Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communication received 4/10/2020. Claims 1-20 are pending.

Objection
Claims 1-20are objected to because of a spelling error: the claims recites “a contents of the environment ...” instead of “a content of the environment ...” (see claims 1, 13 and 17).
Correction is kindly requested.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 13-16 are rejected under 35 USC 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims are directed to a computer-readable storage medium ... The broadest reasonable interpretation of a computer-readable storage medium includes signals. A review of the specification indicates that the claimed computer readable storage medium does not exclude signals, therefore the claims are not statutory. 
In order to be statutory, the Applicant is recommended to amend the claims to have them explicitly exclude signals, for instance by having the claims recite: a non-transitory computer readable storage medium ...

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5, 12-13, 15, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200344237 to Murdoch et al., hereinafter Murdoch.

Regarding claim 1, Murdoch discloses 
A method comprising: at a respective computing system: receiving, from outside of the respective computing system, a request to run a program on a first set of data stored within the respective computing system ([0108][0131] Fig 7, 701: entity requests to access Alice’s data in the hub service to be used as input of an application, Alice’s data includes different types of personal data stored in Hub service [0105] Fig. 6, 660), wherein the program includes instructions that define one or more operations to be performed on the first set of data ([0103] example of operation: generate an insurance quote on Alice’s data; [0111] check Alice’s credit data .Although Murdoch does not explicitly teach the application includes instructions that , and wherein the first set of data is stored in association with a first data access policy that defines access restrictions for the first set of data (Fig. 6 [0116][0117] Alice’s data associated with permission); in response to receiving the request, determining whether the request to run the program on the first set of data satisfies the access restrictions defined by the first data access policy (Fig. 7, 702 [0133]: determine scope of permission, the scope of permission including data allowed to be accessed, read/write ... permission, frequency of access, timeframe ....([0119])); and in response to determining whether the request to run the program satisfies the access restrictions: in accordance with a determination that the request to run the program satisfies the access restrictions, running the program, including performing the one or more operations, on the first set of data in accordance with the first data access policy (Fig. 7, 704: grant permission to execute application), wherein running the program on the first set of data includes running the program in an environment within the respective computing system, wherein a contents of the environment cannot be accessed from outside of the environment ([0120]: the environment includes allowed days/time to run the application on Alice’s data, and prohibits the execution outside the days/time); and in accordance with a determination that the request to run the program does not satisfy the access restrictions, forgoing running the program on the first set of data ([0118]: deny request to run application if requesting entity in a blacklist of entities unauthorized to access the personal data).  

Regarding claim 2, Murdoch discloses the method of claim 1, wherein the access restrictions define one or more of an entity that is able to access the first set of data, a manner of use for the first set of data, or security requirements for accessing the first set of data ([0118]: restrictions include blacklisted entities unable to access the data).  

Regarding claim 5, Murdoch discloses the method of claim 1, wherein: the first set of data is encrypted with encryption information, running the program on the first set of data comprises decrypting the first set of data ([0078]: party that wants to use the data must decrypt it with owner public key, the data used as input of an application (Fig. 7, 701)); and forgoing running the program on the first set of data comprises forgoing decrypting the first set of data ([0111][0118]: entity is denied access to the data, therefore using the data as input for application, meaning when the data is encrypted ([0078]), the denying access to the data will not allow the decrypting of the data). 

Regarding claim 12, Murdoch discloses the method of claim 1, wherein the first set of data is data associated with a person, and the first data access policy is defined by the person ([00117][0118] permissions defined by owner).  

Regarding claims 13 and 17, the claims recite substantially the same content as claim 1 and are rejected using the rationales for rejecting claim 1.
Regarding claims 15 and 19, the claims recite substantially the same content as claim 5 and are rejected using the rationales for rejecting claim 5.

Claims 3, 14 and 18 are rejected under 35 USC 103 as being unpatentable over Murdoch, in further view of US 8837718 to Lauter et al., hereinafter Lauter.

Regarding claim 3, Murdoch discloses the method of claim 1; Murdoch discloses wherein the first set of data is encrypted in a first manner and stored with the first data access policy in a first data capsule ([0078]: encrypt a subset of the data, stored with the permission (see Fig. 6, 650), and requiring parties to have a specific key to decrypt the data); Murdoch teaches a second set of data stored with a second data access policy in a second data capsule ([0096], Fig. 6, 670), and the second data access policy defines access restrictions for the second set of data, different from the access restrictions for the first set of data([0102]: the data owner specifies the scope of permission to be used, therefore it would have been obvious to have different access restrictions from different users because different users generally have different conditions for their data to be accessed).  Murdoch does not teach a second set of data is encrypted in a second manner.
In an analogous art, Lauter discloses partitioning data based on sensitivity (col.5:50-60); different encryption keys can be used to encrypt/decrypt a first and a second set of data organized in a hierarchical setting (col.6:14-25). It would have been obvious to a skilled artisan before the present application was filed to encrypt set of data using different keys because it would facilitate “user-controlled encrypted data storage with diverse accessibility and hosting of that encrypted data” (Lauter col.1:55-60).
Regarding claims 14 and 18, the claims recite substantially the same content as claim 3 and are rejected using the rationales for rejecting claim 3.


Claim 4 is rejected under 35 USC 103 as being unpatentable over Murdoch and Lauter, in further view of US 20150222606 to Yan, hereinafter Yan.
Regarding claim 4, Murdoch in view of Lauter discloses the method of claim 3, but does not teach: wherein the first data access policy is encrypted in the first manner, and the second data access policy is encrypted in the second manner.
In an analogous art, Yan discloses a data center storing a plurality of data records from different user devices (Fig. 1); data stored by each user in the data center is encrypted according to a attributes-based encryption (ABE) scheme based on trust level of potential recipients ([0031]). The encryption algorithm uses a public encryption key, the data, access policy, public key based on trust level, and key based on validity period ... to encrypt the data ([0051]). Therefore Yan discloses the first data access policy is encrypted in the first manner, and the second data access policy is encrypted in the second manner ([0051]:  access policy and data encrypted with inputs including trust-based public key and time-based key, and access policy encrypted without the time-based key). It would have been obvious to a skilled artisan before the present application was filed to encrypt different access policies as taught by Murdoch/Lauter with different encryption scheme/keys as taught by Yan because it would allow to personalize le encrypting/decrypting of data based on potential recipients’ attributes (Yan [0005]), increasing flexibility in the access control management of the data.

Claims 6, 16 and 20 are rejected under 35 USC 103 as being unpatentable over Murdoch, in further view of US 20140359305 to Pappachan  et al., hereinafter Pappachan.
Regarding claim 6, Murdoch discloses the method of claim 5, but does not teach the rest of the limitations.
In an analogous art, Pappachan discloses a device in which a secure execution environment is instantiated, and stores an application (Fig. 1, 112). Pappachan discloses wherein running the program on the first set of data further comprises: instantiating the environment, which is a secure execution environment, within the respective computing system (Fig. 1, secure execution environment is configured in device); providing the encrypted first set of data, the decryption information and the program to the secure execution environment; and within the secure execution environment: decrypting the encrypted first set of data using the decryption information; and running the program on the decrypted first set of data and generating a second set of data as an output of the program ([0014][0067]: data  encrypted with first encryption protocol is transmitted to the secure execution environment, which also is provided the encryption protocol ([0026]) and the program (Fig. 1, Application 114)); the data is decrypted using the first encryption protocol, and processed by the application to output data). It would have been obvious to a skilled artisan before the present application was filed to have a secure execution environment be provided with the application and the encrypted data, decrypted and processed by the application as taught by Pappachan because it would ensure integrity of the input data and the application, protected from outside interception and alteration (Pappachan [0011]).
Regarding claims 6 and 16, the claims recite substantially the same content as claim 6 and are rejected using the rationales for rejecting claim 6.

Claims 10-11 are rejected under 35 USC 103 as being unpatentable over Murdoch, in further view of publication titled “MeDShare: trust-less medical data sharing among cloud service providers via blockchain”, by Xia  et al., 2017, p. 14757-15767, hereinafter Xia.
Regarding claim 10, Murdoch discloses the method of claim 1; Murdoch also discloses a distributed ledger that records transactions related to the data ([0065]) However, Murdoch does not explicitly teach transmitting a record of the request to run the program on the first set of data for storage on a distributed ledger, outside of the respective computing system.  Recording requests on a ledger is known in the art as evidenced by Xia. Xia in an analogous art teaches a system recording data transitions and sharing from one entity to the other in a tamper-proof manner (see Abstract). Xia discloses transmitting a record of the request to run the program on the first set of data for storage on a distributed ledger, outside of the respective computing system (p. 14762, B. use of smart contracts when an action has been activated, to report the actions to the blockchain, the actions (read, write, duplicate ...) when performed on the data trigger the smart contracts to send a report to the blockchain, which (p.14759, A) is a distributed database). It would have been obvious to a skilled artisan before the present application was filed to record the request on the distributed ledger as taught by Xia because it would monitor “data provenance, auditing and control ... and effectively track the behavior of the data and revoke access to offending entities on detection of 
Regarding claim 11, Murdoch in view of Xia discloses the method of claim 10, wherein the distributed ledger is a blockchain ledger (Xia p.14759, A).

Allowable Matter
Claims 7-9 recite allowable matter.
Regarding claim 7, Murdoch in view of Pappachan discloses the method of claim 6; while Murdoch discloses making available, to outside of the respective computing system, the second set of data (Fig. 3, [0067]: provide output to a user output interface 318, external to the secure execution environment),  Murdoch or Papachan or any other prior art of the record fails to teach without making available, to outside of the secure execution environment, the first set of data.
Therefore claim 7 is found allowable.
Claims 8-9, depending from claim 7 are also found allowable.
Claims 7-9 are being  objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Simmons et al 20200082117 disclose receiving a request for access to user data, the request identifying the requested user data, user id, requesting entity, access permission..., determining if access to the user data is authorized and recording the request in a ledger.
Xu et al 10021103 disclose receiving a request for access to a service from another service, determining whether to authorize the request based on policy.
Minear et al 7096004 disclose receiving permission associated with a mobile device, the mobil requests to execute an application, evaluate the permission associated with the mobile, allow/deny to execute the application
Kim et al 20160359916 disclose  receiving 1st and 2nd segments of a data file, encrypt 1st segment according to a policy of content provider providing the content file; encrypt 2nd segment using an encryption scheme different from the one used for the 1st segment. 
Davison 20150195086 discloses a server encrypting sensitive portions of files restricted to different levels using different types of encryption keys (key length) and policies to decrypt the data and access the data. 
Lidman  20200374269 discloses a secure execution (SEE) environ receiving encrypted audio  signal from a trusted server, deriving the encryption key associated with the server and decrypting the audio signal, processing the decrypted audio signal  and outputting audio data. 
Jajodia et al “A Unified Framework for Enforcing Multiple Access Control Policies”, 1997, ACM p.474-485, discloses users specifying authorizations and access 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.