DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 07/31/2019.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4 and 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Pellew US 2019/0087893 in view of Srinivasan et al US 2016/0028737.  

	As per claim 1, Pellew discloses an apparatus, comprising:
 	 a communications interface (par 0014,providing for a secure financial transaction communication interface); 
 	a memory storing instructions (par 0118 a device with memory ); and at least one processor coupled to the communications interface and the memory ( par 0118 a device with processor), the at least one processor being configured to execute the instructions to:  
makes a loan, i.e. consent data, application 31 for one of many ordinary type loans on offer by his/her bank or specialist lender. These can be a commercial or consumer loan, consent data is received, i.e. obtaining, by the Bank. And [0064] Once the final draft of the loan agreement is ready 49, a copy of the draft is sent, i.e. obtaining, 51 to the borrower for acceptance. Acceptance is provided by the borrower by providing their blockchain, i.e. application program of client device); 
 generate a consent document for the application program based on at least a portion of the consent data (par 0014 formulating,i.e. generating, the documentation, i.e. consent document, associated with the financial transaction, ), and 
compute a consent hash value representative of the consent document (par 0016  (b) creating an encryption hash, i.e. consent hash, indicator for the documentation); and 
 generate and transmit, via the communications interface, per-missioning data that includes the consent hash value to the device ( par 0014 (c) for each segment, creating, i.e. generating, an indicative token describing the segment, including associated expected risk profile, security profile and representing the rights to future cash flows associated with the payments under the financial transaction as attributed to each segment (d) providing , i.e. transferring, a blockchain environment for storage of the indicative tokens  fig.13, instruct and transfer the token, as permission data, to the block-chain wallet ) , the per-missioning data comprising information that instructs the executed application program to store the consent hash value within a local memory hash value with an access token of the executed application program (par 0056 SRBS tokens linked,i.e. associate, to each loan contract,i.e. consent ).  
Pellew does not disclose per-missioning data that includes the consent value to the device.
 	Srinivasan discloses per-missioning data that includes the consent value to the device(par 0046 In response to receiving consent from resource owner 202, OAuth authorization server 220 may generate an access token and store, in token-scope registry 222, a mapping between that access token and the particular scope. OAuth authorization server 220 can provide the access token to client application 204 and 0048 The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit, i.e. per missioning, policies to be created at the time of token issuance).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of creating an encryption hash, i.e. consent hash, indicator for the documentation of Pellew, based on the teaching of that permit, i.e. per missioning, policies to be created at the time of token issuance of Srinivasan, because doing so would provide a consent-token that binds client applications to resource servers, thereby indicating whether various client applications are permitted to access various resource servers (par 0057).


 	As per claim 2, Pellew in view of Srinivasan discloses the apparatus of claim 1, wherein the at least one processor is further configured to transmit the permissioning data to the device through a programmatic interface associated with the executed application program (Pellew,  par 0014 (c) for each segment, creating, i.e. generating, an indicative token describing the segment, including associated expected risk profile, security profile and representing the rights to future cash flows associated with the payments under the financial transaction as attributed to each segment (d) providing , i.e. transferring, a blockchain environment for storage of the indicative tokens  fig.13, instruct and transfer the token, as permission data, to the block-chain wallet and Srinivasan par 0046 In response to receiving consent from resource owner 202, OAuth authorization server 220 may generate an access token and store, in token-scope registry 222, a mapping between that access token and the particular scope. OAuth authorization server 220 can provide the access token to client application 204 and 0048 The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit, i.e. per missioning, policies to be created at the time of token issuance ).  

 	As per claim 3,  Pellew in view of Srinivasan discloses the apparatus of claim 1, wherein the at least one processor is further configured to store the consent document, the consent hash value (  Pellew, par 0016  (b) creating an encryption hash, i.e. consent hash, indicator for the documentation in view of Srinivasan discloses par 0046 In response to receiving consent from resource owner 202, OAuth authorization server 220 may generate an access token and store, in token-scope registry 222, a mapping between that access token and the particular scope. OAuth authorization server 220 can provide the access token to client application 204 and 0048 The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit, i.e. per missioning, policies to be created at the time of token issuance),  and an application identifier of the application program within a portion of the memory (Srinivasan discloses par 0046 In response to receiving consent from resource owner 202, OAuth authorization server 220 may generate an access token and store, in token-scope registry 222, a mapping between that access token and the particular scope. OAuth authorization server 220 can provide the access token to client application 204 and 0048 The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit, i.e. per missioning, policies to be created at the time of token).  

 	As per claim 4, Pellew in view of Srinivasan disclose the apparatus of claim 3, wherein: the access token comprises an token (Pellew, par 0014 (c) for each segment, creating, i.e. generating, an indicative token describing the segment, including associated expected risk profile, security profile and representing the rights to future cash flows associated with the payments under the financial transaction as attributed to each segment (d) providing , i.e. transferring, a blockchain environment for storage of the indicative tokens  fig.13, instruct and transfer the token, as permission data, to the block-chain wallet ); the at least one processor is further configured to generate the token and store the  token, the consent document, the consent hash value, and the application identifier within the portion of the memory (Pellew, par 0016  (b) creating an encryption hash, i.e. consent hash, indicator for the documentation ); and the per-missioning data comprises the consent hash value and the access token (Kenyon 0092 a consent-token based access control scheme, in which a consent token is generated each time consent is granted and shared with the relevant entities, for example, the entity to which consent is being given for access and Once X's consent token expires, any other consent tokens that may have been derived from it become invalidated. A mapping of the consent token to each of the members in the consent tree may be maintained in a database) Srinivasan discloses also, access token comprises an Oauth token ( [0046] In an embodiment of the invention, user consent from resource owner 202 is required in order for OAuth authorization server 220 to grant an access token to client application 204.)

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of creating an encryption hash, i.e. consent hash, indicator for the documentation of Pellew, based on the teaching of  OAuth authorization server  may generate an access token and store, in token-scope registry , a mapping between that access token and the particular scope of Srinivasan, because doing so would provide the access token to client application to access the resource. 

 	As per claim 12, Pellew discloses A computer-implemented method, comprising: 
 	obtaining, using at least one processor, consent data that identifies one or more elements of data accessible to an application program executed by a device (0047] a potential borrower makes a loan, i.e. consent data, application 31 for one of many ordinary type loans on offer by his/her bank or specialist lender. These can be a commercial or consumer loan, consent data is received, i.e. obtaining, by the Bank); 
 	using the at least one processor, generating a consent document for the application program based on at least a portion of the consent data (par 0014 formulating,i.e. generating, the documentation, i.e. consent document, associated with the financial transaction )
  and computing a hash value representative of the consent document (par 0016  (b) creating an encryption hash, i.e. consent hash, indicator for the documentation ); and 
generating and transmitting, using the at least one processor, permissioning data that includes the consent hash value to the 97 InternalAttorney Docket No.: G4144-00289device (par 0014 (c) for each segment, creating, i.e. generating, an indicative token describing the segment, including associated expected risk profile, security profile and representing the rights to future cash flows associated with the payments under the financial transaction as attributed to each segment (d) providing , i.e. transferring, a blockchain environment for storage of the indicative tokens  fig.13, instruct and transfer the token, as permission data, to the block-chain wallet ), 
 the permissioning data comprising information that instructs the executed application program to store the consent hash value within a local memory of the device (((d) providing , i.e. transferring, a blockchain environment for storage of the indicative tokens  fig.13, instruct and transfer the token, as permission data, to the block-chain wallet  and fig.13, instruct and transfer the token as permission to the block-chain wallet , the buyer device wherein the token has been saved in the block-chain wallet )
 and to associate the consent value with an access token of the executed application program(par 0056 SRBS tokens linked,i.e. associate, to each loan contract,i.e. consent ).  
Pellew does not disclose per-missioning data that includes the consent value to the device.
 	Srinivasan discloses per-missioning data that includes the consent value to the device(par 0046 In response to receiving consent from resource owner 202, OAuth authorization server 220 may generate an access token and store, in token-scope registry 222, a mapping between that access token and the particular scope. OAuth authorization server 220 can provide the access token to client application 204 and 0048 The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit, i.e. per missioning, policies to be created at the time of token issuance).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of creating an encryption hash, i.e. consent hash, indicator for the documentation of Pellew, based on the teaching of that permit, i.e. per missioning, policies to be created at the time of token issuance of Srinivasan, because doing so would provide a consent-token that binds client applications to resource servers, thereby indicating whether various client applications are permitted to access various resource servers (par 0057).

 	As per claim 13, Pellew discloses  An apparatus, comprising: 
 	a communications interface (par 0014,providing for a secure financial transaction communication interface ); a memory storing instructions (par 0118 a device with memory ); and at least one processor coupled to the communications interface and to the memory (par 0118 a device with processor ), the at least one processor being configured to execute the instructions to:
  receive, via the communications interface, a request for an element of data from a device, the request being generated by an application program executed at the device, and the request comprising a first consent value ( [0047] a potential borrower makes a loan, i.e. consent data, application 31 for one of many ordinary type loans on offer by his/her bank or specialist lender. These can be a commercial or consumer loan, consent data is received, i.e. receive, by the Bank); 
 	obtain a consent document associated with the application program and a second consent hash value representative of the consent document (  [0064] Once the final draft of the loan agreement is ready 49, a copy of the draft is sent, i.e. obtaining, 51 to the borrower for acceptance. Acceptance is provided by the borrower by providing their blockchain, i.e. application program of client device); 
 determine that the first consent hash value corresponds to the second consent value ( [0067] The hash of the real world loan documents can be searched if required and the real world loan documents retrieved from the archive 56. The hashing process can be re run on the loan documents using the same encryption key to do a hash verification, i.e. determine), and 
 determine that requested data element is accessible to the application program based on the consent document ( par 0067  If the hash registered on the blockchain is the same as the re-run hash of the loan documents from the archive then the documents from archive has not been tampered with and is a verifiably,i.e. determine, accurate version of what was agreed to by the borrower and the lender. These documents can then safely be used as the foundation document in any "real world" legal action, should that be necessary); 
 load the requested data element from the memory and encrypt the requested data element (0066] The unique encrypted hash is then sent 57 as a transaction to the Smart Loan Contract code for the loan with instruction to place the "hash" in the long term storage of the code which is then recorded on the blockchain 59 as a permanent record, loading, of the event and the information. ); and 
 transmit the encrypted data element to the device via the communications interface(par 0056 SRBS tokens linked,i.e. associate, to each loan contract,i.e. consent ).  
Pellew does not disclose per-missioning data that includes the consent value to the device.
 	Srinivasan discloses per-missioning data that includes the consent value to the device(par 0046 In response to receiving consent from resource owner 202, OAuth authorization server 220 may generate an access token and store, in token-scope registry 222, a mapping between that access token and the particular scope. OAuth authorization server 220 can provide the access token to client application 204 and 0048 The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit, i.e. per missioning, policies to be created at the time of token issuance).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of creating an encryption hash, i.e. consent hash, indicator for the documentation of Pellew, based on the teaching of that permit, i.e. per missioning, policies to be created at the time of token issuance of Srinivasan, because doing so would provide a consent-token that binds client applications to resource servers, thereby indicating whether various client applications are permitted to access various resource servers (par 0057).


 	 As per claim 14, Pellew in view of Srinivasan disclose the apparatus of claim 13, wherein the at least one processor is further configured to: encrypt the requested data element using a public cryptographic key associated with the executed application program ( Pellew, par 0098 a private/public key signing process 241 which is verified by the lender 242 before being validated by the third party exchange provider); and transmit, via the communications interface, the encrypted data element to the device through a programmatic interface associated with the application program ( Pellew, par 0098 a private/public key signing process 241 which is verified by the lender 242 before being validated by the third party exchange provider 243. FIG. 16 illustrates the control flow of of the borrower onboarding process 250 where documents are verified with a third party provider 251).  

 

Allowable Subject Matter
Claims 5-11, and 15-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including (all the dependents claims) all of the limitations of the base claim and any intervening claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Alley et al US 2003/0078880 discloses document information block may indicate that the signer must consent to the use of electronic documents in the transaction before he or she is permitted to sign the document. Alternatively, the signing user may be required to consent to the use of electronic documents before he or she is permitted to download the signing software application. document expiration date 409, after which the document cannot be signed; a certificate requirement 411, which indicates the certification authority or authorities from which a user must have a digital certificate to be able to sign the document; a folder 413, identifying a folder, such as folder 307 shown in FIG. 3, in the central digital file server, such as central server 105 shown in FIG. 1, where the document should be stored; an indication of whether the document may be signed independently 415, to indicate whether a signing user may sign and submit the document without having other designated signatories sign as well; an indication of whether the document is to be treated as a transferable record 417, to indicate whether the signer should be required to consent to treat the document as a transferable record before he or she is permitted to sign; an indication of whether the document is secure 423, to indicate whether the document should be encrypted before it is transmitted to a signing user; user fields 419, 421 and 425, which allow entry of textual or other data to assist in subsequently searching for and locating a document in a central file server; and authorized signers 429, to indicate the party or parties who are permitted to sign the document.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495