Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-2, 5, 8-9 and 15-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 8 and 14 of U.S. Patent No. 11,062,051 to Barday et al. Although the claims at issue are not identical, they are not patentably distinct from each other.

Instant Claims
US 11,062,051
1. A system comprising: 
a non-transitory computer-readable medium storing instructions; and 
processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: 
1. A consent receipt management system comprising: 
one or more computer processors; and
computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for: …

… receiving, via the first graphical user interface, a request to initiate a transaction … 
identifying a transaction identifier associated with the transaction; …
generating a unique consent receipt key for the transaction …
determining a unique subject identifier for the data subject; …

generating a consent receipt set comprising a consent receipt indicating consent by the data subject to the processing of the personal data, wherein the consent receipt comprises a consent receipt identifier, a transaction identifier based on the transaction parameter, and a subject identifier based on the data subject parameter; 
… electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory; 
electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier; generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key; …
presenting a consent receipt management portal to a user, the consent receipt management portal comprising an indication of the consent receipt set and a first selectable control configured to generate a request to access a consent receipt modification interface; 
… providing, to the one or more data subjects, a consent receipt management portal for accessing and modifying consent receipt keys, the consent receipt management portal comprising a second graphical user interface;
receiving, via the second graphical user interface, a request to modify one or more consent preferences; …
responsive to detecting the request to access the consent receipt modification interface, presenting the consent receipt modification interface to the user, the consent receipt modification interface comprising a user input configured to accept a consent receipt modification parameter and a second selectable control configured to generate a request to modify the consent receipt set based on the consent receipt modification parameter; 
… providing, to the one or more data subjects, a consent receipt management portal for accessing and modifying consent receipt keys, the consent receipt management portal comprising a second graphical user interface;
receiving, via the second graphical user interface, a request to modify one or more consent preferences; …

causing initiation of the transaction based on the modified consent receipt set.
… automatically modifying the unique consent receipt key based at least in part on the request to modify the one or more consent preferences; …


Claims 2 and 5 are anticipated by, e.g., “automatically modifying the unique consent receipt key based at least in part on  the request to modify the one or more consent preferences” in claim 1 of US 11,062,051.
Claims 8-9 and 15-16 are similarly anticipated or made obvious over claims 8 and 14 of US 11,062,051. 

Claims 1-2, 5, 8-9 and 15-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 7 of U.S. Patent No. 10,769,302 to Barday et al.

Instant Claims
10,769,302
1. A system comprising: 
a non-transitory computer-readable medium storing instructions; and 
processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: 
5. A consent receipt management system comprising: 
one or more processors; and 
computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for: 


receiving a request to initiate a transaction between the entity and the data subject, the transaction involving collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction; 

generating a consent receipt set comprising a consent receipt indicating consent by the data subject to the processing of the personal data, wherein the consent receipt comprises a consent receipt identifier, a transaction identifier based on the transaction parameter, and a subject identifier based on the data subject parameter; 
electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory; 
electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier; 
generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key; 

presenting a consent receipt management portal to a user, the consent receipt management portal comprising an indication of the consent receipt set and a first selectable control configured to generate a request to access a consent receipt modification interface; 
providing a consent receipt management portal; 
displaying, to the data subject, via the consent receipt management portal, the plurality of consent records; 

responsive to detecting the request to access the consent receipt modification interface, presenting the consent receipt modification interface to the user, the consent receipt modification interface comprising a user input configured to accept a consent receipt modification parameter and a second selectable control configured to generate a request to modify the consent receipt set based on the consent receipt modification parameter; 
receiving, via the consent receipt management portal from the data subject, a request to modify the one or more consent preferences, wherein the request to modify the one or more consent preferences comprises a request to modify a frequency of one or more actions that make up the transaction; and
responsive to detecting the request to modify the consent receipt set, generating a modified consent receipt set based on the consent receipt and the consent receipt modification parameter; and 




Claims 2 and 5 are anticipated by “modifying the unique consent receipt key to include data related to a time of the request to withdraw” in claim 1 of US 10,769,302.
Claims 8-9 and 15-16 are similarly anticipated or made obvious over claims 7 and 1 of US 10,769,302 (note that a product is at least obvious over a system providing the same functionality).

Claims 1-2, 5, 8-9 and 15-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 8 of U.S. Patent No. 10,503,926 to Barday et al.

Instant Claims
10,503,926
1. A system comprising: 
a non-transitory computer-readable medium storing instructions; and 
processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: 
1. A consent receipt management system comprising: 
one or more processors; and 
computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for: 

receiving a request to initiate a transaction, the request comprising a transaction parameter, a data subject parameter, and a consent parameter indicating consent by a data subject to processing of personal data received via a computer network;
receiving a request to initiate a transaction between the entity and the data subject, the transaction involving collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity 

identifying a transaction identifier associated with the transaction; 
generating, a unique consent receipt key for the transaction; and 
determining a unique subject identifier for the data subject; 
electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory; 
electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier; 
generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key; 

presenting a consent receipt management portal to a user, the consent receipt management portal comprising an indication of the consent receipt set and a first selectable control configured to generate a request to access a consent receipt modification interface; 
displaying, to the data subject, via the consent receipt management portal, the plurality of consent records;
responsive to detecting the request to access the consent receipt modification interface, presenting the consent receipt modification interface to the user, the consent receipt modification interface comprising a user input configured to accept a consent receipt modification parameter and a second selectable control configured to generate a request to modify the consent receipt set based on the consent receipt modification parameter; 
displaying, to the data subject, via the consent receipt management portal, the plurality of consent records; …
receiving a request from the data subject via the consent receipt management portal to withdraw the consent; and
responsive to detecting the request to modify the consent receipt set, generating a modified consent receipt set based on the consent receipt and the 
causing initiation of the transaction based on the modified consent receipt set.

modifying the unique consent receipt key to include data related to a time of the request to withdraw; 




Claims 2 and 5 are anticipated by “modifying the unique consent receipt key to include data related to a time of the request to withdraw” in claim 1 of US 10,503,926.
Claims 8 and 15 are similarly anticipated or made obvious over claims 8 and 1 (note that a product is at least obvious over a system providing the same functionality).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-9, 11-12, 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over US 8,589,183 to Awaraji et al. (Awaraji) in view of US 2012/0102411 to Sathish (Sathish) in view of US 2014/0324480 to Dufel et al. (Dufel).

Claim 1: Awaraji discloses a system comprising: 
a non-transitory computer-readable medium storing instructions; and 
processing hardware communicatively coupled to the non-transitory computer-readable medium (col. 4, lines 23-24 "A computer system", those of ordinary skill would have understood this to at least obviously include a processor and memory), wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: 
receiving a request to initiate a transaction, the request comprising a consent parameter indicating consent by a data subject to processing of personal data received via a computer network (col. 7, lines 17-23 “a client requests service form service provider as part of Step 31 … information to be collected about the client … to which the service provider will need access … the client consents”);
generating a consent receipt set comprising a consent receipt indicating consent by the data subject to the processing of the personal data, wherein the consent receipt comprises a consent receipt identifier, a transaction identifier based on a transaction parameter, and a subject identifier based on a data subject parameter (col. 8, lines 41-46 “stored in a transaction record”, col. 8, lines 41-64 “a transaction ID … the symmetric key … encrypted with the patient’s public key … the symmetric key … encrypted with the … encrypted with the trusted information broker’s public key”); 
presenting a consent receipt management portal to a user, the consent receipt management portal comprising an indication of the consent receipt set and configured to generate a request to access a consent receipt modification interface (col. 6, lines 36-
responsive to detecting the request to access the consent receipt modification interface, presenting the consent receipt modification interface to the user, to accept a consent receipt modification parameter and to generate a request to modify the consent receipt set based on the consent receipt modification parameter (col. 6, lines 45-47 “the client can deny the request, … grant and deny portions of the request”, note that some form of interface is required here); 
responsive to detecting the request to modify the consent receipt set, generating a modified consent receipt set based on the consent receipt and the consent receipt modification parameter (col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”); and 
causing initiation of the transaction based on the modified consent receipt set (col. 6, lines 55-60 “provides services to the client, and captures additional information”).

Awaraji does not explicitly disclose the request comprising a transaction parameter and a data subject parameter.



It would have been obvious at the time of filing to include a transaction parameter and a data subject parameter in the request (Sathish par. [0039] “the request may indicate the desired parameters”, Awaraji col. 8, lines 41-64 “transaction ID … col. 8, lines 41-64 “the symmetric key … encrypted with the patient’s public key”). Those of ordinary skill in the art would have been motivated to do so as a known means of communicating the information which would have produced only the expected results (e.g. Sathish “characteristics may be used to specify the conditions under which to monitor the user interactions”, Awaraji col. 7, lines 17-23 “information to be collected about the client”). 

Awaraji and Sathish do not explicitly teach:
a first selectable control configured to generate the request to access a consent receipt modification interface; and
the consent receipt modification interface comprising a user input configured to accept a consent receipt modification parameter and a second selectable control configured to generate the request to modify the consent receipt. 

Dufel teaches:
par. [0041] "buttons, for example, 414, allowing adjustment of the consent posture"); and
a consent modification interface comprising a user input configured to accept a consent modification parameter and a second selectable control configured to generate the request to modify the consent (par. [0042] "a series of webpages ... that assists the user in changing their sharing directive ...  for example at 418, ... select to protect or unprotect ... "substance abuse" at 424 or "psychiatry related" at 426", also see Fig. 4C “Continue” button). 

It would have been obvious at the time of filing to present a modification interface as taught by Dufel (see e.g. Fig. 4A-C). Those of ordinary skill in the art would have been motivated to do so as a known means of interacting with a user which would have produced only the expected results (e.g. Dufel par. [0041] “adjustment of the consent posture", Awaraji col. 6, lines 45-47 “grant and deny portions of the request”).

Claim 2: Awaraji, Sathish and Dufel teach the system of claim 1, wherein generating the modified consent receipt set comprises:
generating a modified consent receipt based on the consent receipt and the consent receipt modification parameter (col. 6, lines 54-55 “transmitted back to the trusted information broker”); and 
associating the modified consent receipt with the consent receipt set to generate the modified consent receipt (col. 8, lines 41-46 “stored in a transaction record”).

Claim 3: Awaraji, Sathish and Dufel teach the system of claim 2, wherein the operations further comprise deleting the consent receipt from the modified consent receipt set (Awaraji col. 7, lines 52-56 “records may be marked as … deleted”, it would at least have been obvious to delete any outdated consent to prevent it being used to collect information).

Claim 4: Awaraji, Sathish and Dufel the system of claim 2, wherein generating the modified consent receipt set further comprises storing an indication that the modified consent receipt is a current consent receipt in the modified consent receipt (Awaraji col. 7, lines 52-56 “records may be marked as inactive”, thus making any active consents the “current” consent).

Claim 5: Awaraji, Sathish and Dufel teach the system of claim 1, wherein generating the modified consent receipt set comprises modifying the consent receipt based on the consent receipt modification parameter (col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”).

Claim 8: Awaraji discloses a method comprising: 
receiving, by computing hardware, a request to initiate a transaction, the request comprising a consent parameter indicating consent by a data subject to processing of personal data received via a computer network (col. 7, lines 17-23 “a client requests service form service 
generating, by the computing hardware, a consent receipt set comprising a consent receipt indicating consent by the data subject to the processing of the personal data, wherein the consent receipt comprises a consent receipt identifier, a transaction identifier based on the transaction parameter, and a subject identifier based on the data subject parameter (col. 8, lines 41-46 “stored in a transaction record”, col. 8, lines 41-64 “a transaction ID … the symmetric key … encrypted with the patient’s public key … the symmetric key … encrypted with the … encrypted with the trusted information broker’s public key”); and
causing, by the computing hardware, initiation of the transaction based on the consent receipt set (e.g. col. 6, lines36-40 “When the trusted information broker receives the service request”); 
during execution of the transaction:
presenting, by the computing hardware, a consent receipt management portal to a user, the consent receipt management portal comprising an indication of the consent receipt set to generate a request to access a consent receipt modification interface (col. 6, lines 36-44 “sends a request to the client to permit the service provider to access the information. Clients can select”, col. 7, lines 27-29 “consolidates this information and presents it to the client as part of Step 35”); 
responsive to detecting the request to access the consent receipt modification interface, presenting, by the computing hardware, the consent receipt modification interface to the user, to generate a request to modify the consent receipt set based on 
responsive to detecting the request to modify the consent receipt set, generating, by the computing hardware, a modified consent receipt set based on the consent receipt and the consent receipt modification parameter (col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”); and 
resuming, by the computing hardware, execution of the transaction based on the modified consent receipt set (col. 6, lines 55-60 “provides services to the client, and captures additional information”).

Awaraji does not explicitly disclose the request comprising a transaction parameter and a data subject parameter.

Sathish teaches a request comprising parameters related to monitoring user interaction (par. [0039] “the request may indicate the desired parameters for monitoring/determination”).

It would have been obvious at the time of filing to include a transaction parameter and a data subject parameter in the request (Sathish par. [0039] “the request may indicate the desired parameters”, Awaraji col. 8, lines 41-64 “transaction ID … col. 8, lines 41-64 “the symmetric key … encrypted with the patient’s public key”). Those of ordinary skill in the art would have been 

Awaraji and Sathish do not explicitly teach:
a first selectable control configured to generate the request to access a consent receipt modification interface; and
the consent receipt modification interface comprising a user input configured to accept a consent receipt modification parameter and a second selectable control configured to generate the request to modify the consent receipt. 

Dufel teaches:
a first selectable control configured to generate a request to access a consent modification interface (par. [0041] "buttons, for example, 414, allowing adjustment of the consent posture"); and
a consent modification interface comprising a user input configured to accept a consent modification parameter and a second selectable control configured to generate the request to modify the consent (par. [0042] "a series of webpages ... that assists the user in changing their sharing directive ...  for example at 418, ... select to protect or unprotect ... "substance abuse" at 424 or "psychiatry related" at 426", also see Fig. 4C “Continue” button). 

par. [0041] "adjustment of the consent posture", Awaraji col. 6, lines 45-47 “grant and deny portions of the request”).

Claim 9: Awaraji, Sathish and Dufel teach the method of claim 8, wherein generating the modified consent receipt set comprises:
generating a modified consent receipt based on the consent receipt and the consent receipt modification parameter (Awaraji col. 6, lines 54-55 “transmitted back to the trusted information broker”); and 
replacing the consent receipt with the modified consent receipt in the consent receipt set to generate the modified consent receipt (Awaraji col. 8, lines 41-46 “stored in a transaction record”, col. 7, lines 52-56 “records may be marked as inactive”).

Claim 11: Awaraji, Sathish and Dufel teach the method of claim 8, wherein presenting the consent receipt management portal comprises: 
generating a graphical user interface for a browser application executed on a user device by configuring a display element and a navigation element on the graphical user interface (Dufel par. [0042] “a series of web pages”), wherein: 
the display element is configured to display the indication of the consent receipt set (e.g. Dufel fig. 4A 404, 412), and the navigation element comprises the first 
transmitting an instruction to the browser application causing the browser application to present the graphical user interface on the user device (Dufel par. [0042] “a series of web pages”).

Claim 12: Awaraji, Sathish and Dufel teach the method of claim 11, wherein detecting the request to access the consent receipt modification interface comprises detecting a selection of the navigation element (Dufel par. [0041] "buttons, for example, 414, allowing adjustment of the consent posture").

Claim 14: Awaraji, Sathish and Dufel teach the method of claim 8, wherein the consent parameter further indicates acceptance by the data subject of a privacy policy associated with the transaction (col. 7, lines 17-23 “the client consents”).

Claim 15: Awaraji discloses a non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: 
detecting a request to initiate a transaction, the request comprising a consent parameter indicating consent by a data subject to processing of personal data received via a computer network (col. 7, lines 17-23 “a client requests service form service provider as part of 
generating a consent receipt set comprising a consent receipt indicating consent by the data subject to the processing of the personal data, wherein the consent receipt comprises a consent receipt identifier, a transaction identifier based on the transaction parameter, and a subject identifier based on the data subject parameter (col. 8, lines 41-46 “stored in a transaction record”, col. 8, lines 41-64 “a transaction ID … the symmetric key … encrypted with the patient’s public key … the symmetric key … encrypted with the … encrypted with the trusted information broker’s public key”); 
initiating the transaction based on the consent receipt set (col. 6, lines 55-60 “provides services to the client, and captures additional information”); 
presenting a consent receipt management portal to a user, the consent receipt management portal comprising an indication of the consent receipt set to generate a request to access a consent receipt modification interface (col. 6, lines 36-44 “sends a request to the client to permit the service provider to access the information. Clients can select”, col. 7, lines 27-29 “consolidates this information and presents it to the client as part of Step 35”);
responsive to detecting the request to access the consent receipt modification interface, presenting the consent receipt modification interface to the user, the consent receipt modification interface configured to generate a request to modify the consent receipt set based on the consent receipt modification parameter (col. 6, lines 45-47 “the client can deny the request, … grant and deny portions of the request”, note that some form of interface is required here);

completing the transaction based on the modified consent receipt set (col. 6, lines 55-60 “provides services to the client, and captures additional information”).

Awaraji does not explicitly disclose the request comprising a transaction parameter and a data subject parameter.

Sathish teaches a request comprising parameters related to monitoring user interaction (par. [0039] “the request may indicate the desired parameters for monitoring/determination”).

It would have been obvious at the time of filing to include a transaction parameter and a data subject parameter in the request (Sathish par. [0039] “the request may indicate the desired parameters”, Awaraji col. 8, lines 41-64 “transaction ID … col. 8, lines 41-64 “the symmetric key … encrypted with the patient’s public key”). Those of ordinary skill in the art would have been motivated to do so as a known means of communicating the information which would have produced only the expected results (e.g. Sathish “characteristics may be used to specify the conditions under which to monitor the user interactions”, Awaraji col. 7, lines 17-23 “information to be collected about the client”). 


a first selectable control configured to generate the request to access a consent receipt modification interface; and
the consent receipt modification interface comprising a user input configured to accept a consent receipt modification parameter and a second selectable control configured to generate the request to modify the consent receipt. 

Dufel teaches:
a first selectable control configured to generate a request to access a consent modification interface (par. [0041] "buttons, for example, 414, allowing adjustment of the consent posture"); and
a consent modification interface comprising a user input configured to accept a consent modification parameter and a second selectable control configured to generate the request to modify the consent (par. [0042] "a series of webpages ... that assists the user in changing their sharing directive ...  for example at 418, ... select to protect or unprotect ... "substance abuse" at 424 or "psychiatry related" at 426", also see Fig. 4C “Continue” button). 

It would have been obvious at the time of filing to present a modification interface as taught by Dufel (see e.g. Fig. 4A-C). Those of ordinary skill in the art would have been motivated to do so as a known means of interacting with a user which would have produced only the expected results (e.g. Dufel par. [0041] "adjustment of the consent posture", Awaraji col. 6, lines 45-47 “grant and deny portions of the request”).

Claim 16: Awaraji, Sathish and Dufel teach the non-transitory computer-readable medium of claim 15, wherein generating the modified consent receipt set comprises: 
generating a modified consent receipt based on the consent receipt and the consent receipt modification parameter (Awaraji col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”); 
associating a date of generation of the modified consent receipt with the modified consent receipt (col. 8, lines 13-20 “the date of the transaction”); and 
associating the modified consent receipt with the consent receipt set to generate the modified consent receipt (col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”).

Claim 17: Awaraji, Sathish and Dufel teach the non-transitory computer-readable medium of claim 16, wherein completing the transaction based on the modified consent receipt set comprises: 
determining that the modified consent receipt is a current consent receipt date of generation of the modified consent receipt (col. 7, lines 52-56 “marked as inactive or deleted”, col. 8, lines 13-20 “the date of the transaction”); and 


Claim 18: Awaraji, Sathish and Dufel teach the non-transitory computer-readable medium of claim 15, wherein generating the modified consent receipt set comprises: 
generating a modified consent receipt based on the consent receipt and the consent receipt modification parameter (col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”); and 
associating an indication of the consent receipt modification interface with the modified consent receipt (col. 6, lines 54-55 “The client’s approval/rejection of the request is transmitted back to the trusted information broker”, col. 8, lines 41-46 “stored in a transaction record”).

Claims 6-7, 10, 13 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 8,589,183 to Awaraji et al. (Awaraji) in view of US 2012/0102411 to Sathish (Sathish) in view of US 2014/0324480 to Dufel et al. (Dufel) in view of US 9,887,965 to Kay et al. (Kay).

Claim 6: Awaraji, Sathish and Dufel teach the system of claim 1, but do not explicitly teach wherein receiving the request to initiate the transaction comprises detecting browser data in a browser application executed on a user device, the browser data comprising the transaction parameter, the data subject parameter, and the consent parameter.

Kay teaches a request to initiate a transaction comprising detecting browser data in a browser application executed on a user device (e.g. col. 14, lines 16-19 “pulls a collection of standard user-specific identity information (e.g. , name and email address) from the client’s browser 410”).

It would have been obvious at the time of filing to detect browser data comprising the transaction parameter, the data subject parameter and the consent parameter (Kay col. 14, lines 16-19 “pulls a collection of standard user-specific identity information (e.g. , name and email address) from the client’s browser 410”, Awaraji col. 8, lines 41-64 “a transaction ID … the symmetric key … encrypted with the patient’s public key … the symmetric key … encrypted with the … encrypted with the trusted information broker’s public key”). Those of ordinary skill in the art would have been motivated to do so as a known means of retrieving such information which would have produced only the expected results.

Claim 7: Awaraji, Sathish and Dufel teach the system of claim 1, but do not explicitly teach wherein the transaction comprises tracking interaction of the data subject with a website.

Kay teaches tracking interaction of a data subject with a website (col. 14, lines 16-33 “pulls a collection of … information … user’s browsing history, web application purchase history, content files (e.g., public blog posting), etc.”). 



Claim 10: Awaraji, Sathish, and Dufel teach the method of claim 8, wherein the transaction comprises accessing a service by the data subject (Awaraji col. 7, lines 17-23 “a client requests service form service provider”).

Awaraji, Sathish and Dufel do not explicitly teach the service is a website.

Kay teaches a transaction comprising accessing a website by a data subject (col. 2, lines 39-41 “a user’s identity can also be used for website”). 

It would have been obvious at the time of filing to provide consent monitoring of transactions comprising accessing a website (). Those of ordinary skill in the art would have been motivated to do so to provide control over access to the subject’s data (see e.g. Kay col. 2, lines 41-46 “does not want the website to know the user’s e-mail address”).

Claim 13: Awaraji, Sathish and Dufel teach the method of claim 8, but do not explicitly teach wherein the subject identifier comprises an email address associated with the data subject or a user identifier based on the email address associated with the data subject.

Kay teaches a subject identifier comprising an email address (col. 14, lines 16-19 “user-specific identity information (e.g., … email address)”). 

It would have been obvious at the time of filing to use an email address associated with the data subject as a user identifier (Kay col. 14, lines 16-19 “user-specific identity information (e.g., … email address)”). Those of ordinary skill in the art would have been motivated to do so as a known means of identifying a subject which would have produced only the expected results (Kay col. 14, lines 16-19 “user-specific identity information”, Awaraji col. 4, lines 20-23 “identification of a client”).

Claim 19: Awaraji, Sathish, and Dufel teach the non-transitory computer-readable medium of claim 15, wherein detecting the request to initiate the transaction comprises detecting data in an application executed on a user device operating in a first computer network by the processing hardware, wherein the processing hardware is configured in a second computer network (e.g. Awaraji col. 7, lines 16-18 “a client requests service form service provider 3”, col. 7, lines 24-26 trusted information broker”).

Awaraji, Sathish and Dufel do not explicitly teach detecting browser data in a browser application.



It would have been obvious at the time of filing to detect browser data in a browser application executed on the user device (col. 14, lines 16-23 “pulls a collection of standard user-specific identity information … from the client’s browser 410”). Those of ordinary skill in the art would have been motivated to do so as a known method of collecting such data that would have produced only the expected results. 

Claim 20: The non-transitory computer-readable medium of claim 19, wherein the consent parameter indicates consent by the data subject to processing of the personal data received at the second computer network via the first computer network (Awaraji col. 7, lines 17-23 “the client consents”, col. 7, lines 16-18 “a client requests service form service provider 3”, col. 7, lines 24-26 trusted information broker”).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON D MITCHELL whose telephone number is (571)272-3728. The examiner can normally be reached Monday through Thursday 7:00am - 4:30pm and alternate Fridays 7:00am 3:30pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on (571)272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JASON D MITCHELL/Primary Examiner, Art Unit 2199