Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to papers filed on 11/10/2020. Claims 1-15 and 18-19 are pending, following Applicant’s preliminary amendment to amend claims 3-8, 10-12, and 14, cancel claims 16-17, and add claim 19. Claims 1 and 18-19 are independent.

Priority
Acknowledgment is made of applicant’s indication for National Stage entry from a PCT application under 35 U.S.C. 371. This application claims the benefit of PCT application PCT/GB2019/051562 filed on 06/05/2019, which claims priority to foreign patent application GB1809225.4 filed on 06/05/2018. Receipt is acknowledged of certified copies required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/10/2020 and 06/17/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the Examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a non-statutory subject matter. The claim does not fall within at least one of the four categories of patent computer-readable data storage medium”. 
Claim 19, in using the term “computer-readable data storage medium”, allows it to be interpreted as signals, thus are non-statutory. Based on current USPTO Policy, when a computer readable medium is not specifically defined as non-transitory in the Specification, the broadest reasonable interpretation is used according to MPEP 2111. Thus, the “computer-readable data storage medium” as recited in claim 19 may embody signals, i.e. transitory media (See Ex parte Mewherter, Appeal 2012-007692 (PTAB May 8, 2013)).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-7 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Bulleit et al., US 2018/0060496 A1 (hereinafter, “Bulleit ‘496”), in view of Hahn et al., US 9,646,172 B2 (hereinafter, “Hahn ‘172”).

As per claim 1: Bulleit ‘496 discloses: 
	A computer-implemented method for managing third-party access to data (computer-implemented method for controlling electronic access to data with respected to third party users, such as healthcare providers [Bulleit ‘496, ¶¶6-8]), comprising: 
receiving, from a third-party computer, a request to access data (receiving, from a requesting third party user 102 on a client system 104, such as a healthcare provider, a request to access data within electronic health records (EHR) 140 [Bulleit ‘496, ¶¶7-9, 50; Fig. 1]), wherein the request is indicative of at least one requested operation (wherein the request is indicative of an operation to access a particular healthcare information resource (HIR) [Bulleit ‘496, ¶¶11, 100, 109]); 
determining a validity of each of the at least one requested operations indicated in the request (determining the validity of the request of the operation to access a particular HIR comprises verifying the identity of the requesting third party’s 102 certified self-sovereign identity (CSI) [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]) in dependence on permission data stored in a distributed public ledger (where the validation and verification is dependent on permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]), 
wherein said permissions data defines, for said third-party computer, a set of permissible operations (the permissions define, for the third party user 102 such as a healthcare provider, a set of access operations indicating which particular HIRs the third party is allowed to access [Bulleit ‘496, ¶¶10-11, 19-20, 96]) and 
one or more permissible data attributes associated with each of the set of permissible operations (certain portions or data elements of the HIR that third party users 102 are allowed to access based on certain condition/stipulations specified in the stored permissions [Bulleit ‘496, ¶¶6, 20, 146, 205-206; Fig. 18, Fig. 19]); 
logging the request and the validity in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]); 
for each of the at least one requested operations, if the requested operation is valid (for each of the operations to access a particular HIR, determine if the request is valid by verifying the identity of the requesting third party user’s 102 CSI [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]), creating, on the public ledger, an electronic token (if the request is valid, generate an access token on the blockchain 180 [Bulleit ‘496, ¶¶10-11, 110; Fig. 6])
enabling the third-party computer to obtain access to one or more of the permissible data attributes associated with the requested operation (the access token enables third party users 102 to , 
wherein the electronic token comprises at least information indicative of a location of the data attributes (the access token may be implemented as an OAuth2 token, where OAuth2 tokens comprises location information of the requested resource [Bulleit ‘496, ¶¶61, 105, 110, 145]); 

communicating the electronic token from the public ledger to the third-party computer (communicating the access token from the blockchain 180 to the third party user 102 [Bulleit ‘496, ¶¶11-13]).
As stated above, Bulleit ‘496 does not explicitly disclose: “…applying a time-dependent transformation to an element of the electronic token”.
Hahn ‘172, however, discloses:
…applying a time-dependent transformation to an element of the electronic token (warrant 530, where a warrant 530 is used to access securely stored data; applying a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using a time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).
Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172, namely to apply a time-dependent transformation based on a time period seed, as disclosed in Hahn ‘172, to an element within the access token disclosed in Bulleit ‘496. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62). 

As per claim 2: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Bulleit ‘496 discloses:
wherein determining the validity comprises determining if the at least one requested operation is a permissible operation (determining the validity of the request of the operation to access a particular HIR validation, comprises determining whether the permission to access is within the permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]).

As per claim 3: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising a step of logging the permission data in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]).

As per claim 4: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising a step of logging the electronic token in the distributed public ledger (creation of the access token may be recorded within the healthcare blockchain 180, thus maintaining an immutable journal of all access token creation and issuance events [Bulleit ‘496, ¶11]).

As per claim 5: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Furthermore, Bulleit ‘496 discloses:
wherein the distributed public ledger provides nonrepudiation of the request and the validity (the blockchain 180 ensures the integrity of the request and validity through the verification of the digital signatures associated with the requesting third party’s 102 CSI [Bulleit ‘496, ¶¶56, 60, 64, 110]).

As per claim 6: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Furthermore, Bulleit ‘496 discloses:
wherein the distributed public ledger is a blockchain (blockchain 180 [Bulleit ‘496, ¶46, Fig. 1]).

As per claim 7: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising a step of communicating the request to a host of the data (communicating the request to access data within EHR 140 to the resource systems 150, where the resource system 150 hosts the EHR 140 [Bulleit ‘496, ¶¶50, 112; Fig. 1, Fig. 6]).

As per claim 18: Bulleit ‘496 discloses:
A computing apparatus comprising a memory and one or more processors, wherein the memory comprises computer readable code which, when executed by the one or more processors, is arranged to perform a method (a computer comprising a processor executing instructions stored on computer-readable memory to execute a method [Bulleit ‘496, ¶212]), the method comprising the steps of: 
receiving, from a third-party computer, a request to access data (receiving, from a requesting third party user 102 on a client system 104, such as a healthcare provider, a request to access data within electronic health records (EHR) 140 [Bulleit ‘496, ¶¶7-9, 50; Fig. 1]), wherein the request is indicative of at least one requested operation (wherein the request is indicative of an operation to access a particular healthcare information resource (HIR) [Bulleit ‘496, ¶¶11, 100, 109]); 
determining a validity of each of the at least one requested operations indicated in the request (determining the validity of the request of the operation to access a particular HIR comprises verifying the identity of the requesting third party’s 102 certified self-sovereign identity (CSI) [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]) in dependence on permission data stored in a distributed public ledger (where the validation and verification is dependent on permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]), 
wherein said permissions data defines, for said third-party computer, a set of permissible operations (the permissions define, for the third party user 102 such as a healthcare provider, a set of access operations indicating which particular HIRs the third party is allowed to access [Bulleit ‘496, ¶¶10-11, 19-20, 96]) and 
one or more permissible data attributes associated with each of the set of permissible operations (certain portions or data elements of the HIR that third party users 102 are allowed to access based on certain condition/stipulations specified in the stored permissions [Bulleit ‘496, ¶¶6, 20, 146, 205-206; Fig. 18, Fig. 19]); 
logging the request and the validity in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]); 
for each of the at least one requested operations, if the requested operation is valid (for each of the operations to access a particular HIR, determine if the request is valid by verifying the identity of the requesting third party user’s 102 CSI [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]), 
creating, on the public ledger, an electronic token (if the request is valid, generate an access token on the blockchain 180 [Bulleit ‘496, ¶¶10-11, 110; Fig. 6])
enabling the third-party computer to obtain access to one or more of the permissible data attributes associated with the requested operation (the access token enables third party users 102 to access certain portions or data elements of the HIR based on access operations specified in the stored permissions [Bulleit ‘496, ¶¶11-12, 113, 146, 205; Fig. 6, Fig. 18, Fig. 19]),  
wherein the electronic token comprises at least information indicative of a location of the data attributes (the access token may be implemented as an OAuth2 token, where OAuth2 tokens comprises location information of the requested resource [Bulleit ‘496, ¶¶61, 105, 110, 145]); 

communicating the electronic token from the public ledger to the third-party computer (communicating the access token from the blockchain 180 to the third party user 102 [Bulleit ‘496, ¶¶11-13]).
As stated above, Bulleit ‘496 does not explicitly disclose: “…applying a time-dependent transformation to an element of the electronic token”.
Hahn ‘172, however, discloses:
…applying a time-dependent transformation to an element of the electronic token (warrant 530, where a warrant 530 is used to access securely stored data; applying a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using a time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).
Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172.

As per claim 19: Bulleit ‘496 discloses:
A computer-readable data storage medium storing computer-readable instructions which, when executed by one or more processors (computer usable medium for storing computer readable code or program instructions executed by a processor to perform a method [Bulleit ‘496, ¶212]), perform a method comprising steps of: 
receiving, from a third-party computer, a request to access data (receiving, from a requesting third party user 102 on a client system 104, such as a healthcare provider, a request to access data within electronic health records (EHR) 140 [Bulleit ‘496, ¶¶7-9, 50; Fig. 1]), wherein the request is indicative of at least one requested operation (wherein the request is indicative of an operation to access a particular healthcare information resource (HIR) [Bulleit ‘496, ¶¶11, 100, 109]); 
determining a validity of each of the at least one requested operations indicated in the request (determining the validity of the request of the operation to access a particular HIR comprises verifying the identity of the requesting third party’s 102 certified self-sovereign identity (CSI) [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]) in dependence on permission data stored in a distributed public ledger (where the validation and verification is dependent on permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]), 
wherein said permissions data defines, for said third-party computer, a set of permissible operations (the permissions define, for the third party user 102 such as a healthcare provider, a set of access operations indicating which particular HIRs the third party is allowed to access [Bulleit ‘496, ¶¶10-11, 19-20, 96]) and 
one or more permissible data attributes associated with each of the set of permissible operations (certain portions or data elements of the HIR that third party users 102 are allowed to access based on certain condition/stipulations specified in the stored permissions [Bulleit ‘496, ¶¶6, 20, 146, 205-206; Fig. 18, Fig. 19]); 
logging the request and the validity in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]); 
for each of the at least one requested operations, if the requested operation is valid (for each of the operations to access a particular HIR, determine if the request is valid by verifying the identity of the requesting third party user’s 102 CSI [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]), 
creating, on the public ledger, an electronic token (if the request is valid, generate an access token on the blockchain 180 [Bulleit ‘496, ¶¶10-11, 110; Fig. 6])
enabling the third-party computer to obtain access to one or more of the permissible data attributes associated with the requested operation (the access token enables third party users 102 to access certain portions or data elements of the HIR based on access operations specified in the stored permissions [Bulleit ‘496, ¶¶11-12, 113, 146, 205; Fig. 6, Fig. 18, Fig. 19]), 
wherein the electronic token comprises at least information indicative of a location of the data attributes (the access token may be implemented as an OAuth2 token, where OAuth2 tokens comprises location information of the requested resource [Bulleit ‘496, ¶¶61, 105, 110, 145]); 

communicating the electronic token from the public ledger to the third-party computer (communicating the access token from the blockchain 180 to the third party user 102 [Bulleit ‘496, ¶¶11-13]).
As stated above, Bulleit ‘496 does not explicitly disclose: “…applying a time-dependent transformation to an element of the electronic token”.
Hahn ‘172, however, discloses:
…applying a time-dependent transformation to an element of the electronic token (warrant 530, where a warrant 530 is used to access securely stored data; applying a time-dependent .
Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172.

Claims 8-12 are rejected under 35 U.S.C. 103 as being unpatentable over Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher et al., US 2013/0191884 A1 (hereinafter, “Leicher ‘884”).

As per claim 8: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 8 is dependent upon. Bulleit ‘496 in view of Hahn ‘172 does not explicitly disclose the limitations of claim 8.
Leicher ‘884, however, discloses:
	wherein the information indicative of the location of the data attributes (requested user data is retrieved from user information endpoints, where an access token may comprise the locations of the endpoints [Leicher ‘884, ¶¶6, 26, 43-44, 120; Fig. 8, Fig. 9]) is at least one URL (the location information in the access token may be URLs [Leicher ‘884, ¶¶119-121]).
Bulleit ‘496 (modified by Hahn ‘172) and Leicher ‘884 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and Leicher ‘884 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of Leicher ‘884, see Leicher ‘884, ¶¶43, 45).

As per claim 9: Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher ‘884 discloses all limitations of claims 1 and 8, as stated above, all from which claim 9 is dependent upon. Bulleit ‘496 in view of Hahn ‘172 does not explicitly disclose the limitations of claim 9.
Leicher ‘884, however, discloses:
wherein the URL (the URLs within the access token containing location information [Leicher ‘884, ¶¶43-44, 53, 100, 114, and the corresponding Tables]) further comprises an ID of the third-party computer (“aud”, the intended audience of the token, where “aud” may include a client id [Leicher ‘884, ¶¶48, 77, 103, and the corresponding Tables]) and an ID of an owner of the data (“iss”, a unique identifier of the owner of the data, where the owner of the data may be the network identity provider (IdP) [Leicher ‘884, ¶¶46, 77-78, and the corresponding Tables; Fig. 8, Fig. 9]).
Bulleit ‘496 (modified by Hahn ‘172) and Leicher ‘884 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and Leicher ‘884 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of Leicher ‘884, namely to have HIR location information within the access token, as disclosed in Bulleit ‘496, to be represented in URL format which contains client and data owner identifiers, as disclosed in Leicher ‘884. The motivation for doing so would be to not only take advantage of certain access token implementations and protocols, such as JSON/HTTP/OAuth, which has URL integration, but also to see Leicher ‘884, ¶¶77-78).

As per claim 10: Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher ‘884 discloses all limitations of claims 1 and 8, as stated above, all from which claim 10 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising the steps of: 
following (locating the certain portions or data elements of the HIR that third party users 102 are allowed to access from within the resource system 150 [Bulleit ‘496, ¶¶20, 113, 146, 187, 205]);
selecting, at the public ledger (selecting the appropriate conditional stipulations within permissions stored on the blockchain, where the conditional stipulations are associated with the requested HIR, and where the conditional stipulations may be time-dependent [Bulleit ‘496, ¶¶8, 19-20, 61, 101])




As stated above, Bulleit ‘496 does not explicitly disclose: “following the at least one URL to the … data attribute; selecting … a time-dependent transformation; communicating the time-dependent transformation to the location of the permissible data attribute; applying the time-dependent transformation to the permissible data attribute; returning the obfuscated permissible data attribute to the third-party computer.”

following to the … data attribute; 
selecting … a time-dependent transformation (selecting a starting time period, where the starting time period corresponds to a time period seed 308, and where the time period seed 308 is used to encrypt a data record 302 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-19; Fig. 3]); 
communicating the time-dependent transformation to the location of the permissible data attribute (communicating an encryption key 312 based on the starting time period, to the data record 302 stored on the collection server 220 [Hahn ‘172, Col. 1 lines 32-51, Col. 6 lines 38-55; Fig. 2, Fig. 3]); 
applying the time-dependent transformation to the permissible data attribute (encrypting the data record 302 using the encryption key 312, where the encryption key is generated based on a time period seed 308 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-55; Fig. 3]); 
returning the obfuscated permissible data attribute to the third-party computer (providing the encrypted data record to the data storage server 230, where the data storage server 120 is implemented on a separate computer system and is used to provide data to the requestor [Hahn ‘172, Col. 4 lines 18-44, Col. 9 lines 14-39, Fig. 2]).
Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, as disclosed in Hahn ‘172, to the requested data and transmitting the transformed requested data to the requesting third party user 102, as disclosed in Bulleit ‘496. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62). 
As stated above, Bulleit ‘496 in view of Hahn ‘172 does not explicitly disclose: “following the at least one URL to the … data attribute …”.
Leicher ‘884, however, discloses:
following the at least one URL to the … data attribute … (requested user data is retrieved from user information endpoints, where an access token may comprise the locations of the endpoints, and where the location information in the access token may be URLs [Leicher ‘884, ¶¶6, 26, 43, 119-121; Fig. 8, Fig. 9])
Bulleit ‘496 (modified by Hahn ‘172) and Leicher ‘884 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons disclosed in Claim 9, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and Leicher ‘884 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of Leicher ‘884.

As per claim 11: Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher ‘884 discloses all limitations of claims 1, 8, and 10, as stated above, all from which claim 11 is dependent upon. Bulleit ‘496, in view of Leicher ‘884 does not explicitly disclose the limitations of claim 11.
Hahn ‘172, however, discloses:
wherein the step of selecting a time-dependent transformation comprises starting a time window (selecting a starting time period, where the starting time period may be configured to any , 
wherein the electronic token is not sufficient to enable access to the permissible data after the time window lapses (the warrant 530 is not able to access the data through decryption upon expiration of the starting time period, or if the desired time range does not match [Hahn ‘172, Col. 2 lines 18-36, Col. 8 line 24 – Col. 9 line 13]).
Bulleit ‘496 (modified Leicher ‘884) and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified Leicher ‘884) and Hahn ‘172 before them, to modify the method in Bulleit ‘496 (modified Leicher ‘884) to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, where the time period seed may be based on a time interval, as disclosed in Hahn ‘172, to the requested data, as disclosed in Bulleit ‘496, and not allowing the access token to access the requested data if the time period seed has expired. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data, where the data is also transformed in a way that corresponds to the unique time-interval-dependent element within the access token (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62).

As per claim 12: Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher ‘884 discloses all limitations of claims 1, 8, 10, and 11, as stated above, all from which claim 12 is dependent upon. Bulleit ‘496, in view of Leicher ‘884 does not explicitly disclose the limitations of claim 12.
Hahn ‘172, however, discloses:
wherein the step of selecting a time-dependent transformation (selecting a starting time period, where the starting time period may be configured to any interval of time, and where the starting time period is used to encrypt a data record 302 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-19; Fig. 3]) comprises determining if the time window has lapsed and selecting a time-dependent transformation in dependence thereon (determining if time interval based on the starting time period has expired, and selecting a new starting time period at expiration by incrementing a time period counter [Hahn ‘172, Col. 1 lines 32-51, Col. 2 lines 18-27, Col. 11 lines 31-43]).
Bulleit ‘496 (modified Leicher ‘884) and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified Leicher ‘884) and Hahn ‘172 before them, to modify the method in Bulleit ‘496 (modified Leicher ‘884) to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, where the time period seed may be based on a time interval, as disclosed in Hahn ‘172, to the requested data, as disclosed in Bulleit ‘496, where the selection of the time period seed is based on whether the starting time period has expired. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data, where the data is also transformed in a way that corresponds to the unique time-interval-dependent element within the access token (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62).

Claims 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Bulleit ‘496, in view of Hahn ‘172, and further in view of Shablygin et al., US 2013/0208893 A1 (hereinafter, “Shablygin ‘893”).

As per claim 14: Bulleit ‘496 in view of Hahn ‘172 discloses all limitations of claim 1, as stated above, from which claim 14 is dependent upon. Bulleit ‘496, in view of Hahn ‘172 does not explicitly disclose the limitations of claim 14.
Shablygin ‘893, however, discloses:
wherein: the data requested is in at least a first fragment and a second fragment (requesting and retrieving data, where the data comprises of a plurality of fragments [Shablygin ‘893, ¶¶67, 84-86; Fig. 4B]), 
wherein the first and second fragments are stored separately (the plurality of data fragments are storage in separate data storage locations [Shablygin ‘893, ¶¶84-85; Fig. 4B]); and 
creating the electronic token (creating the data container identifier 14, where the data container identifier 14 is used to access data stored in the data container 10 [Shablygin ‘893, ¶¶68-69; Fig. 2A, Fig. 2B]) comprises including in the electronic token information corresponding to the locations of the first and second fragments (the data container identifier 14 includes information such as User ID 28 and Service Provider ID 22, where the User ID 28 and Service Provider ID 22 are used to identify the data storage locations of the data fragments [Shablygin ‘893, ¶¶68, 76, 83-84, 121; Fig. 2A, Fig. 4A]).
Bulleit ‘496 (modified by Hahn ‘172) and Shablygin ‘893 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and Shablygin ‘893 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of Shablygin ‘893, namely to implement the requested data as a plurality of data fragments stored in separated data storages, as disclosed in Shablygin ‘893, where the access token, as disclosed in Bulleit ‘496, contains information that identifies the data storage locations of the data fragments. The motivation for doing so see Shablygin ‘893, ¶¶72, 76).

As per claim 15: Bulleit ‘496, in view of Hahn ‘172, and further in view of Shablygin ‘893 discloses all limitations of claims 1 and 14, as stated above, all from which claim 15 is dependent upon. Bulleit ‘496, in view of Hahn ‘172 does not explicitly disclose the limitations of claim 15.
Shablygin ‘893, however, discloses:
further comprising the step of retrieving transformation information corresponding to the fragments of data (the fragments of data are transformed/obfuscated through encryption using an encryption key; retrieving the encryption key, where the encryption key is generated based on the User ID 28 and Service Provider ID 22 [Shablygin ‘893, ¶¶76-77; Fig. 3B]), 
and wherein creating the electronic token comprises including the transformation information in the electronic token (creating the data container identifier 14, where the data container identifier 14 includes information such as User ID 28 and Service Provider ID 22, and where an encryption key used to encrypt the data fragments is generated based on the User ID 28 and Service Provider ID 22 [Shablygin ‘893, ¶¶68, 76-77; Fig. 2A, Fig. 2B]); and optionally wherein the time-dependent transformation is applied to the transformation information.
Bulleit ‘496 (modified by Hahn ‘172) and Shablygin ‘893 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and Shablygin ‘893 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of Shablygin ‘893, see Shablygin ‘893, ¶¶72, 75-76).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher ‘884, and further in view of Chang et al., US 2018/0173589 A1 (hereinafter, “Chang ‘589”).

As per claim 13: Bulleit ‘496, in view of Hahn ‘172, and further in view of Leicher ‘884 discloses all limitations of claims 1, 8, 10, 11 and 12, as stated above, all from which claim 13 is dependent upon. Bulleit ‘496 in view of Leicher ‘884 does not explicitly disclose the limitations of claim 13.
Hahn ‘172, however, discloses:
wherein, if the time window has not lapsed (determining if time interval based on the starting time period has or has not expired [Hahn ‘172, Col. 1 lines 32-51, Col. 2 lines 18-27, Col. 11 lines 31-43]), 
the time-dependent transformation is selected (selecting the corresponding time period seed to apply a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using the time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).
see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62).
	As stated above, Bulleit ‘496 in view of Hahn ‘172 and further in view of Leicher ‘884 does not explicitly disclose: “the … transformation is selected to be the inverse of the … transformation applied to the element of the electronic token”.
	Chang ‘589, however, discloses:
	the … transformation is selected to be the inverse (an inverse obfuscation matrix 342 is selected [Chang ‘589, ¶¶17, 82, 89-90]) of the … transformation applied to the element of the electronic token (the an inverse obfuscation matrix 342 is the inverse of the obfuscation matrix 332, where the obfuscation matrix 332 was applied data matrix 134, and where the data matrix 134 contains data elements from a data segment [Chang ‘589, ¶¶82, 86]).
Bulleit ‘496 (modified Leicher ‘884 & Hahn ‘172) and Chang ‘589 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. see Chang ‘589, ¶¶46, 48).

Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Friedmann, US 2017/0054726 A1: method for accessing content by clients of one or more resources located among one or more resource providers, where clients are granted access to resources on the resource provider using distributed authorization tokens.
Kumar, US 2018/0288031 A1: A secure identity framework for the collection and access of data, where the secure identity framework locally generates application specific token sets based on the digital identity profile for authentication and authorization. 
Hennebert, US 2019/0294822 A1: storing and managing access to data, where data is stored at addresses in a first database and the identifiers are stored in a second 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494