DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 01/24/2020. 
Examiner’s Note
The Application was allowed on 1/13/2022. However, the claims 1, and 9-11 had 112(b) issues. Examiner called the Applicant representative and Applicant representative agreed to fix the issues and emailed the examiner with the corrected claim set. Please see the attachment, “emailed from the applicant”.
                			 EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given over the phone and via email from Christian Ehret (Reg. No. 69,743) on 02/25/2022. 
The following listing of claims will replace all prior versions and listings of claims in this application:
1.  A method for providing a client access to confidential information of a person stored at a source system, the client accesses the confidential information using a resource identifier, the client system and the source system comprising an encryption module for executing an encryption algorithm, the method comprising:

the source system obtaining, by generating or receiving, a first code;
the source system using the encryption algorithm for generating a second code based on the first code and based on the person identifier; 
the source system transmitting a message to a server system, the message comprising at least part of the resource identifier, the message instructing the server system to store the first code or the second code as an encrypted person identifier in association with the at least part of the resource identifier; 
the source system providing the second code or the first code respectively as authorization code to a trusted communication path for delivery of the authorization code to the client;
the source system receiving from a client a request to access the confidential information associated with the person identifier, wherein the client receives the authorization code via the trusted communication path and to receive the person identifier in order to generate the encrypted person identifier based on the received authorization code and based on the received person identifier using the encryption algorithm; and to retrieve the at least part of the resource identifier from the server system on the basis of the generated encrypted person identifier; and, to use the at least part of the resource identifier for sending the request to the source system; 
the source system providing the client access to the confidential information on the basis of the request received from the client, wherein providing access includes retrieving the confidential information from the data storage location and transmitting at least part of the confidential information to the client system
2.  The method according to claim 1, wherein
the message from the source system to the server system instructs the server system to store the second code as the encrypted person identifier in association with the at least part of the resource identifier, and wherein


3.  	The method according to claim 1, wherein the encryption algorithm is a reversible encryption algorithm and wherein 
the message from the source system to the server system instructs the server system to store the first code as the encrypted person identifier in association with the at least part of the resource identifier, and wherein
the source system provides the second code as the authorization code to the trusted communication path.

4.  	The method according to claim 1, further comprising
the source system receiving the first code from the server system.

5.  	The method according to claim 1, wherein the message from the source system to the server system comprises a first part of the resource identifier, the method further comprising:
the source system providing a second part of the resource identifier to the trusted communication path and/or to a second trusted communication path for delivery to the client, wherein
the client is adapted to receive the second part of the resource identifier via the trusted communication path and/or via the second trusted communication path respectively and to use the first part of the resource identifier and the second part of the resource identifier to construct the resource identifier for sending the request to the source system. 

6.  	The method according to claim 1, further comprising: 
the source system receiving from the client the authorization code received by the client; and
the source system providing the client access to the confidential information on the basis of the received request message and on the basis of the authorization code received from the client.

7.  	The method according to claim 1, further comprising:
in response to receiving the request message from the client, instructing the client to provide the authorization code. 

8.  	The method according to claim 1, further comprising:
the source system instructing the server system to erase the encrypted person identifier and the associated resource identifier from the server system.

9.  	The method according to claim 1, further comprising:
the source system generating a fake resource identifier and optionally a fake person identifier; and
the source system transmitting a second message to the server system, the second message comprising the fake resource identifier and optionally the fake person identifier, the second message instructing the server system to store the fake resource identifier optionally in association with the fake identifier; 
the source system receiving from a second client a second request to access data, 
determining that the fake resource identifier was used by the second client for 
sending the second request to the source system, 
comprises the fake resource identifier; and in response 
flagging the second client.

10.  	A source system for providing a client access to confidential information of a person stored at a source system, the client accesses the confidential information using a resource identifier, the client and the source system comprising an encryption module for executing an encryption algorithm, the source system comprising:
a non-transitory computer readable storage medium having at least part of a program embodied therewith; and, 
a non-transitory computer readable storage medium having computer readable program code embodied therewith, and a processor
generating the resource identifier, 
obtaining, 
using the encryption algorithm for generating a second code based on the first code and based on the person identifier; 
transmitting a message to a server system, the message comprising at least part of the resource identifier, the message instructing the server system to store the first code or the second code as an encrypted person identifier in association with the at least part of the resource identifier; 
providing the second code or the first code respectively as authorization code to a trusted communication path for delivery of the authorization code to the client;
receiving from a client a request to access the confidential information associated with the person identifier, wherein the client is adapted to receive the authorization code via the trusted communication path and to receive the person identifier in order to generate the encrypted person identifier based on the received authorization code and based on the received person identifier using the encryption algorithm; and to retrieve the at least part of the resource identifier from the server system on the basis of the generated encrypted person identifier; and, to use the at least part of the resource identifier for sending the request to the source system; 
providing the client access to the confidential information on the basis of the request received from the client, wherein providing access includes retrieving the confidential information from the data storage location and transmitting at least part of the confidential information to the client.

11.  	A method for a client system for accessing confidential information of a person stored at a source system, the client accesses the confidential information using a resource identifier, the client and the source system comprising an encryption module for executing an encryption algorithm, wherein 
generating or receiving, a first code; and to use the encryption algorithm for generating a second code based on the first code and based on the person identifier; and to transmit a message to a server system, the message comprising at least part of the resource identifier, the message instructing the server system to store the first code or the second code as an encrypted person identifier in association with the at least part of the resource identifier; and to provide the second code or the first code respectively as authorization code to a trusted communication path for delivery of the authorization code to the client;
the method comprising:
the client receiving the authorization code via the trusted communication path;
the client receiving the person identifier;
the client using the encryption algorithm to generate the encrypted person identifier based on the received authorization code and based on the received person identifier; 
the client transmitting a request message to the server system, the request message comprising the encrypted person identifier as generated by the client, the request message requesting the server system to provide the at least part of the resource identifier;
the client receiving the at least part of the resource identifier from the server system;
the client using the at least part of the resource identifier for sending a request to access the confidential information to the source system; wherein the source system is configured to provide the client access to the confidential information on the basis of the request received from the client, the method further comprising
the client gaining access to the confidential information by receiving at least part of the confidential information from the source system.

12. - 15.  (Cancelled)

Allowable Subject Matter
Claims 1-11 are allowed.
The following is an examiner’s statement of reasons for allowance:
The invention relates to systems and methods for providing a client system access to confidential information of a person stored at a source system, the client system being configured to access the confidential information using a resource identifier, the client system and the source system comprising an encryption module for executing an encryption algorithm.

The closest relevant prior art made of record are:
Noordende (US2014/0047513) teaches A system and computer-implemented method for providing decentralized access to records. The method is performed on at least one computer system including at least one processor. The method includes the steps of: generating at least one reference for at least one record stored on a source system, the at least one reference comprising authorization information and a pointer to the at least one record; receiving, at the source system from a client system, a request to retrieve the at least one record from the source system, the request initiated using the at least one reference and including at least a portion of the at least one reference; authenticating or authorizing at least one of the client system and a user of the client system; and transmitting the at least one record from the source system to the client system.
Shaikh (US8,613,105) teaches Techniques for securely storing confidential information associated with a transaction are disclosed. A method for securely storing confidential information may include storing a data set related to a first transaction in a first server, the data set configured to be searchable by an authorized administrator, storing a plurality of encrypted files that include confidential information related to a plurality of transactions in a second server, including a first encrypted file that includes confidential information related to the first transaction, storing an identifier for the first encrypted file, where the identifier is configured to include at least one key required to access the confidential information related to the first transaction, linking the data set to the identifier, and limiting the access to the plurality of encrypted files by the administrator.
Feisher(US2014/0222684) teaches a data security apparatus and method for controlling access to records provided within automated electronic databases, each record having an associated set of access rules, comprising: receiving, by a security processor, a request for access to records associated with at least one of an entity, attribute, and datum from a requestor; determining a set of records associated with the requested entity, attribute, or datum, contained in the automated electronic databases; authorizing access to the records within the determined set of records based on compliance with the associated set of access rules; defining an economic compensation rule, satisfaction of which is required 
Carner (US2014/0089008) teaches the application servicing system is further configured such that the temporary access to at least the image data is provided by allocating a dynamic URL address. The use of a dynamic URL assists in limiting the viewing and preserving the privacy of the data to be accessed. Further, the dynamically generated URL gives access to at least the image data and is only generated upon receiving the request from the person identified by the recipient identifier. The application server sends a link to the dynamic URL, to a recipient identifier identifying one or more recipients that are allowed access to the image data. However, in one embodiment, the link is sent to initiating user 30. In this case, as far as the server is concerned, the initiating user 30 is the intended recipient 40. That is, the recipient identifier is in this case the same as the sender identifier. Upon receiving the link, the initiating user can then sends the link to any further intended recipients.
Keefe (US2012/0177256) teaches multiple storage servers 14 can be combined on the same network 22 to transparently aggregate the operation of the servers from the perspective of the user. When multiple storage servers 14 are aggregated together, the servers can share information related to patient records and optionally, other capabilities such as resources related to data storage, processor, job queues, workload, etc. A user can connect to any storage server 14 in the aggregation set from a viewing station 340. When the initial connection is made, the user will be presented with a login screen from the specified storage server 14. For purposes of simplifying this description, the storage server 14 that the user chose to log into will be called the "master server" and the other servers in the aggregation set will be called "remote servers". When a search for patient records is initiated by the user on the master server, the master server will notify all remote servers in the aggregation set over the network 22 to search for patient records using the same search parameters. Results from each remote server are received by the master server over the network 22 and the results are combined by the master server and displayed to the user on the viewing station 340. When the user selects a patient record, the master server will process the request locally if the patient record is on the master server, or pass control to the remote server that is storing the selected patient record. There are multiple methods to pass control to a remote server, including but not limited to, creating a URL, also known as a network link, containing the network address of the remote server and a unique identifying information string for the patient record that the user selected on the viewing station 340 to transfer control to the remote server containing the patient record. The URL can also contain optional security information that is encoded into the URL string to prevent unauthorized users from accessing the storage server 14 with the same URL link from other computers on the network 22. The security information can use one or more methods to safeguard the storage server 14 including, but not limited to, the use of a timestamp, the use of a one-time access code, the use of a private/public key, and the encoding of unique identification information for the view station 340.
Kiliccote (US2010/0191972) teaches a system for providing secure document distribution is disclosed. The system includes an application configured to: allow an 
O’Rourke (US2002/0161795) teaches a system facilitates the secure access, and update of patient record information and the creation and navigation of image menus supporting the location and access of desired patient record data by a user. A method for use by a portable processing device for accessing patient record information involves receiving user entered information identifying at least one patient record to be acquired and a content portion of a patient record to be acquired. A patient record repository is accessed by generating a URL link including an address of the repository and containing fields incorporating the information identifying the content portion and the patient record. The generated URL link is communicated to an application used for accessing the repository and the identified patient record content portion is received in response to the communication.
Tanner (US10,366,204) teaches a system and method for a decentralized autonomous healthcare economy platform are provided. The system and method aggregates all of the healthcare data into a global graph-theoretic topology and processes the data via a hybrid federated and peer to peer distributed processing architectures.


However, none of closest prior arts mentioned above teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1, 10, and 11. For example, none of the cited prior art, alone or in combination, teaches or suggest the steps of “ the source system using the encryption algorithm for generating a second code based on the first code and based on the person identifier; wherein the client receives the authorization code via the trusted communication path and to receive the person identifier in order to generate the encrypted person identifier based on the received authorization code and based on the received person identifier using the encryption algorithm; and to retrieve the at least part of the resource identifier from the server system on the basis of the generated encrypted person identifier” in view of other limitations of claims 1, 10, and 11. Therefore the claims are allowable over the cited prior arts.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496