may allow the doctor to add new medical information to or modify existing medical information within the information account 110.  The consumer may issue multiple tickets to multiple third parties (e.g., doctors, etc.) Each ticket may provide access to the same or different information and carry the same or different privileges.  Also, the consumer may issue the same ticket to multiple third parties in another example, the consumer may provide his trusted agent or representative (e.g., manager or attorney) with a ticket that authorizes full access to the information account 110 for an unspecified duration (i.e., until revoked by the consumer).  As may be seen the present invention allows the consumer to control the types, amounts and recipients of information stored in a central on-line data repository.  For clarity, it should be appreciated that the "ticket" provided to a third-party may refer to a unique authorization identifier or code, while the attributes associated with the ticket are stored separately therefrom, such as in the ticket authentication table 122).
22.	With respect to claim 7,
	Freeman further discloses creating a copy of the tokenized informational object (Freeman col. 6 line 56 – col. 7 line 3).
23.	With respect to claim 8,
	Hsiao further discloses enabling an identified independent member to revise data contained in the copy of the tokenized informational object to the extent and for the duration defined by the permissions (Steele 003 [0050] – [0057] e.g. [0050] In addition, in various embodiments, the client device 104 may transmit a request for a ticket, or a request that a ticket be provided to a vendor server 114.  The term "ticket" in the present context generally refers to a temporary authorization.  (also referred to as an authorization code or authorization identifier) for at least partial access to a consumer's information account 110. [0052] The ticket authentication module 120 may further compare the ticket information against data in the ticket authentication table 122 in order to determine, for example, whether the ticket is being used by the authorized party during a valid time period and/or for an authorized purpose, and whether the ticket has expired.  The ticket authentication module 120 may also use the ticket authentication table 122 to determine the access privileges (read, write and/or modify) associated with the ticket. [0054] The use of tickets allows a consumer to provide select third parties with access to the consumer's information account 110, on terms specified by the consumer.  Thus, the consumer is able to delegate certain responsibilities for managing and/or accessing the data stored in the information account 110.  The use of tickets in conjunction with an on-line central data repository 102 relieves the consumer from the burden of having to carry, deliver and/or manage paper files in order to conduct personal and business affairs.  Instead, the consumer may simply authorize a third party to access the information account 110 and retrieve, insert and/or modify any necessary information on behalf of the consumer. [0055] For example, the consumer may issue to his doctor a ticket that provides the doctor with access to the consumer's medical-related information stored within the information account 110.  The doctor's ticket may carry read-only privileges or may allow the doctor to add new medical information to or modify existing medical information within the information account 110.  The consumer may issue multiple tickets to multiple third parties (e.g., doctors, etc.) Each ticket may provide access to the same or different information and carry the same or different privileges.  Also, the consumer may issue the same ticket to multiple third parties in another example, the consumer may provide his trusted agent or representative (e.g., manager or attorney) with a ticket that authorizes full access to the information account 110 for an unspecified duration (i.e., until revoked by the consumer).  As may be seen the present invention allows the consumer to control the types, amounts and recipients of information stored in a central on-line data repository.  For clarity, it should be appreciated that the "ticket" provided to a third-party may refer to a unique authorization identifier or code, while the attributes associated with the ticket are stored separately therefrom, such as in the ticket authentication table 122).
24.	Claims 9-11 are same as claims 2-4 and are rejected for the same reasons as applied hereinabove.

25.	Claims 5 and 12-14 are rejected under 35 U.S.C. 103(a) as being obvious by Freeman in view of Steele, and further in view of  Lucas et al. (U.S. 20070219916 A1, herein referred to as Lucas).
26.	With respect to claim 5,
Although Freeman and Steele combination substantially teaches the claimed invention, they do not explicitly indicate providing, in response to access of an informational object by the independent member identified in the offer data, the independent member with data representative of an ancillary one of a product and a service relating to the accessed informational object.
Lucas teaches the limitations by stating providing, in response to access of an informational object by the independent member identified in the offer data, the independent member with data representative of an ancillary one of a product and a service relating to the accessed informational object (Lucas [0176], [0224] – [0226] and [0336] e.g. offer; advertisement; downstream users).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Lucas’s teaching would have allowed Freeman and Steele combination to provide provide an improved technique for supplying cryptographically enhanced products throughout the world (Freeman col. 2 lines 1-3).
27.	Claim 12 same as claim 5 and is rejected for the same reasons as applied hereinabove.
28.	With respect to claim 13,
	Lucas further discloses
an advertising authoring server for enabling an authorized advertising member to create a draft advertising data object comprising one or more of a plurality of tokenized data elements;
an advertising authentication server for authenticating the draft advertising data object created by the authorized advertising member; and
an advertising storage server for converting the authenticated advertising data object created by the authorized advertising member to a corresponding tokenized advertising data object maintained in a read-only mode (Lucas [0022] – [0033], [0063], [0080] – [0082], [0089], [0096] – [0097], [0106] – [0109], [0131] – [0134], [0144]- [0150], [0164] – [0168], [0176], [0224] – [0226], [0231] and [0336] e.g. offer; advertisement; downstream users; verifying the authenticity, authenticating event tickets; The unique identifier code).
29.	With respect to claim 14,
	Lucas further discloses an advertising access server, responsive to access of an informational object by the authorized accessing member, for providing the authorized accessing member access to a one of the tokenized advertising data object relating to the accessed informational object (Lucas [0022] – [0033], [0063], [0080] – [0082], [0089], [0096] – [0097], [0106] – [0109], [0131] – [0134], [0144]- [0150], [0164] – [0168], [0176], [0224] – [0226], [0231] and [0336] e.g. offer; advertisement; downstream users; verifying the authenticity, authenticating event tickets; The unique identifier code).

Conclusion
The prior art made of record, listed on form PTO-892, and not relied upon, if any, is considered pertinent to applicant's disclosure.
30.	The examiner requests, in response to this office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.
31.	When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the reference cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111(c).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SyLing Yen whose telephone number is 571-270-1306.  The examiner can normally be reached on Mon-Fri 8:30am - 5:00pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mark Featherstone can be reached at 571-270-3750.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


SyLing Yen
Examiner
Art Unit 2166



/SYLING YEN/Primary Examiner, Art Unit 2166                                                                                                                                                                                                        
April 9, 2021