Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to papers filed on 03/16/2020. Claims 1-5 are pending. Claims 1-2 and 4-5 are independent.

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). This application claims the foreign priority of foreign patent application JP2019-049372 filed on 03/18/2019.
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/16/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the Examiner.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 
Reference signs 101-103, 201-206, 301-308, and 401-402 are mentioned with respect to of Fig. 1 (see ¶¶12-18 of the Description), however, these reference signs do not appear in Fig. 1. It appears these references signs were intended to be mentioned with respect 
Reference signs 100-103, 200-206, 300-308, and 400-402 are mentioned with respect to of Figs. 3-6 (see ¶¶19-22 of the Description), however, these reference signs do not appear in Figs. 3-6. Figs. 3-6 do not appear to contain any reference signs. 
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1 and 3-4 are rejected under 35 U.S.C. 103 as being unpatentable over Reid et al., US 2015/0074409 A1 (hereinafter, “Reid ‘409”), in view of Rasovsky et al., US 2020/0160947 A1 (hereinafter, “Rasovsky ‘947”).

As per claim 1: Reid ‘409 discloses: 
	An information management system (a system 100 for exchanging and managing data [Reid ‘409, ¶40; Fig. 1]) comprising: 
an information management device (Cloud Lockbox 130 for managing data, where the Cloud Lockbox 130 may be implemented as a storage server [Reid ‘409, ¶¶154, 191-194; Fig. 1]) that transmits target information of an information holder stored to an information user (Cloud Lockbox 130 transmits stored requested files, obtained from the Secondary Electronic Health Record (EHR) software 142, 143, 145, 147, 149, to the Electronic Health Record (EHR) software 110, where the EHR software 110 is utilized by a user, such as the Health Care Provider (HCP) 101 [Reid ‘409, ¶¶138, 140-142, 184; Fig. 1, Fig. 2]); 
an information holding device (a device running the Secondary EHR software 142-149 [Reid ‘409, ¶¶140-141, 270; Fig. 1, Fig. 2]) that holds the target information and provides the target information to the information management device (the device running the Secondary EHR software 142-149 holds the requested files and provides the files by writing to the Cloud Lockbox 130, [Reid ‘409, ¶¶138-143; Fig. 1, Fig. 2]); and 
an information using device (a device running EHR software 110 [Reid ‘409, ¶134-135, 157; Fig. 1]) that extracts the target information from the information management device (the device running EHR software 110 retrieves or reads requested files from the Cloud Lockbox 130 [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), 
wherein the information using device adds an encryption public key (the device running EHR software 110 uses the key master 112 to add a public key to the HIE registry 120 [Reid ‘409, ¶136; Fig. 1]) 
the information holding device transmits, to the information management device, encrypted information (the device running the Secondary EHR software 142-149 transmits encrypted files to the Cloud Lockbox 130 [Reid ‘409, ¶¶140-143; Fig. 1]) as a result of acquiring the encryption public key (the device running the Secondary EHR software 142-149 acquires the public key and encrypts the files [Reid ‘409, ¶¶140-143; Fig. 1]), 
the information management device stores the encrypted information received (the Cloud Lockbox 130 stores the encrypted files [Reid ‘409, ¶141; Fig. 1]), and 
transmits a storage destination address of the encrypted information (the Cloud Lockbox 130 provides a File Handler 211 which indicates locations of encrypted files within the Cloud Lockbox 130 [Reid ‘409, ¶¶168, 202; Fig. 1]) to the information holding device (the File Handler 211, which indicates locations of encrypted files, is provided to the device running the Secondary EHR software 142-149, where the File Handler 211 must be used to retrieve encrypted files [Reid ‘409, ¶¶174, 202; Fig. 1, Fig. 2]),

the information using device acquires the storage destination address of the encrypted information (the device running EHR software 110 uses the locations specified in the File Handler 211 provided by the Cloud Lockbox 130 to access the encrypted files at the corresponding locations [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), 
the information management device transmits the encrypted information at the storage destination address to the information using device, in response to the access from the information using device (the Cloud Lockbox 130 transmits encrypted files at the specified locations to the device running EHR software 110 in response to an access [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), and 
the information using device decrypts the encrypted information received, using an encryption secret key held (the device running EHR software 110 decrypts the encrypted files using a private key [Reid ‘409, ¶¶136, 138, 160, 167, 269; Fig. 1]).

As stated above, Reid ‘409 does not explicitly disclose: “… adds an encryption public key … held to a blockchain, … acquiring the encryption public key from the blockchain …, the information holding device adds the storage destination address of the encrypted information received to the blockchain, … acquires the storage destination address … from the blockchain”.

 	… adds an encryption public key … held to a blockchain (adding a cryptographic key 290 to the blockchain 210 [Rasovsky ‘947, ¶¶50, 56, 58, 68; Fig. 2, Fig. 6]), 
… acquiring the encryption public key from the blockchain … (retrieving the cryptographic key 290 from blockchain 210 [Rasovsky ‘947, ¶¶89-90; Fig. 8]), 
the information holding device adds the storage destination address of the encrypted information received to the blockchain (a computing device adds identifiers, such as URLs, of locations of external storages to the blockchain, where the external storages store encrypted data, such as encrypted digital representations or encrypted images [Rasovsky ‘947, ¶¶46, 48, 51, 69-70; Fig. 3, Fig. 6]), 
… acquires the storage destination address … from the blockchain (acquire the locations of the corresponding external storages from the blockchain [Rasovsky ‘947, ¶¶38, 88; Fig. 8]).
Reid ‘409 and Rasovsky ‘947 are analogous art because they are from the same field of endeavor, namely that of the secure exchange and management of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 and Rasovsky ‘947 before them, to modify the method in Reid ‘409 to include the teachings of Rasovsky ‘947, namely to use a blockchain, as disclosed in Rasovsky ‘947, as a secure storage for public keys and encrypted file locations specified in the File Handler, as disclosed in Reid ‘409, where the blockchain also serves as a point of exchange, for public keys and file locations, between the device running the Secondary EHR software 142-149 and the device running EHR software 110, as disclosed in Reid ‘409. The motivation for doing so would be to increase protection to sensitive data, such as health data, by storing the data on a blockchain, where a blockchain is inherently immutable and consistent, while also addressing the limitations of a blockchain due to limited block sizes (see Rasovsky ‘947, ¶¶33, 37-38).

As per claim 3: Reid ‘409 in view of Rasovsky ‘947 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Reid ‘409 does not explicitly disclose the limitations of claim 3. Rasovsky ‘947, however, discloses:
wherein when the information holding device adds the storage destination address of the encrypted information to the blockchain (a computing device adds identifiers, such as URLs, of locations of external storages to the blockchain, where the external storages store encrypted data, such as encrypted digital representations or encrypted images [Rasovsky ‘947, ¶¶46, 48, 51, 69-70; Fig. 3, Fig. 6]), 
pre-encryption information or a checksum of the encrypted information is generated (under the broadest reasonable interpretation, ‘pre-encryption information’ is interpreted to be any unencrypted information that is generated prior to the encryption of the associated data; unencrypted medical record data items 260A-260N, which may be textual/numerical content or an index, is generated, where the medical record data items 260A-260N is associated with data, such as digital representations or images, that will be subsequently stored in external storage locations and encrypted [Rasovsky ‘947, ¶¶45-48, 50, 53; Fig. 2]) to be added to the blockchain together with the storage destination address of the encrypted information (the medical record data items 260A-260N is added to the blockchain, together with the corresponding identifiers of the external storage locations of the encrypted data [Rasovsky ‘947, ¶¶46, 48, 50; Fig. 2]).
Reid ‘409 and Rasovsky ‘947 are analogous art because they are from the same field of endeavor, namely that of the secure exchange and management of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 and Rasovsky ‘947 before them, to modify the method in Reid ‘409 to include the teachings of Rasovsky ‘947, namely to generate other unencrypted information associated with the see Rasovsky ‘947, ¶¶48, 53-54)

As per claim 4: Reid ‘409 discloses: 
An information management method (a system 100 for exchanging and managing data [Reid ‘409, ¶40; Fig. 1]) that uses 
an information management device (Cloud Lockbox 130 for managing data, where the Cloud Lockbox 130 may be implemented as a storage server [Reid ‘409, ¶¶154, 191-194; Fig. 1]) that transmits target information of an information holder stored to an information user (Cloud Lockbox 130 transmits stored requested files, obtained from the Secondary Electronic Health Record (EHR) software 142, 143, 145, 147, 149, to the Electronic Health Record (EHR) software 110, where the EHR software 110 is utilized by a user, such as the Health Care Provider (HCP) 101 [Reid ‘409, ¶¶138, 140-142, 184; Fig. 1, Fig. 2]), 
an information holding device (a device running the Secondary EHR software 142-149 [Reid ‘409, ¶¶140-141, 270; Fig. 1, Fig. 2]) that holds the target information and provides the target information to the information management device (the device running the Secondary EHR software 142-149 holds the requested files and provides the files by writing to the Cloud Lockbox 130, [Reid ‘409, ¶¶138-143; Fig. 1, Fig. 2]), and 
an information using device (a device running EHR software 110 [Reid ‘409, ¶134-135, 157; Fig. 1]) that extracts the target information from the information management device (the device running , the information management method comprising: 
by the information using device, adding an encryption public key (the device running EHR software 110 uses the key master 112 to add a public key to the HIE registry 120 [Reid ‘409, ¶136; Fig. 1]) 
by the information holding device, transmitting, to the information management device, encrypted information (the device running the Secondary EHR software 142-149 transmits encrypted files to the Cloud Lockbox 130 [Reid ‘409, ¶¶140-143; Fig. 1]) as a result of acquiring the encryption public key (the device running the Secondary EHR software 142-149 acquires the public key and encrypts the files [Reid ‘409, ¶¶140-143; Fig. 1]); 
by the information management device, storing the encrypted information received (the Cloud Lockbox 130 stores the encrypted files [Reid ‘409, ¶141; Fig. 1]), and 
transmitting a storage destination address of the encrypted information (the Cloud Lockbox 130 provides a File Handler 211 which indicates locations of encrypted files within the Cloud Lockbox 130 [Reid ‘409, ¶¶168, 202; Fig. 1]) to the information holding device (the File Handler 211, which indicates locations of encrypted files, is provided to the device running the Secondary EHR software 142-149, where the File Handler 211 must be used to retrieve encrypted files [Reid ‘409, ¶¶174, 202; Fig. 1, Fig. 2]); 

by the information using device, acquiring the storage destination address of the encrypted information (the device running EHR software ; 
by the information management device, transmitting the encrypted information at the storage destination address to the information using device, in response to the access from the information using device (the Cloud Lockbox 130 transmits encrypted files at the specified locations to the device running EHR software 110 in response to an access [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]); and 
by the information using device, decrypting the encrypted information received, using an encryption secret key held (the device running EHR software 110 decrypts the encrypted files using a private key [Reid ‘409, ¶¶136, 138, 160, 167, 269; Fig. 1]).

As stated above, Reid ‘409 does not explicitly disclose: “… adding an encryption public key held to a blockchain, … acquiring the encryption public key from the blockchain …, by the information holding device, adding the storage destination address of the encrypted information received to the blockchain; … acquiring the storage destination address … from the blockchain”.
	Rasovsky ‘947, however, discloses:
 	… adding an encryption public key held to a blockchain (adding a cryptographic key 290 to the blockchain 210 [Rasovsky ‘947, ¶¶50, 56, 58, 68; Fig. 2, Fig. 6]), 
… acquiring the encryption public key from the blockchain … (retrieving the cryptographic key 290 from blockchain 210 [Rasovsky ‘947, ¶¶89-90; Fig. 8]), 
by the information holding device, adding the storage destination address of the encrypted information received to the blockchain (a computing device adds identifiers, such as URLs, of locations of external storages to the blockchain, where the external storages store encrypted data such as digital representations [Rasovsky ‘947, ¶¶46, 48, 51, 69-70; Fig. 3, Fig. 6]); 
from the blockchain (acquire the locations of the corresponding external storages from the blockchain [Rasovsky ‘947, ¶¶38, 88; Fig. 8]).
Reid ‘409 and Rasovsky ‘947 are analogous art because they are from the same field of endeavor, namely that of the secure exchange and management of sensitive data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 and Rasovsky ‘947 before them, to modify the method in Reid ‘409 to include the teachings of Rasovsky ‘947.

Claims 2 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Reid ‘409, in view of Rasovsky ‘947, and further in view of Menon, US 2020/0118124 A1 (hereinafter, “Menon ‘124”).

As per claim 2: Reid ‘409 discloses: 
An information management system (a system 100 for exchanging and managing data [Reid ‘409, ¶40; Fig. 1]) comprising: 
an information management device (Cloud Lockbox 130 for managing data, where the Cloud Lockbox 130 may be implemented as a storage server [Reid ‘409, ¶¶154, 191-194; Fig. 1]) that transmits target information of an information holder stored to an information user (Cloud Lockbox 130 transmits stored requested files, obtained from the Secondary Electronic Health Record (EHR) software 142, 143, 145, 147, 149, to the Electronic Health Record (EHR) software 110, where the EHR software 110 is utilized by a user, such as the Health Care Provider (HCP) 101 [Reid ‘409, ¶¶138, 140-142, 184; Fig. 1, Fig. 2]); 
an information holding device (a device running the Secondary EHR software 142-149 [Reid ‘409, ¶¶140-141, 270; Fig. 1, Fig. 2]) that holds the target information and provides the target information to the information management device (the device running the Secondary EHR software ; and 
an information using device (a device running EHR software 110 [Reid ‘409, ¶134-135, 157; Fig. 1]) that extracts the target information from the information management device (the device running EHR software 110 retrieves or reads requested files from the Cloud Lockbox 130 [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), 
wherein the information using device adds an encryption public key (the device running EHR software 110 uses the key master 112 to add a public key to the HIE registry 120 [Reid ‘409, ¶136; Fig. 1]) 
the information holding device transmits, to the information management device, encrypted information (the device running the Secondary EHR software 142-149 transmits encrypted files to the Cloud Lockbox 130 [Reid ‘409, ¶¶140-143; Fig. 1]) (the device running the Secondary EHR software 142-149 acquires the public key and encrypts the files [Reid ‘409, ¶¶140-143; Fig. 1]), 
the information management device stores the encrypted information (the Cloud Lockbox 130 stores the encrypted files [Reid ‘409, ¶141; Fig. 1]), and 
transmits a storage destination address of the encrypted information (the Cloud Lockbox 130 provides a File Handler 211 which indicates locations of encrypted files within the Cloud Lockbox 130 [Reid ‘409, ¶¶168, 202; Fig. 1]) to the information holding device (the File Handler 211, which indicates locations of encrypted files, is provided to the device running the Secondary EHR software 142-149, where the File Handler 211 must be used to retrieve encrypted files [Reid ‘409, ¶¶174, 202; Fig. 1, Fig. 2]), 

the information using device acquires the storage destination address of the encrypted information (the device running EHR software 110 uses the locations specified in the File Handler 211 provided by the Cloud Lockbox 130 to access the encrypted files at the corresponding locations [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), 
the information management device performs authentication (the Cloud Lockbox 130 performs authentication by verifying the digital signature associated with the access request [Reid ‘409, ¶¶83, 161-162, 179, 200]), and 
in response to successful authentication (in response to successful authentication via the verification of the digital signature associated with the access request [Reid ‘409, ¶¶83, 161-162, 179, 200]), transmits the encrypted information at the storage destination address to the information using device (the Cloud Lockbox 130 transmits encrypted files at the specified locations to the device running EHR software 110 in response to an access [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), and 
the information using device decrypts the encrypted information received, using an encryption secret key held (the device running EHR software 110 decrypts the encrypted files using a private key [Reid ‘409, ¶¶136, 138, 160, 167, 269; Fig. 1]). 

As stated above, Reid ‘409 does not explicitly disclose: “… adds an encryption public key and an authentication public key held to a blockchain, ... transmits … the authentication public key as a result of acquiring the encryption public key and the authentication public key from the blockchain …, the information holding device adds the storage destination address of the encrypted information received to the blockchain, … acquires the storage destination address … from the blockchain, … performs authentication using the authentication public key”.
	Rasovsky ‘947, however, discloses:
	… adds an encryption public key  held to a blockchain (adding a cryptographic key 290 to the blockchain 210 [Rasovsky ‘947, ¶¶50, 56, 58, 68; Fig. 2, Fig. 6]), 
 … (retrieving the cryptographic key 290 from blockchain 210 [Rasovsky ‘947, ¶¶89-90; Fig. 8]), 
the information holding device adds the storage destination address of the encrypted information received to the blockchain (a computing device adds identifiers, such as URLs, of locations of external storages to the blockchain, where the external storages store encrypted data such as digital representations [Rasovsky ‘947, ¶¶46, 48, 51, 69-70; Fig. 3, Fig. 6]), 
… acquires the storage destination address … from the blockchain (acquire the locations of the corresponding external storages from the blockchain [Rasovsky ‘947, ¶¶38, 88; Fig. 8]), 
.
Reid ‘409 and Rasovsky ‘947 are analogous art because they are from the same field of endeavor, namely that of the secure exchange and management of sensitive data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 and Rasovsky ‘947 before them, to modify the method in Reid ‘409 to include the teachings of Rasovsky ‘947.

As stated above, Reid ‘409 in view of Rasovsky ‘947 does not explicitly disclose: “… adds … an authentication public key held to a blockchain, ... transmits … the authentication public key as a result the authentication public key from the blockchain … performs authentication using the authentication public key.”
Menon ‘124, however, discloses:… adds … an authentication public key held to a blockchain (adding a public key a blockchain, where the public key is used to authenticate a user transaction [Menon ‘124, ¶¶14-15]), 
... transmits … the authentication public key as a result of acquiring … the authentication public key from the blockchain (transmitting the public key to a third party as a result of retrieving the public key from the blockchain [Menon ‘124, ¶¶15, 39])
… performs authentication using the authentication public key (performing authentication of the user transaction using the public key [Menon ‘124, ¶44]).
Reid ‘409 (modified by Rasovsky ‘947) and Menon ‘124 are analogous art because they are from the same field of endeavor, namely that of the secure management and authentication of sensitive data using blockchain technology. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 (modified by Rasovsky ‘947) and Menon ‘124 before them, to modify the method in Reid ‘409 (modified by Rasovsky ‘947) to include the teachings of Menon ‘124, namely to use a blockchain, as disclosed in Rasovsky ‘947 and Menon ‘124, as a secure storage for encryption public keys, encrypted file locations, and authentication public keys, as disclosed in Menon ‘124, where the blockchain also serves as a point of exchange, for encryption public keys, encrypted file locations, and authentication public keys between the device running the Secondary EHR software 142-149 and the device running EHR software 110, as disclosed in Reid ‘409. Furthermore, authentication public keys, as disclosed in Menon ‘124 is used to authenticate the retrieval request by the device running EHR software 110 for encrypted files, as disclosed in Reid ‘409. The motivation for doing so would be to increase protection to sensitive data, such authentication public keys, by storing the data on a blockchain. Protection is further increase by using the see Menon ‘124, ¶¶3, 15, 44).

As per claim 5: Reid ‘409 discloses: 
An information management method (a system 100 for exchanging and managing data [Reid ‘409, ¶40; Fig. 1]) that uses 
an information management device (Cloud Lockbox 130 for managing data, where the Cloud Lockbox 130 may be implemented as a storage server [Reid ‘409, ¶¶154, 191-194; Fig. 1]) that transmits target information of an information holder stored to an information user (Cloud Lockbox 130 transmits stored requested files, obtained from the Secondary Electronic Health Record (EHR) software 142, 143, 145, 147, 149, to the Electronic Health Record (EHR) software 110, where the EHR software 110 is utilized by a user, such as the Health Care Provider (HCP) 101 [Reid ‘409, ¶¶138, 140-142, 184; Fig. 1, Fig. 2]), 
an information holding device (a device running the Secondary EHR software 142-149 [Reid ‘409, ¶¶140-141, 270; Fig. 1, Fig. 2]) that holds the target information and provides the target information to the information management device (the device running the Secondary EHR software 142-149 holds the requested files and provides the files by writing to the Cloud Lockbox 130, [Reid ‘409, ¶¶138-143; Fig. 1, Fig. 2]), and 
an information using device (a device running EHR software 110 [Reid ‘409, ¶134-135, 157; Fig. 1]) that extracts the target information from the information management device (the device running EHR software 110 retrieves or reads requested files from the Cloud Lockbox 130 [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), 
the information management method comprising:
by the information using device, adding an encryption public key (the device running EHR software 110 uses the key master 112 to add a public key to the HIE registry 120 [Reid ‘409, ¶136; Fig. 1]) 
by the information holding device, transmitting, to the information management device, encrypted information (the device running the Secondary EHR software 142-149 transmits encrypted files to the Cloud Lockbox 130 [Reid ‘409, ¶¶140-143; Fig. 1]) (the device running the Secondary EHR software 142-149 acquires the public key and encrypts the files [Reid ‘409, ¶¶140-143; Fig. 1]); 
by the information management device, storing the encrypted information (the Cloud Lockbox 130 stores the encrypted files [Reid ‘409, ¶141; Fig. 1]), and 
transmitting a storage destination address of the encrypted information (the Cloud Lockbox 130 provides a File Handler 211 which indicates locations of encrypted files within the Cloud Lockbox 130 [Reid ‘409, ¶¶168, 202; Fig. 1]) to the information holding device (the File Handler 211, which indicates locations of encrypted files, is provided to the device running the Secondary EHR software 142-149, where the File Handler 211 must be used to retrieve encrypted files [Reid ‘409, ¶¶174, 202; Fig. 1, Fig. 2]); 

by the information using device, acquiring the storage destination address of the encrypted information (the device running EHR software 110 uses the locations specified in the File Handler 211 provided by the Cloud Lockbox 130 to access the encrypted files at the corresponding locations [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]); 
by the information management device, performing authentication (the Cloud Lockbox 130 performs authentication by verifying the digital signature associated with the access request [Reid ‘409, ¶¶83, 161-162, 179, 200]), and 
in response to successful authentication (in response to successful authentication via the verification of the digital signature associated with the access request [Reid ‘409, ¶¶83, 161-162, 179, 200]), transmitting the encrypted information at the storage destination address to the information using device (the Cloud Lockbox 130 transmits encrypted files at the specified locations to the device running EHR software 110 in response to an access [Reid ‘409, ¶¶138, 184-186, 234; Fig. 1]), 
decrypting the encrypted information received, using an encryption secret key held (the device running EHR software 110 decrypts the encrypted files using a private key [Reid ‘409, ¶¶136, 138, 160, 167, 269; Fig. 1]). 

As stated above, Reid ‘409 does not explicitly disclose: “… adding an encryption public key and an authentication public key held to a blockchain, ... transmitting … the authentication public key as a result of acquiring the encryption public key and the authentication public key from the blockchain …, by the information holding device, adding the storage destination address of the encrypted information received to the blockchain; … acquiring the storage destination address … from the blockchain, … performing authentication using the authentication public key”.
	Rasovsky ‘947, however, discloses:
	… adding an encryption public key  held to a blockchain (adding a cryptographic key 290 to the blockchain 210 [Rasovsky ‘947, ¶¶50, 56, 58, 68; Fig. 2, Fig. 6]), 
 … (retrieving the cryptographic key 290 from blockchain 210 [Rasovsky ‘947, ¶¶89-90; Fig. 8]), 
by the information holding device, adding the storage destination address of the encrypted information received to the blockchain (a computing device adds identifiers, such as URLs, of locations of external storages to the blockchain, where the external storages store encrypted data such as digital representations [Rasovsky ‘947, ¶¶46, 48, 51, 69-70; Fig. 3, Fig. 6]), 
… acquiring the storage destination address … from the blockchain (acquire the locations of the corresponding external storages from the blockchain [Rasovsky ‘947, ¶¶38, 88; Fig. 8]), 
.
Reid ‘409 and Rasovsky ‘947 are analogous art because they are from the same field of endeavor, namely that of the secure exchange and management of sensitive data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 and Rasovsky ‘947 before them, to modify the method in Reid ‘409 to include the teachings of Rasovsky ‘947.
As stated above, Reid ‘409 in view of Rasovsky ‘947 does not explicitly disclose: “… adding … an authentication public key held to a blockchain, ... transmitting … the authentication public key as a result of acquiring … the authentication public key from the blockchain … performing authentication using the authentication public key.”
Menon ‘124, however, discloses:… adding … an authentication public key held to a blockchain (adding a public key a blockchain, where the public key is used to authenticate a user transaction [Menon ‘124, ¶¶14-15]), 
the authentication public key as a result of acquiring … the authentication public key from the blockchain (transmitting the public key to a third party as a result of retrieving the public key from the blockchain [Menon ‘124, ¶¶15, 39])
… performing authentication using the authentication public key (performing authentication of the user transaction using the public key [Menon ‘124, ¶44]).
Reid ‘409 (modified by Rasovsky ‘947) and Menon ‘124 are analogous art because they are from the same field of endeavor, namely that of the secure management and authentication of sensitive data using blockchain technology. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Reid ‘409 (modified by Rasovsky ‘947) and Menon ‘124 before them, to modify the method in Reid ‘409 (modified by Rasovsky ‘947) to include the teachings of Menon ‘124.

Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Wood et al., US 2020/0159697 A1: storing sensitive data on an immutable distributed ledger and using cryptographic keys to implement the efficient deletion of the sensitive data without compromising the integrity of the ledger.
Mehedy et al., US 2019/0342084 A1: distributing encrypted files to a plurality of storing peers for storing off-blockchain, and storing the encryption keys on the distributed ledger such that each encryption key is associated with the respective encrypted files.
Novotny et al., 2020/0092088 A1: receiving a request into a node of a blockchain, the request comprising an encryption key, encrypting the transaction and storing the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494