DETAILED ACTION
This action is in response to new application filed 11/21/2019 titled “Event Data Tagged With Consent Records”. Claims 1-15 were received for consideration and are under consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/21/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-4 and 6 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Gailoux et al (US 10,733,685).


a network interface (see Gailloux figure 1 element 112 cellular transceiver and column 6 lines 7-8 i.e. The first UE 102a may comprise a cellular transceiver 112); 
a storage device comprising machine-readable instructions (see Gailloux figure 1 element 116 memory and column 6 lines 7-11 i.e. A plurality of third party applications 118 may be stored in the memory 116); 
a processor coupled to the network interface and the storage device (see Gailloux figure 1 element 114 Processor and column 6 lines 7-8 i.e. The first UE 102a may comprise a cellular transceiver 112, a processor 114, and a memory 116), 
wherein execution of the machine-readable instructions causes the processor to: collect a user consent on whether to share event data of multiple applications of the computing device (see Gailloux column 6 lines 47-67 i.e. Some of the third party applications 118 may prompt the user of the first UE 102a, for example during installation and/or during execution, to grant consent for the third party application 118 to access sensitive information, for example confidential information and/or private information. The user may be referred to as the owner of the confidential information and/or the owner of the private information. The confidential information may be the current location of the first UE 102a (and hence the location of the user); a list of contacts, the phone number of the contacts, and the email addresses of the contacts; and a photographs directory. A third party application 118 may prompt the user to grant consent to the third party application 118 to execute commands on the first UE 102a, for example to transmit messages via the cellular transceiver 112 via the eNB 106 to the network 104; to use application programming interfaces (APIs) of the first UE 102a to 
store the user consent in a consent record (see Gailloux column 11 lines 1-11 i.e The consent monitor application 120 may store information about the consents associated with the third party applications 118 in the memory 116); 
collect event data from an application of the multiple applications (see Gailloux column 10 lines 38-51 i.e. the first UE 102a may further comprise a consent monitor application 120. The consent monitor application 120 may monitor the action of third party applications 118 and compare these actions to consents granted by the information owner or user associated with the first UE 102a, for example consents granted to third parties 110 (i.e., mobile application providers) associated with the third party applications 118. The consent monitor application 120 may determine a status of consents to grant access to or to release confidential information to the third party applications and take action in response to determining that the status of consent is not granted to grant access to or release confidential information that a third party application 118 has in fact attempted to access and/or release); and 
tag the event data with the user consent from the consent record (see Gailloux column 2 lines 8-25 i.e. In an embodiment, a confidential information release consent management system is disclosed. The system comprises a processor, a non-transitory memory, and an application stored in the non-transitory memory. When executed by the processor, the application causes the processor to receive consent records from a plurality of third parties, wherein each consent record relates to a consent by a consenting party to release confidential information from a user equipment (UE) of the 

With respect to claim 2 Gailloux teaches the computing device of claim 1, wherein execution of the machine- readable instructions causes the processor to tag the event data with an identifier of the consent record (see Gailloux column 7 line 57 – column 8 line 18 i.e. a consent record 140 is described. In an embodiment, the consent record 140 comprises three or more of an information owner identity 142, a third party identity 144, a consent version identity 146, a consent text universal reference locator (URL) 148, a timestamp 150, and a consent time limit 152. In other embodiments additional information may be stored in the consent record 140. The information owner identity 142 may be one or more of a phone number (e.g., mobile phone number), a name, an address, or an account number of the information owner. Different consent records 140 may have different types of information owner identities, for example when the consent records 140 are sent to the consent management application 124 from different third parties 110).



With respect to claim 4 Gailloux teaches the computing device of claim 3, wherein execution of the machine- readable instructions causes the processor to tag the event data with the user consent of the second consent record (see Gailloux column 7 line 57 – column 8 line 18 i.e. a consent record 140 is described. In an embodiment, the consent record 140 comprises three or more of an information owner identity 142, a 
With respect to claim 6 Gailloux teaches the computing device of claim 1, wherein execution of the machine- readable instructions causes the processor to transmit the tagged event data in response to the user consent of the consent record indicating transmission is allowed (see Gailloux column 11 lines 35-46 i.e. Alternatively, the consent monitor application 120 may take a hybrid action: the consent monitor application 120 may suspend the execution of the third party application 118 and pop-up a dialog box notifying the information owner or user of the consent violation and providing one or more controls for responding to the consent violation. The responses may be to ignore (e.g., to allow the action in the present case), which may be referred to as providing an acknowledge input in some contexts, the consent violation, to prevent the action in the present case, or to prevent the action and to automatically delete or uninstall the third party application 118).

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Gailoux et al (US 10,733,685) in view of Day et al (US 2008/0188208)
With respect to claim 5 Gailloux teaches the computing device of claim 1, but does not disclose wherein execution of the machine- readable instructions causes the processor to collect the user consent from registry keys of the computing device. 
Day teaches wherein execution of the machine- readable instructions causes the processor to collect the user consent from registry keys of the computing device (see Day paragraph i.e. 0003 i.e. Applications, such as media players, store user preferences in registry data generally referred to as registry keys. The operating system uses the current values of the registry keys to determine how to handle certain events. For instance, using the above media player example, the operating system interrogates the Windows.RTM. registry keys relating to . mp3 files in the event that the user activates an . mp3 file in order to determine which media player to choose to play the file).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux in view of Day to have stored user chooses in the Windows.RTM. registry since the Windows.RTM. registry is a central hierarchical database used in Microsoft Windows.RTM. operating systems to store .

Claims 7-11 are rejected under 35 U.S.C. 103 as being unpatentable over Gailoux et al (US 10,733,685) in view of Christiansen (US 2005/0119902)
With respect to claim 7 Gailloux teaches a non-transitory computer-readable medium storing machine-readable instructions which, when executed by a processor, cause the processor to: 
collect a user consent on whether to share event data of multiple applications of a computing device (see Gailloux column 6 lines 47-67 i.e. Some of the third party applications 118 may prompt the user of the first UE 102a, for example during installation and/or during execution, to grant consent for the third party application 118 to access sensitive information, for example confidential information and/or private information. The user may be referred to as the owner of the confidential information and/or the owner of the private information. The confidential information may be the current location of the first UE 102a (and hence the location of the user); a list of 
store the user consent in a consent record, the consent record having an identifier (see Gailloux column 11 lines 1-11 i.e The consent monitor application 120 may store information about the consents associated with the third party applications 118 in the memory 116); 
collect event data from the application in response to the security of the application being verified (see Gailloux column 10 lines 38-51 i.e. the first UE 102a may further comprise a consent monitor application 120. The consent monitor application 120 may monitor the action of third party applications 118 and compare these actions to consents granted by the information owner or user associated with the first UE 102a, for example consents granted to third parties 110 (i.e., mobile application providers) associated with the third party applications 118. The consent monitor application 120 may determine a status of consents to grant access to or to release confidential information to the third party applications and take action in response to determining that the status of consent is not granted to grant access to or release confidential information that a third party application 118 has in fact attempted to access and/or release); and 

Gailloux does not teach verify a security of an application of the multiple applications. 
Christiansen teaches verify a security of an application of the multiple applications (see Christiansen paragraph 0015 i.e. a computing environment 200 that includes components for verifying the security of an application).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux in view of Christiansen to have 

	

	With respect to claim 8 Gailloux teaches the computer-readable medium of claim 7, wherein execution of the machine-readable instructions causes the processor to collect the user consent via a second application of the multiple applications of the computing device (see Gailloux column 10 lines 38-51 i.e. the first UE 102a may further comprise a consent monitor application 120. The consent monitor application 120 may monitor the action of third party applications 118 and compare these actions to consents granted by the information owner or user associated with the first UE 102a, for example consents granted to third parties 110 (i.e., mobile application providers) associated with the third party applications 118. The consent monitor application 120 may determine a status of consents to grant access to or to release confidential information to the third party applications and take action in response to determining that the status of consent is not granted to grant access to or release confidential information that a third party application 118 has in fact attempted to access and/or release).



With respect to claim 10 Gailloux teaches the computer-readable medium of claim 9, wherein execution of the machine-readable instructions causes the processor to tag the event data with the user consent stored in the second consent record and with the second consent record identifier (see Gailloux column 7 line 57 – column 8 line 18 i.e. a consent record 140 is described. In an embodiment, the consent record 140 

With respect to claim 11 Gailloux teaches the computer-readable storage of claim 7, wherein execution of the machine-readable instructions causes the processor to: receive a modified user consent prompt; prompt a user with the modified user consent prompt; collect the user consent; and store the user consent in a second consent record, the second consent record having a second identifier (see Gailloux column 11 line 65 – column 12 line 15 i.e. In an embodiment, the consent monitor application 120 may provide a user interface on the first UE 102a that can be used to define more finely grained consents. For example, an information owner may grant access to the contacts of the first UE 102a to a third party application 118 but restrict that access to phone numbers only and forbid access to email addresses or home addresses. For example, the information owner may grant access to the contacts of the first UE 102a, but one record at a time and based on the third party application 118 providing a name for which a phone number is desired. For example, the information .

Claim 12, 13 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gailoux et al (US 10,733,685) in view of Sadeh et al (WO 2019/133841) list on IDS filed 11//21/2019.
With respect to claim 12 Gailloux teaches a system comprising: 
a network interface (see Gailloux figure 1 element 112 cellular transceiver and column 6 lines 7-8 i.e. The first UE 102a may comprise a cellular transceiver 112); 
a storage device comprising machine-readable instructions (see Gailloux figure 1 element 116 memory and column 6 lines 7-11 i.e. A plurality of third party applications 118 may be stored in the memory 116); and 
a processor coupled to the network interface, the processor to access the storage device (see Gailloux figure 1 element 114 Processor and column 6 lines 7-8 i.e. The first UE 102a may comprise a cellular transceiver 112, a processor 114, and a memory 116), wherein execution of the machine-readable instructions causes the processor to: 
collect event data of a computing device, the event data tagged with a user consent (see Gailloux column 6 lines 47-67 i.e. Some of the third party applications 118 may prompt the user of the first UE 102a, for example during installation and/or during 
Gailloux does not teach categorize the tagged event data based on the user consent.
categorize the tagged event data based on the user consent (see Sadeh page 16 lines 23-31 i.e. In one embodiment, collective privacy preference models can come in the form of a number of privacy preference profiles obtained by clustering users with similar privacy preferences and identifying profiles of permission settings that users in a given cluster strongly agree on. The PPA can use these profiles to identify for each user the cluster (and profile) that best matches his/her privacy preferences. The privacy preference profiles can comprise, in one embodiment, collections of permission settings that test subjects in a given cluster strongly agree on (e.g. a threshold percentage of test subjects in the cluster concur on granting a given permission to a given category of 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux in view of Sadeh to have used a collective privacy preference models can come in the form of a number of privacy preference profiles obtained by clustering users with similar privacy preferences and identifying profiles of permission settings that users in a given cluster strongly agree on. The PPA can use these profiles to identify for each user the cluster (and profile) that best matches his/her privacy preferences as a way to help user fine tune their privacy preference (see Sadeh page 16 lines 23-31).  Therefore one would have been motivated to have used a collective privacy preference models by clustering users with similar privacy preferences.

	
With respect to claim 13 Gailloux teaches the system of claim 12, wherein execution of the machine-readable instructions causes the processor to collect multiple consent records of the computing device into a list (see Gailloux column 8 line 58 – column 9 line 3 i.e. the consent management application 124 may further provide an interface for owners of confidential information to manage their consents. For example, an owner of confidential information may log into a web site provided by the consent management hub 122. The information owner may identify himself or herself in a variety of different ways and in a plurality of different ways. The information owner may further provide an authentication token of the information owner, for example a personal identification number (PIN). The consent management application 124 can then search 
With respect to claim 15 Gailloux teaches the system of claim 12, wherein execution of the machine-readable instructions causes the processor to use the consent record to determine a manner in which the user consent was obtained (see Gailloux column 12 lines 16-37 i.e. The method 200 may be executed by a consent management hub 122 or a consent management hub server. At block 202, consent records from third parties are received (e.g., received by the consent management hub server), wherein each consent record relates to a consent by a consenting party to release confidential information to the third party and comprises three or more of an identity of the consenting party, an identity of the third party, a timestamp of a consent event, a version of a consent agreement, a universal reference locator (URL) that is a link to a text of the consent agreement, and a time limit during which the consent is valid. At block 204, the consent records are stored in a data store (e.g., the consent management hub server stores the consent records in the data store). At block 206, access to the consent records by the third parties and owners of the confidential information is mediated. For example, the consent management hub server mediates access to the consent records via an application programming interface provided by the consent management hub server for third parties and owners of the confidential information to access the consent records).

14 is rejected under 35 U.S.C. 103 as being unpatentable over Gailoux et al (US 10,733,685) in view of Sadeh et al (WO 2019/133841) In view of Livesay et al (US 20190348158).
With respect to claim 14 Gailloux teaches the system of claim 13, wherein execution of the machine-readable instructions causes the processor to compare a consent record identifier in the tagged event data to another consent record identifier in the list of multiple consent records to identify a match.
Gailloux teaches wherein execution of the machine-readable instructions causes the processor to compare a consent record identifier in the tagged event data to another consent record identifier in the list of multiple consent records to identify a match (see Livesay paragraph 0073 i.e. the query management module 134 can provide the query to the consent management module 132, which can determine whether the data sharing organization is authorized to share the health information specified in the query. For example, the consent management module 132 can be configured to make the determination by examining information stored in the entries of the consent directive ledger 180 that correspond to the patient whose information the data sharing organization wishes to share, as indicated by the patient identifier in the query. In some implementations, the consent management module 132 can determine whether the entries in the consent directive ledger 180 for the patient include information indicating that the patient has provided consent for the data sharing organization to share health information. For example, the consent management module 132 can make the determination by identifying a match between an identifier of a health organization or other entity for whom the patient has provided consent to data sharing as recorded in 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux in view of Livesay to matched a consent record identifier in the tagged event data to another consent record identifier in the list of multiple consent records to identify as a way to determine whether the data sharing organization is authorized to share the health information specified in the query (Livesay paragraph 0073). Therefore one would have been motivated to have a consent record identifier in the tagged event data to another consent record identifier in the list of multiple consent records to identify as a way to determine whether the data sharing organization is authorized to share the health information specified in the query.

Prior Art 

Wiederspohn et al (US 2019/0005210) titled “CENTRALIZED CONSENT MANAGEMENT” teaches a consent management system (CMS) manages a number of individual consent data records of data subjects. The CMS stores predefined consent templates to be instantiated when an individual consent data record is created. The CMS represents a centralized system for management of individual consent data records that are created, stored, and maintained in relation to provided consent by data 
	
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492