Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 16/355,391 is presented for examination by the examiner.  Claims 1-7, 9-16, and 18-20 have been amended, claim 17 has been canceled, and new claim 21 has been added.  Accordingly, claims 1-16 and 18-21 are now pending.

Response to Amendment

Claim Objections
Claim objected under this section have been withdrawn due to the present amendments.  
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 9 and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-16 and 18-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a policy controlling access to data, thus grouped as a certain method of organizing human interactions.  This judicial exception is not integrated into a practical application because a human can perform this practice as disclosed in the claims.  People are capable of using decentralized IDs in performing authentication and then knowing or looking up policies that govern access control of data.  Data also is abstract.  The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because there is nothing in the claim which would require nonconventional computers which can comparing IDs, store data, transfer data, and write to data.  Independent claims now requires a ledger but computer ledgers are modeled after paper ledgers and no specific functions directed to the ledger concerning blockchain or other cryptographic operations are present in the claims.  The 


Double Patenting
The double patenting rejection is withdrawn due to amendments to both of the applications which were in comparison.

Response to Arguments
Applicant's arguments filed 6/17/21 with respect to the 35 USC 101 rejection have been fully considered but they are not persuasive.  Applicant contends that the claim recites a decentralized storage service that uses a distributed ledger to authenticate or authorize users and by that argument, the amended claims cannot be performed by human hand.  First, it should be pointed out that neither authentication nor authorization is actually performed in the independent claim.  This limitation is intended use at best.  In fact, the distributed ledger is not used at all in the claimed access control procedure.  Also, while humans may not be able to perform some block chain functions it is important to note that a distributed ledger is merely the computer equivalent to ledgers that people have used throughout civilization.  It is simply a way to track transactions.  The claim has not transformed the abstract idea of policies controlling access to data, i.e. access control, into a practical application.  The additional elements listed by Applicant on page 10 of the response are inclusive of actions human can .




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person 


Claims 1-16 and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2018/0020001 to White et al., hereinafter White in view of USP 10,587,413 to Todd et al hereinafter Todd and in view of USP Application Publication  2013/0275401 to Auger et al., hereinafter Auger.

As per claims 1 and 20, White teaches one or more processors; and one or more computer-readable hardware storage devices having thereon computer-executable instructions that are structured such that, when executed by the one or more processors [Fig. 1], configure the computing system to: 
receive an input from a user setting one or more policy rules that are applicable to one or more types of data, the user being associated with a first  identifier (ID) (0014 and 0027); 
store the one or more policy rules in the one or more computer-readable hardware devices (0024 and 0027);
receive a request from an entity for operating on data stored or to be stored in one of the plurality of storages that is associated with the first ID (0019, 0020); 
determine a type of the data that is requested to be operated on (0021); 
access one or more policy rules that are applicable to the type of the data (0024); 

based on the determination, cause the storage service to allow the request when the operation will result in the data complying with the one or more policy rules (0024 and 0025).
White does not explicitly teach the identifiers are decentralized and that the service “intends” to use a distributed ledger.  Todd teaches identifiers that are decentralized (col. 6, lines 50-66) and used in a distributed ledger (col. 1, lines 53-61).  In Todd’s system, there are many identity servers and enterprises.  White teaches trust across many different organizations (0027).  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.  The system of White could have used decentralized identifiers for the entities/user/owner so long as each identity server can authenticate the user.  Todd’s method teaches how this is performed by distributed ledgers and that doing so allows for control authentication and/or authorization across a class of systems or situations, i.e., in a cross enterprise environment (col. 1, lines 65-66).  
White does not explicitly teach receiving a notification from the storage service notifying the user associated with the first ID about a request from an entity associated with a second ID.  On the other hand, Auger teaches receiving a notification from the storage service notifying the user associated with the first ID about a request from an entity associated with a second ID (0054) as a policy 

As per claim 12, it is rejected for the same reasons as claim 1.

As per claims 2, 13, and 21, White teaches filter the one or more policy rule based on information associated with the user and/or the entity to determine a subset of one or more policy rules that are applicable to the requested data (0044 and 0062), wherein the accessing one or more policy rules that are applicable to the type of the data is accessing the subset of one or more policy rules that are applicable to data of the user (0024, 0044, and 0045).
As per claims 3 and 14, White teaches the request from an entity for operating on data is a request to store data generated by the entity in the storage associated with the first DID or a request to read data stored in the storage associated with the user (0039 and 0048).

As per claims 5 and 16, White teaches wherein the determining the type of the data comprises: scanning the metadata of the data (0044; tagged), and based on the scanned metadata, determining at least one type of the data (sensitive; 0044).
As per claim 6, White teaches the one or more policy rules include a personal rule that is determined by the user associated with the first DID [owner is authorized specifically to the data; 0051].
As per claim 7, White teaches at least one of the one or more policy rules are stored in the storage associated with the user associated with the first DID, at least one of the one or more policy rules is stored with at least one of the plurality of storages; at least one of the one or more policy rules is stored at a remote server [data access platform 122; 0024 and 0062], and/or at least one of the one or more policy rules is stored at a DID owner's DID management module.
As per claim 8, White teaches generating the one of more policy rules in response to receiving the request from the entity (0024, 0044, and 0045).

As per claim 10, White teaches the second DID is same as the first DID or different from the first DID [the second ID is attributed to the entity requesting access, and the first ID belongs to the owner, therefore the IDs are the different].  

As per claim 18, White teaches the one or more policy rules include a personal rule that is determined by an owner of the particular DID [owner is authorized specifically to the data; 0036 and 0051].

As per claim 11, White teaches filtering the one or more policy rules based on geographic information of the user associated with the first DID and/or the entity associated with the second DID to determine a subset of one or more policy rules that are applicable to the requested data (0039 and 0062), wherein the accessing one or more policy rules that are applicable to the type of the data is accessing the subset of one or more policy rules that are applicable to the requested data (0024, 0044, and 0045).





Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431