DETAILED ACTION
Claims 1-16 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Sameer Gokhale (Reg. No. 62618) on December 16, 2021.
The application has been amended as follows: 

1 (Currently Amended).  A method for accessing personal data belonging to a data owner, the access rights of a user to these personal data for a predetermined use being represented by an access token, said method comprising:
(a) generating access tokens by an access token server in accordance with access policies stored in a first database hosted by said access token server, the access token of said user being identified by a token identifier and transmitted, with a first transaction, to a first smart contract stored in a blockchain, the first smart contract recording the access token in the blockchain;
the first smart contract cryptographic elements when the access conditions contained in the access token are an access authorization in the blockchain;
(c) transmitting by the terminal of said user an access request to [[the]] a data server hosting a second personal database in which are stored said personal data, the access request comprising said authorization request identifier, the data server interrogating the second smart contract by supplying to [[it]] the second smart contract said authorization request identifier, the second smart contract returning to the data server the access token corresponding to the access request [[if]] when the [[an]] access authorization corresponding to the authorization request identifier is the second personal database, at a URL specified in the access token, and  transmitting the personal data to the terminal of said user.

2 (Currently Amended).  The method for managing access to personal data according to claim 1, wherein at step (a), following emission of the first transaction, the access token server transmits a consent request to the terminal of the data owner of the personal data and that the terminal of the data owner emits a third transaction destined for a third smart contract stored in the blockchain, the third transaction comprising a first Boolean variable indicating [[the]] data owner of the personal data to access the personal data by said user.

3 (Currently Amended).  The method for managing access to personal data according to claim 1, wherein the second transaction comprises [[the]] payment of an amount in cryptocurrency to the data owner of the personal data.

4 (Previously Presented).  The method for managing access to personal data according to claim 1, wherein said cryptographic elements comprise a public key of the user and a wallet address obtained by hashing of said public key. 

5 (Previously Presented).  The method for managing access to personal data according to claim 1, wherein, prior to step (b), the token identifier is transmitted to the terminal of said user.

6 (Previously Presented).  The method for managing access to personal data according to claim 1, wherein at step (b) the access authorization request is recorded in the blockchain.

7 (Previously Presented).  The method for managing access to personal data according to claim 1, wherein the access token has a first field containing the token identifier, a second field containing an identifier of the user, a third field containing an identifier of the data owner of the personal data, a fourth field containing the URL where the personal data is found and a fifth field containing a digital fingerprint of a set of access parameters.

the personal data to said user.

9 (Previously Presented).  The method for managing access to personal data according to claim 7, wherein the second field comprises a wallet address of the user and a public key of the user and owner and a public key of the data owner 

10 (Currently Amended).  The method for managing access to personal data according to claim 7, wherein the access token has a sixth field containing an expiration date of said access token.

11 (Currently Amended).  The method for managing access to personal data according to claim 7, wherein the access token has a seventh field containing a Boolean variable indicating [[if]] when the data owner of the personal data has given [[his]] consent.

12 (Currently Amended).  The method for managing access to personal data according to claim 7, wherein the access token has an eighth field containing a Boolean variable indicating [[if]] when an amount required for [[the]] use of the access token has 

smart contract having [[the]] a function of keeping up to date a balance of the cryptocurrency accounts of the user, of the data owner of the personal data, of the access token server and of the data server.

14 (Previously Presented).  The method for managing access to personal data according to claim 1, wherein at step (c), the personal data read in the second database are transmitted to the terminal of said user via a secure channel.

15 (Previously Presented).  The method for managing access to personal data according to claim 14, wherein the data server carries out a processing of the personal data before transmitting them to the terminal of said user.

16 (Currently Amended).  A system for managing access to personal data comprising an access token server hosting a first database containing the access profiles of different users, a terminal of a user, a data server hosting a second database in which are stored said personal data, the terminal of said user being connected to the data server via a secure channel, wherein the access token server, the terminal of said user and the data server each have an interface enabling them to communicate with a blockchain;
 said access token server including processing circuitry being configured to generate an access token for a user, in accordance with the access policies stored in the first database, and to transmit said access token, identified by a token identifier, to a first smart contract stored in the 
the terminal of said user including processing circuitry being configured to transmit, with a second transaction, an access authorization request identified by an authorization request identifier, to a second smart contract stored in the blockchain, the second smart contract interrogating the first smart contract and obtaining the access token by supplying to [[it]] the first smart contract cryptographic elements when [[the]] access conditions contained in the access token are an access authorization in the blockchain;
the processing circuitry of the terminal of said user being further configured to transmit an access request to the  data server, the access request comprising said authorization request identifier, the data server then interrogating the second smart contract by supplying to [[it]] the second smart contract said authorization request identifier, the second smart contract returning to the data server the access token [[if]] when the [[an]] access authorization corresponding to the authorization request identifier is 
the data server including processing circuitry being configured to read the personal data stored in the second database, at a URL specified in the access token, and to transmit the personal data to the terminal of said user via the secure channel.   


REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “(a) generating access tokens by an access token server in accordance with access policies 
The following is considered to be the closest prior art of record:
Bulleit (US 20180060496) – teaches storing healthcare information in a blockchain distributed ledger and granting permissions to other users to view the 
Roets (US 2019/0089525) – teaches using a first smart contract to configure a second smart contract and accepting a token containing a license.
James (US 10373158) – teaches having multiple smart contracts on a blockchain for a digital asset token.
Ellis (GB 2573499) – teaches storing a secret on a blockchain by multiple smart contracts and using the secret for later verifications.
Isaacson (US 2019/0356641) – teaches a second smart contract communicating with a first smart contract.
Kravitz (US 2017/0213210) – teaches authorization using a smart contract.
Wang (US 2020/0162259) – teaches storing smart contracts and non-smart contracts on a blockchain.
Chow (US 2019/0081796) – teaches generating encryption keys by interacting with a smart contract stored in a distributed ledger of a blockchain.
Sheng (US 2017/0228731) – teaches the use of storing transactions on a blockchain and verifying the transactions using miners as well as setting up a smart contract to pay for a hotel room after the client checks out.
Surcouf (US 2018/0032383) – teaches executing smart contracts during a key request or after completing a transaction.

None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1-16 are considered to be allowable.
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498