-DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to application 16/452,991 that the Applicant filed on June 26, 2019 and presented 20 claims.  Original claims 1-20 remain pending in the application.
Claim Objections
Claim 17 is objected to because of the following informalities: 1) CCP should be spelled out as “computer program product;” and 2) “comprising a processor(s)” should seemingly read “comprising at least one processor.”  Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 17 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Where applicant acts as his or her own lexicographer to specifically define a term of a claim contrary to its ordinary meaning, the written description must clearly redefine the claim term and set forth the uncommon definition so as to put one reasonably skilled in the art on notice Process Control Corp. v. HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). The term “form” in claim 17 is used by the claim (i.e., “wherein the CPP is in the form of a control computer system”), and it is unclear as to what the Applicant is attempting to claim because computer systems don’t have a “form” (unless the Applicant is attempting to distinguish between hardware and software).  The term is indefinite because the specification does not clearly redefine the term.
Claims 19 and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 19 includes the limitation of “use authorizations are based on data protection regulations,” and claim 20 includes the limitation “the data protection regulations include the General Data Protection Regulation (GDPR).”  These limitations are indefinite because government regulations can be amended and repealed.  Additionally, claim 19 might be subject to the regulations of two different countries, in which case an issue arises as to which regulation should prevail within the claim.  Thus, the scope of claims 19 and 20 can vary with respect to time and geography and are consequently indeterminate.  The Examiner further notes that this § 112(b) rejection is similar to an indefiniteness rejection based upon the use of a trademarks as a claim limitation.  See MPEP § 2173.05(u).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)	
A.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 8,931,041, “Banerjee”) in view of Lacey et al. (US 2017/0140714, “Lacey”).
Regarding Claim 1
Banerjee discloses
A method (abstract, Fig. 3, “The access control action can be allowing the consumer cloud access to the protected resource or denying the consumer cloud access to the protected resource.”) for controlling use of information (Fig. 3, Col. 9:45-10:7, “Examples of relationship data can include, and are not limited to, the consumer information] to be accessed, and the provider cloud hosting the protected resource,” and “ A consumer cloud can use an access token to access the protected resources hosted by a provider cloud,” i.e., the “access token” controls the use of information), wherein the method comprises: 
detecting, by a control computing system (Fig. 1, Col. 5:23-40, i.e., the “enterprise security module 161”), corresponding relevant information contained in corresponding information (Col. 4:64-5:10, i.e., “resource authorization message” includes corresponding information, and Col. 11:45-12:3, “the enterprise security module detects an access transaction from the OAuth messages, where an enterprise end-user, John Smith, is granting a consumer cloud, Google Docs™ cloud, access to a subset of his protected resources stored by the provider cloud, Salesforce® cloud,” i.e., the personal information serves as corresponding relevant information) submitted to each of one or more primary computing systems (Fig. 1, Col. 4:48-63, “A cloud that is hosting protected resources [and acts as a primary computing system[]] can be referred to as a ‘provider cloud’. A cloud that is accessing protected resources from a provider cloud [and acts as a secondary computing system[]] can be referred to as a ‘consumer cloud’.”) according to one or more detection policies (Col. 4:64-5:24, “A resource authorization protocol [via a detection policy] redirects messages…,” and “One or more network proxies 190 can be configured to detect and intercept the resource authorization messages (e.g., OAuth messages) being redirected to the web browser 140 to generate [from the associated corresponding relevant information that is detect[ed]] and store relationship data to be used to generate a cloud trust model for tracking ‘access transactions’.”), 
each of the primary computing systems being granted a use authorization for the corresponding relevant information (Col. 11:45-12:3, “John Smith, is granting a consumer cloud, Google Docs™ cloud, access to a subset of his protected resources stored by the provider cloud, Salesforce® cloud,” i.e., the “provider cloud” is the primary computing system to which “John Smith” has a use authorization that he is employing to enable the “consumer cloud” to “access … his protected resources stored by the provider cloud;” see also Lacey ¶ [0035], “In addition, the user information database 106 may include one or more consents authorizing release of personal information associated with a particular user (e.g., permission data 440, FIG. 4).”) and …1, 
determining, by the control computing system, the corresponding secondary computing systems of each of the primary computing systems from an authorization memory structure associated with the primary computing system (Col. 4:64-5:40, “One or more network proxies 190 can be configured to detect and intercept the resource authorization messages (e.g., OAuth messages) being redirected to the web browser 140 to generate and store relationship data to be used to generate a cloud trust model for tracking ‘access transactions,’” i.e., the relationship data is the result of the determin[ation] of the corresponding secondary computing system in relation to the primary computing system; and Col. 11:45-12:3, i.e., the authorization memory structure associated with the primary computing system comprises the stored authorization information of John Smith with regard to the “provider cloud,” and from this information is determin[ed] the “consumer cloud” that acts as the secondary computing system), 
causing, by the control computing system, a storing of an indication of each of the primary computing systems, of the corresponding relevant information and of the corresponding secondary computing systems into a control memory structure (Col. 4:64-5:40, “One or more network proxies 190 can be configured to detect and intercept the resource authorization messages (e.g., OAuth messages) being redirected to the web browser 140 to generate and store relationship data [as an indication of the cloud and user relationships] to be used to generate a cloud trust model for tracking ‘access transactions’,” and Col. 11:45-12:3, “The enterprise security module stores relationship data that reflects this access transaction,;” and Col. 4:64-5:40, “The cloud trust model can be implemented as a graph model,” i.e., the stored “graph model” represents a control memory structure), and 
controlling, by the control computing system, a use of the relevant information by the primary computing systems and the secondary computing systems according to the control memory structure (Col. 9:45-56, “…providing an access token [(which enables controlling in accordance with the “relationship data” encompassed by the “graph model”)] to a consumer cloud.  An access token can be a string denoting a specific scope, duration, and other access attributes. A consumer cloud can use an access token to access [or use] the protected resources [as relevant information] hosted by a provider [or primary] cloud. A token allows an enterprise end-user to grant a consumer [or secondary] cloud access to their information stored with a provider cloud, without sharing their access credentials (e.g., username and password to access the provider cloud).”).  
Banerjee doesn’t disclose
1 …being authorized to transfer the use authorization to one or more corresponding secondary computing systems,
Lacey, however, discloses
	1 …being authorized to transfer the use authorization to one or more corresponding secondary computing systems (¶ [0031], “For example, a user may be prompted, via the client device 102-1, to approve [or authorize[]] or deny a request for one third-party [acting as a primary computing system[]] to share [or transfer] that user's PII with another third-party [acting as a corresponding secondary computing system[]].”),
	Regarding the combination of Banerjee and Lacey, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the information control system of Banerjee to have included third-party authorization feature of Lacey. One of ordinary skill in the art would have been motivated to incorporate the third-party authorization feature of Lacey because Lacey teaches a system where “routing PII [personally identifiable information] permissioning requests from multiple third parties through the hub server 104, control over such requests is [beneficially] centralized and standardized, allowing users a [convenient] single and simple point of contact to control who has access to their PII, as well as what it may be used for, and when it may be used and/or received.”  See Lacey ¶ [0049].  In other words, the centralized system taught by Lacey is beneficially convenient to users.
Regarding Claim 2
Banerjee in view of Lacey (“Banerjee-Lacey”) discloses the method according to claim 1, and Banerjee further discloses
wherein the relevant information is personal information of a person (Col. 11:45-12:3, “the enterprise security module detects an access transaction from the OAuth messages, where an enterprise end-user, John Smith, is granting a consumer cloud, Google Docs™ cloud, access to a subset of his protected resources stored by the provider cloud, Salesforce® cloud,” i.e., the “personal information” relates to the information associated the “end-user,” including the name and the location of the “protected resources”).  
Regarding Claim 3
Banerjee-Lacey discloses the method according to claim 1, and Banerjee further discloses
displaying, by the control computing system (Fig. 1, Col. 5:23-40),…1 
Lacey further discloses
1 …corresponding online forms downloaded from the primary computing systems (Fig. 5A, ¶¶ [0148], [0170], “An account is created with a service provider (502) (e.g., with the account generation/confirmation module 231). In some implementations, as part of creating the account (i.e., account enrollment/registration), a user provides to the client device 102-1 identity information, such as a name, gender, date of birth, address, social security number, residency, etc.,” where the “verification server 104” corresponds to the control computing system and the “enterprise device 108-1” corresponds to the the primary computing system as already taught by Banerjee; Lacey does not explicitly teach online forms, however, it would be obvious to one skilled in the art that downloaded forms are employed to gather the information used to create the account.  See MPEP § 2141(III), stating “Prior art is not limited just to the references being , 
each of the online forms containing one or more input fields associated with corresponding input indicators for entering the corresponding information (Fig. 5A, ¶¶ [0148], [0170], i.e., when entering the “name, gender, date of birth,” it would be obvious to one skilled in the art to include an input field that is labeled or designated with an input indicator (such as “Name:”); ¶ [0031], i.e., the “promp[ing]” to “approve … a request for one third-party to share that user's PII with another third-party” can include input fields for designating third-parties with whom personally identifiable information can be shared)  
submitting, by the control computing system, the information being entered into the input fields of each of the online forms to the corresponding primary computing system (Fig. 5A, ¶ [0170], i.e., the information received from the client device and stored in the verification server 104 (that acts as the control computing system) in step 501 is submitted via “upload[ing]” to the enterprise device 108-1 in step 502-m), and 
determining, by the control computing system, the relevant information contained in the information entered in each of the online forms according to the corresponding input indicators (Fig. 5B, ¶ [0179], i.e., the enterprise device 108-1 sends a request for information about the user to the verification server 104, and the verification server 104 determin[es] the relevant information (i.e., personal information) according to the input indicators (e.g., the field “Name:”) to fulfill the request).
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3. 
Regarding Claim 4
Banerjee-Lacey discloses the method according to claim 1, and Banerjee further discloses 
determining, by the control computing system (Fig. 1, Col. 5:23-40), the relevant information contained in the information submitted to each of the primary computing systems according to one or more reference rules applied to the information (Fig. 1B, ¶¶ [0060]-[0063], i.e., the “permissions” are associated with a determin[ation] applied to relevant information through the use of reference rules; and ¶ [0197], “For example, the server 104 [as the control computing system] determines whether the subsequent request is permitted by the original authorization from the user. The access permissions [acting as reference rules] include content permissions (e.g., whether the requestor is permitted to access a particular document, rating, or other information), and/or time/frequency permissions (e.g., whether the request satisfies time window and/or access frequency limits imposed by the user).”).
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.

Regarding Claim 5
Banerjee-Lacey discloses the method according to claim 1, and Banerjee further discloses
receiving, by the control computing system (Fig. 1, Col. 5:23-40),…1 
Lacey further discloses
1 …a message from a sender computing system of the primary computing systems or the secondary computing systems (Fig. 5B, ¶¶ [0178]-[0179], “The requesting device 108-1 [as the primary computing system] then sends the request [as a message that is receiv[ed] by the control computing system] for the information to the server 104 at step (524) (e.g., with the request handling module 340) [that acts as a sender computing system].”), 
retrieving, by the control computing system, the indication (Banerjee 4:64-5:40, i.e., the relationship data between the clouds and users) of a current one of the primary computing systems associated with the sender computing system from the control memory structure (Fig. 5B, ¶¶ [0178]-[0179], i.e., in step 526, the request is processed via the verification server 104 processesing the request by retrieving the information/indication concerning the primary computing system from its “information database 106” (see Fig. 4) that acts as a control memory structure), and 
outputting, by the control computing system, an alert comprising the indication of the current primary computing system (Fig. 5B, ¶¶ [0178]-[0179], “In some implementations, the client device 102-1 provides a notification or alert indicating that a request has been received or is available to be viewed. In some implementations, the .
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 5.
Regarding Claim 6
Banerjee-Lacey discloses the method according to claim 5, and Banerjee further discloses
detecting, by the control computing system (Fig. 1, Col. 5:23-40),…1
Lacey further discloses
1 …current one of the relevant information contained in the message (Fig. 5B, ¶¶ [0178]-[0179], i.e., to send the alert in to the user in step 528, the verification system 104 must detect[] in step 526 the user and the associated relevant information within the message), and 
retrieving, by the control computing system, the indication (Banerjee 4:64-5:40, i.e., the relationship data between the clouds and users) of the current primary computing system associated with the current relevant information and the sender computing system from the control memory structure in response to said detecting the current relevant information (Fig. 5B, ¶¶ [0178]-[0179], i.e., within step 526, the verification system 104 associate[s] the current primary computing system that made the request in step 524 with the relevant information of the user of the client device 102-1 to whom the alert is sent in step 528 and received in step 530; Lacey is silent as to the order of the steps within claim 6, but variations of the timing of the steps to achieve the . 
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 6. 
Regarding Claim 7
Banerjee-Lacey discloses the method according to claim 5, and Banerjee further discloses
requesting, by the control computing system (Fig. 1, Col. 5:23-40),…1 
Lacey further discloses
1 …the current primary computing system to update the use authorization of the sender computing system (Figs. 9A-C, ¶¶ [0299]-[0300], i.e., at step 912, an update of the use authorization is required because the prior consents are not applicable; and ¶ [0312], step 312 where use authorization is updated by the hub server 104 acting as the control computing system and provided to the requesting device 108-1 acting as the current primary computing system, noting that one skilled in the art would find the hub server 104 acting to update the use authorization to be an obvious variation to the request device 108-1 updating the use authorization, as both process achieve the same functionality of updating the use authorization), and 
updating, by the control computing system, the authorization memory structure (of Banerjee Col. 11:45-12:3) according to said update of the use authorization of the sender computing system (Fig. 9A, ¶¶ [0299]-[0300], “Such a situation may arise when a threshold period of time has lapsed thereby requiring new (e.g., updated) consent be .
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7. 
Regarding Claim 8
Banerjee-Lacey discloses the method according to claim 7, and Banerjee further discloses
wherein said update of the use authorization of the sender computing system is a revocation thereof (Fig. 10B, ¶ [0317], “…the GUI may include one or more affordances allowing the user to revoke one or more of the consents (or denials) included in the list of consents.”).
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 8.
Regarding Claim 9
Banerjee-Lacey discloses the method according to claim 7, and Lacey further discloses
wherein said update of the use authorization of the sender computing system is a confirmation thereof (Fig. 10B, ¶ [0317], “The GUI may include a list of consents (and/or denials of consent) and information associated with each of the consents (e.g., entity associated with the consent, personal information associated with the consent, date of consent, context of the consent, and the like),” i.e., selecting “Consent A” in the GUI updates the consent.), 
said outputting the alert being prevented in response to the use authorization of the sender computing system being confirmed (Fig. 9C, ¶ [0312], i.e., upon receiving notice of the consent, one skilled in the art would find outputting the alert being prevented to be an obvious step, as no point exists in sending an alert if use authorization has been recently confirmed).
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 9.
Regarding Claim 10
Banerjee-Lacey discloses the method according to claim 1, and Banerjee further discloses
retrieving, by the control computing system (Fig. 1, Col. 5:23-40), control information containing the indication of at least part of the primary computing systems, of the corresponding relevant information and of the corresponding secondary computing systems from the control memory structure (Col. 4:48-5:23, i.e., the control information is associated with the “resource authorization messages” and/or “access transaction,” wherein the information related to the “provider cloud 150” (primary computing system), “consumer cloud 155” (secondary computing system), and “end-user 101” (corresponding relevant information) collectively create the indication that is retriev[ed] via the “proxy 190 [that] can include an enterprise security module 161 [that serves as the control computing system]), and 
outputting, by the control computing system, a report based on the control information (Col. 4:48-5:23, “The cloud trust model can be implemented as a graph model,” i.e., the “graph model” based on the control information is a report).  
Regarding Claim 11
Banerjee-Lacey discloses the method according to claim 10, and Banerjee further discloses
receiving, by the control computing system, a selection from the report of a selected computing system of the primary computing systems or the secondary computing systems (Fig. 4, Col. 8:63-9:18, i.e., the “graph model” that serves as the report includes a “cloud trust model 255” that is based upon the “relationship data 251,” where “updating” an  “existing cloud trust model” involves select[ing] at least one “node,” comprising either a “provider cloud” or “consumer cloud” that serve as primary and secondary computing systems, respectively), 
determining, by the control computing system, the indication of a current one of the primary computing systems associated with the selected computing system from the control information (Fig. 4, Col. 8:63-9:18, i.e., the “graph model” represents the collection of “provider clouds,” and the “provider cloud” to be “updated” is determined and represents a current … primary computing system; see also Lacey Figs. 9A-C, ¶ [0312], where the depicted “requesting device 108-1,” which is the subject of the update, represents the current … primary computing system), 
1 …, and 
updating, by the control computing system, the authorization memory structure according to said update of the use authorization of the selected computing system (Fig. authorization memory structure]. The model generation sub-module 219 can observe the flow of resource authorization messages for access transactions between the clouds as they occur and dynamically generate and/or update a cloud trust model 255 [that relates to the use authorization of the selected computing system to be updated] based on the relationship data 251 that identifies the consumer clouds, provider clouds, and users for the various access transactions.”).  
Lacey further discloses
	1 requesting, by the control computing system, the current primary computing system to update the use authorization of the selected computing system (Figs. 9A-C, ¶¶ [0299]-[0300], i.e., at step 912, an update of the use authorization is required because the prior consents are not applicable; and ¶ [0312], step 312 where use authorization is updated by the hub server 104 acting as the control computing system and provided to the requesting device 108-1 acting as the current primary computing system, noting that one skilled in the art would find the hub server 104 acting to update the use authorization to be an obvious variation to the request device 108-1 updating the use authorization, as both process achieve the same functionality of updating the use authorization),
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 11.

Regarding Claim 12
Banerjee-Lacey discloses the method according to claim 11, and Banerjee further discloses
wherein said update of the use authorization of the selected computing system…1 (Col. 11:45-12:3) 
Lacey further discloses
1 …is a revocation thereof (Fig. 10B, ¶ [0317]).	
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 12.
Regarding Claim 13
Banerjee-Lacey discloses the method according to claim 11, and Lacey further discloses 
wherein said update of the use authorization of the selected computing system is a confirmation thereof (Fig. 10B, ¶ [0317], see claim 9), the method comprising
	receiving, by the control computing system, a message from a sender computing system of the primary computing systems or the secondary computing systems (Fig. 5B, ¶¶ [0178]-[0179], see claim 5),
	retrieving, by the control computing system, the indication of a further current one of the primary computing systems associated with the sender computing system from the control memory structure (Fig. 5B, ¶¶ [0178]-[0179], see claim 5)
	outputting, by the control computing system, an alert comprising the indication of the further current primary computing system (Fig. 5B, ¶¶ [0178]-[0179], see claim 5) if the use authorization of the sender computing system is not confirmed (Fig. 5B, ¶ [0179], “In some implementations, the server 104 sends the notification or alert to the client device 102-1 before sending the request to the client device 102-1, and the request is sent to the client device 102-1 once the user logs in to his or her account via the client device 102-1 (e.g., in response to the notification or alert),” i.e., before the user can make a confirmation of the use authorization, which thus addresses the if condition, an alert is output).
Regarding the combination of Banerjee and Lacey, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 12.
Regarding Claim 14
Banerjee-Lacey discloses the method according to claim 1, and Banerjee further discloses 
performing said detecting the relevant information by one or more client computing systems of a person (Col. 9:57-10:7, “The enterprise security module can identify a resource owner [and thereby detect[] the relevant information] using a user identifier, such as a user name, a user employee identifier, a device identifier [that relates to a client computing[] system[] of a person] that is associated with the user, etc., when generating and storing the relationship data.”)  
Regarding Claim 15
Banerjee-Lacey discloses the method according to claim 14, and Banerjee further discloses
storing, by a server computing system, the indication of each of the primary computing systems, of the corresponding relevant information and of the corresponding secondary computing systems into the control memory structure (Col. 4:64-5:40, “One or more network proxies 190 can be configured to detect and intercept the resource authorization messages (e.g., OAuth messages) being redirected to the web browser 140 to generate and store relationship data [as an indication of the cloud and user relationships] to be used to generate a cloud trust model for tracking ‘access transactions’,” and Col. 11:45-12:3, “The enterprise security module stores relationship data that reflects this access transaction,;” and Col. 4:64-5:40, “The cloud trust model can be implemented as a graph model,” i.e., the stored “graph model” represents a control memory structure) in association with the person (Col. 9:57-10:7, “The enterprise security module can identify a resource owner using a user identifier, such as a user name, a user employee identifier, a device identifier that is associated with the user, etc., when generating and storing the relationship data,” i.e., information stored in association with the “device identifier” would be incorporated into the storage of the aforementioned “relationship data” and “graph model”).  
Regarding Claim 16
With respect to independent claim 16, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claim 16.  Claims 1 and 16 substantially claim the same subject matter, as claim 1 is directed towards a method and claim 16 is directed towards a computer program product.  Because claim 16 is an obvious variation of claim 1, claim 16 is rejected, for similar reasons, under the grounds set forth for claim 1. 	
Regarding Claim 17
Banerjee-Lacey discloses the computer program product according to claim 16, and Banerjee further discloses
a processor(s) set structured, programmed and/or connected to perform the program instructions, wherein the CPP is in the form of a control computer system (Fig. 5, Col. 13:19-54, i.e., the structure of the disclosed “one or more general-purpose processing devices” that process the “sets of instructions 526”).  
Regarding Claim 18
A method (abstract, Fig. 3) comprising: 
for each given primary computing system of a plurality of primary computing systems (Fig. 1, Col. 4:48-63, “A cloud that is hosting protected resources [and acts as a primary computing system[]] can be referred to as a ‘provider cloud’. A cloud that is accessing protected resources from a provider cloud [and acts as a secondary computing system[]] can be referred to as a ‘consumer cloud’,” and Col. 2:31-37, “The graph model comprises nodes and edges connecting at least a subset of the nodes. The nodes represent users, consumer clouds, and provider clouds, and the edges represent relationships between the nodes,” i.e., “provider clouds” represent a plurality of primary computing systems), 
granting a use authorization to the given primary computing system (Col. 11:45-12:3, “John Smith, is granting a consumer cloud, Google Docs™ cloud, access to a subset of his protected resources stored by the provider cloud, Salesforce® cloud,” i.e., the “provider cloud” is the primary computing system to which “John Smith” has a use authorization that he is employing to enable the “consumer cloud” to “access … his , 
with the use authorization including a definition of relevant information to which the use authorization is applicable (Col. 11:45-12:3, i.e., the use authorization is defin[ed] by the relevant information that pertains to “John Smith” and is applicable to the “provider cloud” that serves as a primary computing system) and 
1 …; 
for each given use authorization of the plurality of use authorizations respectively corresponding to the plurality of primary computing systems (Col. 4:64-5:40, i.e., the “graph model” captures the “relationship data” which captures each given use authorization … corresponding to the plurality of primary computing systems), 
storing the given use authorization in a control memory structure (Col. 4:64-5:40, “One or more network proxies 190 can be configured to detect and intercept the resource authorization messages (e.g., OAuth messages) being redirected to the web browser 140 to generate and store relationship data [as an indication of the cloud and user relationships] to be used to generate a cloud trust model for tracking ‘access transactions’,” and Col. 11:45-12:3, “The enterprise security module stores relationship data that reflects this access transaction,;” and Col. 4:64-5:40, “The cloud trust model can be implemented as a graph model,” i.e., the stored “graph model” represents a control memory structure) included in a control computing system (Figs. 1 & 2, Col. 5:23-40, i.e., the “enterprise security module 161,” and Col. 7:35-51 “The storage sub-; and 
controlling, by the control computing system, use of information by the plurality of primary computing systems and the plurality of secondary computing systems according to the use authorizations stored in the control memory structure (Col. 9:45-56, “…providing an access token [(which enables controlling in accordance with the “relationship data” encompassed by the “graph model”)] to a consumer cloud.  An access token can be a string denoting a specific scope, duration, and other access attributes. A consumer cloud can use an access token to access [or use] the protected resources [as relevant information] hosted by a provider [or primary] cloud. A token allows an enterprise end-user to grant a consumer [or secondary] cloud access to their information stored with a provider cloud, without sharing their access credentials (e.g., username and password to access the provider cloud).”).
Banerjee doesn’t disclose
	1 any authorization(s) to transfer the first use authorization to a secondary computing system of a plurality of secondary computing systems,  
Lacey, however, discloses
	1 any authorization(s) to transfer the first use authorization to a secondary computing system of a plurality of secondary computing systems (¶ [0031], “For example, a user may be prompted, via the client device 102-1, to approve [or authorize[]] or deny a request for one third-party [acting as a primary computing system[]] to share [or transfer] that user's PII with another third-party [acting as a corresponding secondary computing system[]].”),

Regarding Claim 19
Banerjee-Lacey discloses the method according to claim 18, and Lacey further discloses
wherein the definitions of relevant information in each use authorization of the plurality of use authorizations are based on data protection regulations (¶ [0004], “To further complicate the situation, regulators and governments are becoming increasingly aware of privacy concerns associated with collecting of personal information and are looking to enact legislation which mandates how and which controls be put in place,” with the Examiner noting that this claim is indefinite under § 112(b) because a claim can’t be based on indefinite nature of laws or regulations).  
Regarding Claim 20
Banerjee-Lacey discloses the method according to claim 19, and Lacey further discloses
wherein the data protection regulations include the General Data Protection Regulation (GDPR) (¶ [0004], “To further complicate the situation, regulators and governments are becoming increasingly aware of privacy concerns associated with collecting of personal information and are looking to enact legislation which mandates how and which controls be put in place,” with the Examiner noting: 1) the GDPR is an obvious variation of a protection regulation, and 2) this claim is indefinite under § 112(b) because a claim can’t be based on indefinite nature of laws or regulations).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491