DETAILED ACTION
This Office Action is in response to application 16/527,669 filed on July 31, 2019.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending and herein considered.

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/31/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 11-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bohrer et al. (Bohrer) U.S. Pub. Number 2003/0088520, in view of Renda et al. (Renda) U.S. Pat. Number 7,127,524.
Regarding claim 1; Bohrer discloses a method, comprising:
obtaining a security policy for at least one question obtained from a user (abstract: receives a request message from a data-requester (requester) over a network interfaces; 
monitoring one or more responses to the at least one question (abstract: request message has one or more requests for one or more of the private, subject data releases pertaining to a subject, and a requester privacy statement for each of the respective private data. A release process compares the requester privacy statement to the subject constraints (authorization rules) and releases the private, subject data release in a response message to the requester only if the subject constraints are satisfied; para. [[0035]] data returned by the query on the Policy Authorization engine 112 to see if some data needs to be obtained from and external source, and handles requests to those external sources. It also verifies and filters the response to ensure that no unauthorized data is returned); and
enforcing, by a third party portal processing system, one or more access controls within the security policy for data associated with one or more of the at least one question and the one or more responses to the at least one question, wherein the one or more access controls comprise one or more restrictions with respect to one or more of a time duration to access the data [[and a number of people that may access the data]] (para. [0016] to enforce privacy preferences on exchanges of personal data across a network…a data subject (the person or entity whose data is being exchanged and whose privacy is being dealt with) to specify privacy preferences on subject data that is owned by the subject itself, or owned/held by third parties such as enterprises. These privacy preferences act as constraints on the release of such data that must be satisfied prior to its release; [[para. 0017]] data subject to specify complex privacy preferences that include who can access the data…how long the data can be retained, who can the data be shared with and for what purposes; para. [[0035]] the Authentication engine 120 to authenticate the requester and uses the Policy authorization engine to check the authorization and privacy policies… and uses the Policy Authorization engine to return information on the data that is authorized for release under the requested policy). 
Bohrer does not disclose, which Renda discloses restrictions with respect to one or more of a time duration to access the data and a number of people that may access the data (focusing on underlined) (Renda: col. 28, lines 1-20, after receiving the privileges record, log in manager 274 counts the number of users logged in as indicated by privileges storage 275…If logging in the user causes the number of users or number of users to exceed a threshold (or a set of time-based thresholds) stored in authentication storage by a system administrator, log in manager 274 denies the user's log in request as if the user's log in request was unsuccessful).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bohrer to provide restrictions with respect to one or more of a time duration to access the data and a number of people that may access the data, as taught by Renda. The motivation would be to provide users with granular control over arbitrary information that allows for selective, real-time information sharing in a communications network such as the Internet. Communications may be forwarded to their intended destination if the sending device has sufficient privileges to do so.

Regarding claim 2; the combination of Bohrer and Renda discloses the method of claim 1, further comprising evaluating whether the time duration to access the data has expired before providing access to the data (Renda: col. 28, lines 1-20, If any action has a condition associated with the action in the privileges record retrieved, privileges manager 273 determines if the condition is met. In one embodiment, such conditioned privileges may have one action if the condition is met and another action otherwise, or the default action may be used, or the not allowed action may be used if the condition is not met. Conditions may include any form of status such as time of day). The rationale to combine Bohrer and Renda is the same as claim 1.

Regarding claim 3; the combination of Bohrer and Renda discloses the method of claim 1, further comprising evaluating whether the number of people that may access the data has been exceeded before providing access to the data (Renda: col. 11, lines 16-39, after receiving the privileges record, log in manager 274 counts the number of users logged in as indicated by privileges storage 275…If logging in the user causes the number of users or number of users to exceed a threshold (or a set of time-based thresholds) stored in authentication storage by a system administrator, log in manager 274 denies the user's log in request as if the user's log in request was unsuccessful). The rationale to combine Bohrer and Renda is the same as claim 1.

Regarding claim 11; the combination of Bohrer and Renda discloses the method of claim 1, further comprising verifying an identity of a recipient before providing access to the data (Bohrer: para. [0042] a Data Requester sends a request for data describing the data desired along with privacy policies describing the intended usage. The request is handled by the Profile Responder which uses the Authentication engine to verify the identity of the requester and the Policy Authorization engine to check the authority of the requester to access the requested data by using authorization rules and privacy policies).

Regarding claim 12; the combination of Bohrer and Renda discloses the method of claim 11, wherein the verifying the identity of the recipient employs one or more of an email verification of the recipient and a verification based on secret data of the recipient stored locally to a validator using a (Bohrer: para. [0033] To facilitate the requests from a Data Subject to setup data profiles and privacy policies… the system must provide several different functionalities, including the ability to setup profiles, define authorization rules and privacy controls, send and handle requests for data, authenticate requesters, authorize release of data based on authorization rules and privacy policy matching and release data; para. [[0036]] the data subject can use various computer programs 102, such as e-mail software, to respond to such a request).

Regarding claim 13; the combination of Bohrer and Renda discloses the method of claim 1, wherein the obtaining further comprises:
providing, by the third party portal processing system, at least one third party with the at least one question obtained from the user and a corresponding user security policy, wherein the at least one question is to be processed by the at least one third party in accordance with the corresponding user security policy (Bohrer: para. [0078] a request for data is sent from a Data Requester to the Profile Responder…data request identifies a data subject, and includes a request for specific items of data from the data subject; para. [[0081]] a data response is sent from the Profile Responder of the system to the data requester…FIG. 4a. A data response is either a denial, if the request cannot be fulfilled, or the subset of specific data items which were requested and authorized, along with associated privacy declarations representing the data subject's privacy preferences); and
providing a security policy response from the at least one third party to the user indicating one or more of an acceptance of the corresponding user security policy (Bohrer: para. [0081] a data response is sent from the Profile Responder of the system to the data requester, in response to a data request described in FIG. 4a. A data response is either a denial, if the request cannot be fulfilled, or the subset of specific data items which were requested and authorized, along with associated privacy declarations representing the data subject's privacy preferences); and one or more proposed (Bohrer: para. [0037] the Profile Updater 113 receives requests to create, delete, or modify profile information. Like the Profile Responder, this component must authenticate the requester, log the request and response, check for authorization to make the profile update, and update the profile information).

Regarding claim 14; the combination of Bohrer and Renda discloses the method of claim 1, further comprising generating an audit of one or more accesses of the data for the at least one question (Bohrer: para. [0037] the Profile Updater 113 receives requests to create, delete, or modify profile information. Like the Profile Responder, this component must authenticate the requester, log the request and response, check for authorization to make the profile update, and update the profile information).

Regarding claim 15; the combination of Bohrer and Renda discloses the method of claim 1, further comprising revoking access to one or more persons authorized to access the data (Bohrer: para. [0087] action control checking 605 checks if the actions requested by the data requester are allowed according to the action control specified in data subject's privacy preference rule. This is done by simple checking the corresponding Boolean tag of a specific action in the preference. If all the checking is successful, the request is authorized 606, otherwise any failure along the matching process causes the request to be denied).

Regarding claim 16; the combination of Bohrer and Renda discloses the method of claim 1, wherein said one or more access controls for data associated with the one or more of the at least one question and the one or more responses to the at least one question are specified as part of a delegation by one party to another party for generating one or more of the responses (Bohrer: para. [0091] the Data Supplier which holds the requested data. The Data Supplier 910 then uses the various privacy-software components…to authenticate the requester and match the privacy policies of the Data Requester with those specified by the Data Subject (and stored in the Supplier's policy repository) to decide whether to release the data. If manual authorization or some missing values are needed for some data, the Data Supplier requests such authorization 912 from the Data Subject).

Regarding claim 17; the combination of Bohrer and Renda discloses the method of claim 1, wherein said one or more access controls for data associated with the one or more of the at least one question and the one or more responses to the at least one question can be shared as part of a delegation by one party to another party by sending a number of messages comprising the data corresponding to a number of permitted recipients of the data (Bohrer: para. [0089] a Data Requester desiring access to some data about a Data subject then sends a request 813 to the PDS (personal data service) identifying the Data Subject as well as the data requested, along with its own privacy policies on how the requested data would be used…, the PDS then authenticates the requester and matches the privacy policies of the requester with the authorization rules/privacy preference rules specified by the Data Subject.. The PDS collects all data that is locally available, and sends a request to the Data Subject to get any data that is available only from the personal system of the Data Subject).

Regarding claim 18; Bohrer discloses a system, comprising:
a memory (par. [0033]); and
at least one processing device, coupled to the memory, operative to implement the following steps:
obtaining a security policy for at least one question obtained from a user (abstract: receives a request message from a data-requester (requester) over a network interfaces; 
(abstract: request message has one or more requests for one or more of the private, subject data releases pertaining to a subject, and a requester privacy statement for each of the respective private data. A release process compares the requester privacy statement to the subject constraints (authorization rules) and releases the private, subject data release in a response message to the requester only if the subject constraints are satisfied; para. [[0035]] data returned by the query on the Policy Authorization engine 112 to see if some data needs to be obtained from and external source, and handles requests to those external sources. It also verifies and filters the response to ensure that no unauthorized data is returned); and
enforcing, by a third party portal processing system, one or more access controls within the security policy for data associated with one or more of the at least one question and the one or more responses to the at least one question, wherein the one or more access controls comprise one or more restrictions with respect to one or more of a time duration to access the data [[and a number of people that may access the data]] (para. [0016] to enforce privacy preferences on exchanges of personal data across a network…a data subject (the person or entity whose data is being exchanged and whose privacy is being dealt with) to specify privacy preferences on subject data that is owned by the subject itself, or owned/held by third parties such as enterprises. These privacy preferences act as constraints on the release of such data that must be satisfied prior to its release; [[para. 0017]] data subject to specify complex privacy preferences that include who can access the data…how long the data can be retained, who can the data be shared with and for what purposes; para. [[0035]] the Authentication engine 120 to authenticate the requester and uses the Policy authorization engine to check the authorization and privacy policies… and uses the Policy Authorization engine to return information on the data that is authorized for release under the requested policy). 
Bohrer does not disclose, which Renda discloses restrictions with respect to one or more of a time duration to access the data and a number of people that may access the data (focusing on  (Renda: col. 28, lines 1-20, after receiving the privileges record, log in manager 274 counts the number of users logged in as indicated by privileges storage 275…If logging in the user causes the number of users or number of users to exceed a threshold (or a set of time-based thresholds) stored in authentication storage by a system administrator, log in manager 274 denies the user's log in request as if the user's log in request was unsuccessful).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bohrer to provide restrictions with respect to one or more of a time duration to access the data and a number of people that may access the data, as taught by Renda. The motivation would be to provide users with granular control over arbitrary information that allows for selective, real-time information sharing in a communications network such as the Internet (i.e. communications may be forwarded to their intended destination if the sending device has sufficient privileges to do so).

	Regarding claim 20; claim 20 is directed to a computer program product which has similar scope as claim 1. Therefore, claim 20 remains un-patentable for the same reasons.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Bohrer et al. (Bohrer) U.S. Pub. Number 2003/0088520, in view of Renda et al. (Renda) U.S. Pat. Number 7,127,524 and further in view of Ureche et al. (Ureche) U.S. Pub. Number 2011/0302398.
Regarding claim 4; the combination of Bohrer and Renda discloses the method of claim 1.
The combination above does not disclose, which Ureche discloses further comprising revoking access to one or more persons authorized to access the data by revoking a key used to encrypt the data (Ureche: para. [0085] an administrator of the remote service (e.g., remote service 106) can revoke an online key stored by the remote service whenever he or she desires. Thus, for example, the administrator can revoke the online key associated with a user if a user of a company-issued computing device leaves the company, or if the user reports that his or her computing device has been lost or stolen, or if an attempted attack by a malicious user is detected…so the data on the encrypted storage media cannot be accessed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bohrer, in view of Renda to provide revoking access to one or more persons authorized to access the data by revoking a key used to encrypt the data, as taught by Ureche. The motivation would be to provide a key protecting from a malicious user if the storage device or virtual storage medium is lost, stolen, or otherwise compromised, so the data on the encrypted storage media cannot be accessed.

Claims 5-10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Bohrer et al. (Bohrer) U.S. Pub. Number 2003/0088520, in view of Renda et al. (Renda) U.S. Pat. Number 7,127,524 and further in view of Jayaram et al. (Jayaram) U.S. Pub. Number 2018/0285882.
Regarding claim 5; the combination of Bohrer and Renda discloses the method of claim 1.
 The combination above does not disclose, which Jayaram discloses further comprising a client-side encryption of the data by a provider of the data using a symmetric key pair to generate an encrypted version of the data (Jayaram: para. [0121] the transactions and the metadata recorded in the shared permissioned ledger contain information that are very sensitive and confidential to the businesses initiating the instructions… the security of this information by encrypting data for each participant using a symmetric key that is unique to the participant).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bohrer, in view of Renda to provide a client-side encryption of the data by a provider of the data using a symmetric key pair to generate an 

Regarding claim 6; the combination of Bohrer, Renda and Jayaram discloses the method of claim 5, wherein the third party portal processing system stores the encrypted version of the data comprising an encrypted payload and an encrypted symmetric key (Jayaram: para. [0123] data store 1114 stores encrypted data associated with client nodes 1104 and 1106… data store 1114 may store encrypted data associated with any number of client nodes). The rationale to combine Bohrer and Renda is the same as claim 5.

Regarding claim 7; the combination of Bohrer, Renda and Jayaram discloses the method of claim 5, further comprising signing the encrypted version of the data (Jayaram: para. [[0064] a client request may be accompanied by a client signature and, in some cases, a previous signature sent by the server. The server verifies the client request and the previous server signature to acknowledge the client request … Both client and server signatures are saved with requests to help quickly audit correctness of the financial management system ledger). The rationale to combine Bohrer and Renda is the same as claim 5.

Regarding claim 8; the combination of Bohrer, Renda and Jayaram discloses the method of claim 5, further comprising replacing the encrypted version of the data following a key rotation (Jayaram: para. [[0121] encrypting data for each participant using a symmetric key that is unique to the participant… the keys also have a key rotation policy where the data for that node is rekeyed). The rationale to combine Bohrer and Renda is the same as claim 5.

Regarding claim 9; the combination of Bohrer, Renda and Jayaram discloses the method of claim 5, wherein the third party portal processing system provides an encrypted version of the data with a corresponding public key to a recipient of the data (Jayaram: para. [0064] the embedding of previous server signatures in the current client block provides a way to chain requests and provide an easy mechanism to detect tampering. In addition to a client-side signature, the requests are encrypted using standard public key cryptography to provide additional defense against client impersonation. API server 608 logs all encrypted requests from the client). The rationale to combine Bohrer and Renda is the same as claim 5.

Regarding claim 10; the combination of Bohrer, Renda and Jayaram discloses the method of claim 5, wherein the third party portal processing system stores an encrypted version of the data for each recipient that may access the encrypted data (Jayaram: para. [0122] financial management system 1102 also communicates with cryptographic service 1108, which manages secure access to a data store 1114. In some embodiments, data store 1114 is a shared ledger (e.g., ledger 118 in FIG. 1)). The rationale to combine Bohrer and Renda is the same as claim 5.

Regarding claim 19; claim 19 is directed to a system which has similar scope as claim 5. Therefore, claim 19 remains un-patentable for the same reasons.






Examiner’s remarks to overcome the rejection above
If applicant can amend all independent claims to recite the features and limitations found in claims 5-10. The examiner believes this to be sufficient to overcome the prior art and place application in condition for allowance. Applicant is encouraged to contact the examiner to expedite prosecution.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
U.S. Publication No. 2009/0276257 to “Draper et al.” – Draper discloses an integrated system that allows the organization to manage risk and compliance processes. For example, the risk and compliance processes can be monitored to ensure they are adhered to and if the processes are not followed, the system can determine any deviations from the process. 
U.S. Publication No. 2014/0331317 to “Singh” – Singh discloses determining whether a secure resource in the data processing system is shared with an external entity associated with the application and under what specified conditions. It is determined whether the specified conditions exist during runtime of the application. In response to determining that the specified conditions do not exist during runtime of the application, sharing of the secure resource of the data processing system with the external entity associated with the application is prevented. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VU V TRAN/               Examiner, Art Unit 2491