DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/19/2021 has been entered.
Claims 1-20 remain pending in this application. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Step 1:
Claims 1-9 are drawn to a method which is within the four statutory categories (i.e. process).   Claims 10-15 are drawn to a non-transitory medium machine-readable storage device which is 
Step 2A, Prong 1:
Claims 1, 10 and 16 have been amended to recite:
“receiving a request at a provider for the protected data, the request including a unique identifier corresponding to an authorization to access the protected data or a participant identifier; 
searching the revocation ledger to determine whether at least one of the unique identifier and the participant identifier being stored in the revocation ledger; 
denying the request for protected data in response to the unique identifier being stored in the revocation ledger; 
denying the request for protected data in response to the participant identifier being stored in the revocation ledger; and 
granting the request for the protected data in response to neither the unique identifier nor that participant identifier being stored in the revocation ledger.”. These limitations, under their broadest interpretation, corresponds to “certain methods of organizing human activity”. This is a method of managing interactions between people, such as user following rules and instructions to grant or deny access to the protected data. The mere nominal recitation of a generic processor and memory does not take the claim out of the methods of organizing human interactions grouping. Thus, the claims recite an abstract idea.
Dependent claims also correspond to “certain methods of human activity”, such as claims 5, 13 and 19 recite “obtaining a protected data authorization associated with the person; determining access rights specified in the protected data authorization; and denying the request in response to the access rights prohibiting access” and claims 6, 14 and 20 recite “obtaining a protected data authorization associated with the person; determining effective dates permitting access to the protected data 
Claims 2-4, 7-9, 11-12, 15, 17 are ultimately dependent from Claims 1, 10, 16 and include all the limitations of Claims 1, 10, 16. Therefore, claims 2-4, 7-9, 11-12, 15, 17 recite the same abstract idea. Claims 2-4, 7-9, 11-12, 15, 17 describes a further limitation regarding the basis for denying or granting access to the protected data. These are all just further describing the abstract idea recited in claims 1, 10, 16, without adding significantly more.  
Step 2A, Prong 2:
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of “revocation ledger”, “a processor” and “a memory”, and “the processor to perform operations of: receiving a request at a provider for protected data, the request including a unique identifier corresponding to an authorization to access the protected data or a participant identifier; searching a revocation ledger; denying the request for protected data in response to the unique identifier being stored in the revocation ledger wherein the revocation ledger comprises cryptographically linked blocks of revocations of previous documents granting access to the protected data; denying the request for protected data in response to the participant identifier being stored in the revocation ledger; and granting the request for the protected data in response to neither the unique identifier nor that participant identifier being stored in the revocation ledger”. 
These are hardware (The “processor” is described in the current specification as “The term, "processor," may refer to a hardware component, such as a processing unit of a computer system.” In par. 15, and it’s a generic computer processor) and/or software elements, and these limitations are not enough to qualify as “practical application” being recited in the claims along with the abstract idea since 
The newly added feature of “searching the revocation ledger…without accessing to individually identifiable patient information” corresponds to another additional element that is not integrated into a practical application, since it’s describing how the system store the personal data. The current specification recites: “…compared to other methods that propose storing patient information or pointers to 35 patient information stored elsewhere, system 100 does not store any individually identifiable11 patient information on the ledger, system 100 does not store any pointers to individually identifiable patient information on the ledger. Pointers to previous authorization records are shared via the UUID. Hence, patient privacy and confidentiality are protected.” In par. 79. The feature of “searching the revocation ledger…without accessing to individually identifiable patient information” is a well-understood, routine and conventional activity evidenced by, for instance the article published in the 2017 IEEE International conference on e-Health Networking, Applications and Services (Healthcom) (Metrics for Assessing Blockchain-based Healthcare Decentralized Apps, by Peng Zhang et al., Vanderbilt University). In particular, the article describes PII in a blockchain system as:
“The HIPAA privacy regulations [6] require the confidentiality and protection of individually identifiable health information that is transferred, received, handled, or shared by healthcare professionals and organizations. Moreover, only the minimum health information necessary to conduct business can be used or shared. All systems and apps created to share personally identifiable information(PII) must be HIPAA compliant. As a result, any PII accessed by the DApp or written to a public blockchain must be encrypted and securely managed by parties interacting with this app.” On page 1, under Health Insurance Portability and Accountability Act (HIPAA). 
Claims 1, 10 and 16 also recite the additional elements of “generating, via a distributed, cryptographically secure system, a revocation data structure for a revocation ledger storing revocation records, wherein the revocation data structure comprises cryptographically linked blocks of revocations of previous documents granting access to protected data; updating, via the distributed, cryptographically secure system, the revocation data structure of the revocation ledger upon receiving a published revocation” and these elements also correspond to tools to apply instructions (software elements) and that are mere instructions to apply/implement/automate an abstract idea in a particular technological environment. 
Dependent claims also recite additional elements, such as, claim 7 recites “the revocation ledger comprises a set of cryptographically linked blocks containing transactions corresponding to revocations of authorizations by multiple persons to access protected data of such persons” and claim 9 recites “the revocation ledger comprises a blockchain ledger”. These limitations correspond to software elements as well, and they are not enough to qualify as “practical application” being recited in the claims along with the abstract idea. 
Step 2B:
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform “receiving access request, searching the ledger, denying/granting access to data” steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-8 and 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over Birtwhistle et al. (hereinafter Birtwhistle) (US Patent No. 8,667,293 B2), Finlow-Bates (hereinafter Finlow) (US 20160254910 A1) and further in view of Curbera et al. (hereinafter Curbera) (US 2018/0082024 A1).

Claim 1 has been amended now to recite a computer implemented method comprising: 
receiving a request at a provider for the protected data, the request including a unique identifier corresponding to an authorization to access the protected data or a participant identifier (Birtwhistle discloses “An example of authentication is illustrated by 602. The manager 604 may transmit an authentication request 610 to the agent 606 to initiate the authentication of secure communication between the manager 604 and the agent 606. The authentication request 610 may include, for example, the role of the manager 604, the public key, and/or other suitable data. In various implementations, the authentication request 610 may be in the form of a digital certificate.” in col. 8, lines 27-34); 
searching the revocation ledger (Birtwhistle discloses “comparing the cryptographic certificate with the revocation list; and selectively executing a protective function by the configuration device when the cryptographic certificate is the same as one of the N cryptographic certificates of the revocation list” in abstract); 
denying the request for protected data in response to the unique identifier being stored in the revocation ledger (Birtwhistle teaches “comparing the cryptographic certificate with the revocation list; and selectively executing a protective function by the configuration device when the cryptographic certificate is the same as one of the N cryptographic certificates of the revocation list” in abstract, “a device/user certificate” in col. 7, lines 10-27); 
denying the request for protected data in response to the participant identifier being stored in the revocation ledger (Birtwhistle teaches “receiving a revocation list from a first remote data server at a configuration device. The revocation list includes N cryptographic certificates associated with N handheld medical devices, respectively, that are to be denied access to data accessible via a second remote data server. N is an integer greater than or equal to zero. The method further includes receiving data from a handheld medical device at the configuration device. The data includes a cryptographic certificate that is associated with the handheld medical device. The method further includes comparing the cryptographic certificate with the revocation list; and selectively updating the handheld medical device with data from the second remote data server after a determination that the cryptographic certificate is not the same as any of the N cryptographic certificates of the revocation list” in abstract, and in col. 2, line 63 to col. 3, line 12); and 
granting the request for the protected data in response to neither the unique identifier nor that participant identifier being stored in the revocation ledger (Birtwhistle discloses “The manager 604 may transmit an authentication request 610 to the agent 606 to initiate the authentication of secure communication between the manager 604 and the agent 606.” In col. 8, lines 27-34).

Birtwhistle fails to expressly teach “generating, via a distributed, cryptographically secure system, a revocation data structure for a revocation ledger storing revocation records, wherein the revocation data structure comprises cryptographically linked blocks of revocations of previous documents granting access to protected data; updating, via the distributed, cryptographically secure system, the revocation data structure of the revocation ledger upon receiving a published revocation”. However, this feature is well known in the art, as evidenced by Finlow.
In particular, Finlow discloses “The flow of a data comprising the generation of the key revocation message, inclusion in a successfully generated block of data, and the appending of said block of data to the shared ledger is also illustrated through FIG. 4.” in par. 56 and “the enhanced node may construct a block of data containing the key revocation message” in par. 59, “The techniques additionally, or alternatively, may be realized at least in part by a computer-readable communication medium or record carrier, that carries or communicates code in the form of instructions or data structures and that can be accessed, read, and/or executed by a computer.” In par. 37.
It would have been obvious to one having ordinary skill in the art, before the effective filing date of the claimed invention, to include the aforementioned limitation as disclosed by Finlow with the motivation of sending a key revocation message by a network connected device to other network connected devices over a peer-to-peer network for inclusion in a ledger (Finlow; abstract).

 	Birtwhistle fails to expressly teach the newly added features of “searching the revocation ledger to determine whether at least one of the unique identifier and the participant identifier being stored in the revocation ledger, without accessing to individually identifiable patient information”.  However, this feature is well known in the art, as evidenced by Curbera.
In particular, Curbera discloses “Furthermore, through the blockchain or other ledger based mechanisms of the illustrative embodiments, a persistent immutable store of transactions of patient information, linking consents with the patient information being transacted and the entities involved in the transaction is provided. In some cases the consents may be for de-identified data, such as for patient information being provided to a research facility. In such cases, current laws permit reuse of such de-identified data, however personal identifiers are removed from the data at the point of use making this a repetitive process. The illustrative embodiments support the ability to remove personal identifiers from patient information in accordance with consents, and replace the information with a tag that indicates the removal, such as a “no longer identified” tag, and certification under consents may be done once and registered in the blockchain or ledger, enabling free exchange of de-identified data patient information without repetitive de-identifying operations.” In par. 2 and par. 136.
It would have been obvious to one having ordinary skill in the art, before the effective filing date of the claimed invention, to include the aforementioned limitation as disclosed by Curbera with the motivation of utilize an improved form of blockchain technology to assist with providing a secure distribution of patient consent and patient information (Curbera; par. 39).

As per claim 2, Birtwhistle discloses the method of claim 1 wherein the participant identifier corresponds to the person associated with the protected data and comprises a public key associated with the person (Birtwhistle; col. 7, lines 28-37).

Claim 3 recites the method of claim 1 wherein the participant identifier corresponds to a provider that received the request for protected data (Birtwhistle; col. 4, lines 37-44).
Claim 4 recites the method of claim 1 wherein the person comprises a patient, the protected data comprises health care records of the patient, and the provider comprises a health care facility that generated the request (Birtwhistle; col. 4, lines 37-44).

Claim 5 recites the method of claim 1 and further comprising: obtaining a protected data authorization associated with the person; determining access rights specified in the protected data authorization; and denying the request in response to the access rights prohibiting access (Birtwhistle; abstract).

Claim 6 recites the method of claim 1 and further comprising: obtaining a protected data authorization associated with the person; determining effective dates permitting access to the protected data authorization; and denying the request in response to a current date being outside the effective dates (Birtwhistle discloses “cryptographic certificates associated with N computer entities” in abstract. Examiner considers that the certificates involves effective dates).

Claim 7 recites the method of claim 1 wherein the revocation ledger comprises a set of cryptographically linked blocks containing transactions corresponding to revocations of authorizations by multiple persons to access protected data of such persons (Birtwhistle; abstract).

Claim 8 recites the method of claim 7 wherein such revocations are signed with private keys of public/private key pairs, each such pair associated with a corresponding entity including a trusted third party (Birtwhistle; col. 7, lines 28-37).

As per claims 10-15, they are article of manufacture claims which repeat the same limitations of claims 1-7, the corresponding method claims, as a collection of executable instructions stored on machine readable media as opposed to a series of process steps. Since the teachings of Birtwhistle disclose the underlying process steps that constitute the method of claims 1-7, it is respectfully submitted that they likewise disclose the executable instructions that perform the steps as well.  As such, the limitations of claims 10-15, are rejected for the same reasons given above for claims 1-7.

As per claims 16-20, they are system claims which repeat the same limitations of claims 1-2, 4-6, the corresponding method claims, as a collection of elements as opposed to a series of process steps.  Since the teachings of Birtwhistle disclose the underlying process steps that constitute the methods of claims 1-2, 4-6, it is respectfully submitted that they provide the underlying structural elements that perform the steps as well.  As such, the limitations of claims 16-20 are rejected for the same reasons given above for claims 1-2, 4-6.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Birtwhistle et al. (hereinafter Birtwhistle) (US Patent No. 8,667,293 B2), Finlow-Bates (hereinafter Finlow) (US 20160254910 A1), Curbera et al. (hereinafter Curbera) (US 2018/0082024 A1) and further in view of Madhavan et al. (hereinafter Madhavan (US 2017/0293669A1).

Claim 9 recites the method of claim 1 wherein the revocation ledger comprises a blockchain ledger.
Birtwhistle fails to expressly teach the revocation ledger comprises a blockchain ledger. However, this feature is well known in the art, as evidenced by Madhavan.
In particular, Madhavan discloses “blockchain" methodology” in par. 4.
(Madhavan; par. 4).

Response to Arguments
Applicant's arguments filed 11/19/2021 have been fully considered but they are not persuasive. 
Argument 1: 35 USC 101 rejection
	Prong 1: Applicant argues that the current claims have been amended now to recite “searching the revocation ledger to determine whether at least one of the unique identifier and the participant identifier being stored in the revocation ledger, without accessing to individually identifiable patient information” and this feature cannot be performed in the human mind or with pen and paper. In response, Examiner submits that “searching the revocation ledger to determine whether at least one of the unique identifier and the participant identifier being stored in the revocation ledger” is considered a part of the abstract idea of certain methods of organizing human activities and not a mental process that a user can think about it in mind or can do the search using pen and paper. In particular, this feature is one of the tasks that a user can do using a generic computer in order to obtain data. 
The newly added feature of “searching the revocation ledger…without accessing to individually identifiable patient information” corresponds to another additional element that is not integrated into a practical application, since it’s describing how the system store the personal data. The current specification recites: “…compared to other methods that propose storing patient information or pointers to 35 patient information stored elsewhere, system 100 does not store any individually identifiable11 patient information on the ledger, system 100 does not store any pointers to individually identifiable patient 
Prong 2A: Applicant argues that the amended claims recite a specific way in which the judicial exception is integrated into a practical application. In response, Examiner submits that The current specification recites: “…compared to other methods that propose storing patient information or pointers to  patient information stored elsewhere, system 100 does not store any individually identifiable patient information on the ledger, system 100 does not store any pointers to individually identifiable patient information on the ledger. Pointers to previous authorization records are shared via the UUID. Hence, patient privacy and confidentiality are protected.” In par. 79. 
The feature of “searching the revocation ledger…without accessing to individually identifiable patient information” is a well-understood, routine and conventional activity evidenced by, for instance the article published in the 2017 IEEE International conference on e-Health Networking, Applications and Services (Healthcom) (Metrics for Assessing Blockchain-based Healthcare Decentralized Apps, by Peng Zhang et al., Vanderbilt University). In particular, the article describes PII in a blockchain system as:
“The HIPAA privacy regulations [6] require the confidentiality and protection of individually identifiable health information that is transferred, received, handled, or shared by healthcare professionals and organizations. Moreover, only the minimum health information necessary to conduct business can be used or shared. All systems and apps created to share personally identifiable information(PII) must be HIPAA compliant. As a result, any PII accessed by the DApp or written to a public blockchain must be encrypted and securely managed by parties interacting with this app.” On page 1, under Health Insurance Portability and Accountability Act (HIPAA). 
Therefore, this feature does integrate the judicial exception into a practical application, since the system does not store the individually identifiable patient data in the ledger, since storing PII data in an 
Step 2: Applicant argues that the claimed techniques produce improved accuracy which can lead to the improved provision of medical care. In response, Examiner submits that, neither the current claims nor the specification provides any technical improvements beyond describing a cryptographically secured system that provides access to the protected data. Improving the accuracy does not provide a technical improvement, but may provide an improved outcome/result. The current claims are directed to determining whether to grant or deny access to the protected data based on user identification. The recited system further searching the revocation ledger to determine whether at least one of the unique identifier and the participant identifier being stored in the revocation ledger (determining user access privileges to obtain a patient data) without accessing to individually identifiable patient information. This feature corresponds to an additional element that is well-understood, routine and conventional activity known in the healthcare industry as indicated in the rejection above (i.e. encrypting PII data).  
Therefore, the arguments are not persuasive and claims are rejected under 35 U.S.C. §101 as being directed to non-statutory subject matter.

Argument 2: 35 USC 103 rejection
Applicant’s arguments with respect to 35 USC 103 rejection of claims 1-20 have been considered but are moot because the new ground of rejection does not rely on the combination of references applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DILEK B COBANOGLU whose telephone number is (571)272-8295. The examiner can normally be reached 8:30-5:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fonya Long can be reached on 5712705096. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DILEK B COBANOGLU/Primary Examiner, Art Unit 3626