DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/02/20, 10/06/20.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 11-12, 14, 18-22, are rejected under 35 U.S.C. 103 as being unpatentable over Hennebert et al (US 11314891 B2) in view of Balaraman et al(US 20190303920 A1).

With regards to claim 1, 18 Hennebert discloses, A method for exchange of data from a peer provider to a peer consumer, the method comprising: 
storing, by a data server for the peer provider, data available for exchange with one or more peer consumers (FIG 1 130 and associated text; Data server storing sensor data available for the clients/consumer with valid token provided from Authorization server 120); 
registering, by the peer provider using a blockchain network, a data service for the data available for exchange (Col 2 line 45-55; (a) the access tokens are generated by an access token server in accordance with the access policies stored in a first database hosted by said server, the access token of said user being identified by a token identifier and transmitted, by means of a first transaction, to a first smart contract stored in a blockchain, the first smart contract recording the access token in the blockchain; ); 
receiving, by the data server or the peer provider from the peer consumer, a request for data of the data available for exchange, (Col 4 line 10-20; (34) the terminal of said user being configured to transmit, by means of a second transaction, an access authorization request identified by an authorization request identifier, to a second smart contract stored in the blockchain, the second smart contract interrogating the first smart contract and obtaining the access token by supplying to it cryptographic elements making it possible to authenticate the user, then determining if the access conditions contained in the token are indeed met and, in the affirmative, recording the access authorization in the blockchain; col 1 line 50-60; The user next transmits at step 2 a request to the data server 130 by presenting his access token.); 
verifying, by the data sever or the peer provider using the blockchain network, the data token (Col 4 line 10-20; (34) the terminal of said user being configured to transmit, by means of a second transaction, an access authorization request identified by an authorization request identifier, to a second smart contract stored in the blockchain, the second smart contract interrogating the first smart contract and obtaining the access token by supplying to it cryptographic elements making it possible to authenticate the user, then determining if the access conditions contained in the token are indeed met and, in the affirmative, recording the access authorization in the blockchain;); and 
providing, by the data server to the peer consumer, requested data of the data available for exchange if the verifying the data token confirms validity of the data token (Col 4 line 25-35; the data server being configured to read the personal data stored in the second database, at a URL specified in the token, and to transmit the personal data to the terminal of said user via the secure channel. col 1 line 50-60; The data server 130 then verifies at step 3 with the authorization server 120 if the user indeed has access rights to the requested resources and, if this is effectively the case, receives at step 4 an authorization from the latter. The data server then responds favourably to the request of the user and, at step 5, transmits to the client application the requested resources.).

Hennebert does not exclusively but Balaraman discloses, wherein the request for data includes a data token of the data service for the data available for exchange obtained by the peer consumer from the blockchain network ([0047] With specific reference to FIGS. 4A and 4B, and continued reference to FIG. 1, a transaction process 401 in a system for processing transactions using a token smart contract is shown, according to various embodiments. User device 110 accesses merchant application 127 (step 403). User device 110 may browse merchant application 127 to purchase a good or service. User device 110 may initiate a transaction via merchant application 127 to purchase a good or service. Merchant application 127 transmits a merchant blockchain address (step 405). In response to user device 110 initiating the payment process, merchant application 127 may transmit the merchant blockchain address associated with the merchant. For example, merchant application 127 may be programmed or comprise dedicated embedded functionality to control the transmission of the merchant blockchain address to user device 110. User device 110 accesses user blockchain wallet 115 (e.g., via a web browser or the like) to initiate a transfer transaction (step 407). The transfer transaction may be initiated by invoking token smart contract 105.)  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Hennebert’s method/system with teaching of Balaraman in order to transaction processes using blockchain-based token smart contracts (Balaraman [0001])

With regards to claim 2, Hennebert further discloses, wherein the registering the data service comprises: invoking a first smart contract of the blockchain network to register the data service ( Col 2 line 45-55; The present invention is defined by a method for accessing personal data belonging to a data owner, the access rights of a user to these data for a predetermined use being represented by an access token, in which: (a) the access tokens are generated by an access token server in accordance with the access policies stored in a first database hosted by said server, the access token of said user being identified by a token identifier and transmitted, by means of a first transaction, to a first smart contract stored in a blockchain, the first smart contract recording the access token in the blockchain;).

With regards to claim 3, Hennebert further discloses, wherein the data token is obtained by the peer consumer after the peer consumer invokes a second smart contract of the blockchain network to discover the data service registered by peer provider (Col 2 line 55-65;  (b) a terminal of said user transmits, by means of a second transaction, an access authorization request identified by an authorization request identifier, to a second smart contract stored in the blockchain, the second smart contract interrogating the first smart contract and obtaining the access token by supplying to it cryptographic elements making it possible to authenticate the user, then determining if the access conditions contained in the token are indeed met and, in the affirmative, recording the access authorization in the blockchain;), and after the peer consumer invokes a third smart contract of the blockchain network to request the data token (Col 3 line 10-30; (19) According to an alternative, at step (a), following the emission of the first transaction, the access token server transmits a consent request to the terminal of the owner of the personal data and this emits a third transaction destined for a third smart contract stored in the blockchain, the third transaction comprising a first Boolean variable indicating the consent or the refusal of the consent of the owner of the data to access these data by said user.).

With regards to claim 4, Hennebert further discloses, wherein the verifying the data token comprises: invoking a fourth smart contract of the blockchain network to check the validity of the data token provided by the peer consumer (col 9 line 25-40; If the cryptographic elements indeed correspond to those indicated in the locking script, the token is unlocked and, if it is still valid (if the date indicated in the sixth field of the token is indeed later than the expiry date), an access authorization (AuthZ) is stored in relation with its identifier (IdReq#p) in the distributed ledger of the blockchain. The access authorization contains the identifier of the token for which it has been granted (TokUID). The access authorization comprises if needs be the validity parameters of this authorization: period of validity, maximum number of consultations, etc.).

With regards to claim 5, 19 Hennebert further discloses, wherein the data available for exchange comprises Internet of Things (IoT) data (Col 4line 35-45; The management of access rights in an IoT system is generally based on a version derived from the OAuth 2.0 protocol, represented in FIG. 1.).

With regards to claim 6, Hennebert further discloses, wherein the data token is a security token comprising a digital signature (Col 8 line 20-45; The third transaction comprises as argument the public key of the owner of the data, a nonce, the value of the variable Consent (FALSE or TRUE) and a digital signature of the transaction by means of the private key of the owner of the data. The nonce may be a transaction order number and has the objective of avoiding replay attacks. Said third contract can verify using this digital signature that the consent indeed emanates from the owner of the data before inscribing the logic value of the consent in the blockchain.).

With regards to claim 7, 20 Hennebert further discloses, wherein the blockchain network is a permissioned private blockchain network (col 6 line 45-55; (21) The correct execution of the smart contracts is verified by verification devices, 290. These verification nodes are in practice nodes having at their disposal a complete copy of the ledger (full nodes). The verification nodes validate the result of this execution according to a consensus mechanism, for example by means of a proof of work, a proof of stake, or even a proof of authority if the blockchain is private.).

With regards to claim 8, 21 Hennebert further discloses, wherein the blockchain network does not include the data server and does not store the data available for exchange, (FIG 2 and associated text; ) and wherein the providing the requested data by the data server to the peer consumer exchanges the requested data by the data server to the peer consumer off-chain with respect to the blockchain network (Col  line 35-45; Hereafter a blockchain capable of storing not only transactions (as in Bitcoin) but also executing the code of smart contracts will be considered. An example of such a blockchain is Ethereum. A smart contract is a software code that can be stored in a block of the distributed ledger. This software code may be accessed at a determined address and may comprise one or more functions. The execution of a function of the smart contract may be triggered by sending a transaction transmitted from a wallet to the address of the code in question, the transaction comprising the identification of the function to execute and the input arguments expected by this function.).

With regards to claim 9 Hennebert further discloses, further comprising: generating, by the data server or the peer provider, a data structure representative of the data available for exchange and storing the data structure representative of the data available for exchange to the blockchain network. (FIG 2 240 and associated text;  (19) Once the access token has been generated and, if needs be, the consent of the owner of the data has been obtained, the user may be granted an access authorization according to a process that will be described hereafter. The user thereby authorized addresses to the data server 240 a request to consult the personal data. The data server 240 has a second database 245 in which the personal data are stored. The data server then supplies to the user via a secure channel 247 the data corresponding to the authorization that has been granted to him. As will be seen hereafter, the different operations such as the emission of access rights, the expression of the consent of the owner of the data, the formulation of an access request, the granting of an access authorization involves smart contracts (or even a single smart contract grouping together all of their respective functions). These smart contracts are stored in the distributed ledger of a blockchain 250.); 

With regards to claim 11, examiner taking official notice that, “wherein the data structure representative of the data available for exchange to the blockchain network comprises a Bloom filter for the data available for exchange to the blockchain network” is well known in the cryptography and not an inventive step.

With regards to claim 12, Hennebert further discloses, wherein the data structure representative of the data available for exchange is made available to the peer consumer by the blockchain network as part of the data service for verifying integrity of the requested data (Col 8 line 20-45; The third transaction comprises as argument the public key of the owner of the data, a nonce, the value of the variable Consent (FALSE or TRUE) and a digital signature of the transaction by means of the private key of the owner of the data. The nonce may be a transaction order number and has the objective of avoiding replay attacks. Said third contract can verify using this digital signature that the consent indeed emanates from the owner of the data before inscribing the logic value of the consent in the blockchain.).

With regards to claim 14, Heneebert further discloses, encrypting the requested data, wherein the providing the requested data comprises providing an encrypted instance of the requested data to the peer consumer by the data server (Col 10 line 15-25; The data in the database may be stored in encrypted form or in unscrambled form. ); generating information for use in the peer consumer extracting the requested data from the encrypted instance of the requested data (Col 10 line 15-25; When they are encrypted, the encryption keys may be stored in a digital vault (or secure element). The access server can access the secure element and read the appropriate encryption key to de-encrypt the data at the address specified by the reading pointer); and storing the information for use in the peer consumer extracting the requested data and a cryptographic key for the encrypted instance of the requested data to the blockchain network (Col 10 line 15-25; When they are encrypted, the encryption keys may be stored in a digital vault (or secure element). The access server can access the secure element and read the appropriate encryption key to de-encrypt the data at the address specified by the reading pointer. If needs be, if several addresses are specified, the personal data read may be aggregated by the data server, prior to their transmission. Generally speaking, the server can carry out a processing of the data thereby read before transmitting them to the user. …the data server transmits to the user, via the secure channel, the extracted personal data, after having aggregated them, if necessary).

Claim 22 is combined limitations of 9 and 12 also rejected accordingly.

With regards to claim 24, Hennebert discloses, A method for exchange of data by a hybrid blockchain data exchange system from a peer provider to a peer consumer, the method comprising: 
storing, by a data server for the peer provider, data available for exchange with one or more peer consumers (FIG 1 130 and associated text; Data server storing sensor data available for the clients/consumer with valid token provided from Authorization server 120); 
invoking a first smart contract of a blockchain network by the peer provider to register a data service for the data available for exchange (Col 2 line 45-55; (16) (a) the access tokens are generated by an access token server in accordance with the access policies stored in a first database hosted by said server, the access token of said user being identified by a token identifier and transmitted, by means of a first transaction, to a first smart contract stored in a blockchain, the first smart contract recording the access token in the blockchain;), wherein a data token is obtained by the peer consumer after the peer consumer invokes a second smart contract of the blockchain network to discover the data service registered by peer provider (Col 2 line 55-65;  (b) a terminal of said user transmits, by means of a second transaction, an access authorization request identified by an authorization request identifier, to a second smart contract stored in the blockchain, the second smart contract interrogating the first smart contract and obtaining the access token by supplying to it cryptographic elements making it possible to authenticate the user, then determining if the access conditions contained in the token are indeed met and, in the affirmative, recording the access authorization in the blockchain;), and after the peer consumer invokes a third smart contract of the blockchain network to request the data token (Col 3 line 10-30; (19) According to an alternative, at step (a), following the emission of the first transaction, the access token server transmits a consent request to the terminal of the owner of the personal data and this emits a third transaction destined for a third smart contract stored in the blockchain, the third transaction comprising a first Boolean variable indicating the consent or the refusal of the consent of the owner of the data to access these data by said user. ); 
receiving a request from the peer consumer for data of the data available for exchange (Col 4 line 10-20; (34) the terminal of said user being configured to transmit, by means of a second transaction, an access authorization request identified by an authorization request identifier, to a second smart contract stored in the blockchain, the second smart contract interrogating the first smart contract and obtaining the access token by supplying to it cryptographic elements making it possible to authenticate the user, then determining if the access conditions contained in the token are indeed met and, in the affirmative, recording the access authorization in the blockchain; col 1 line 50-60; The user next transmits at step 2 a request to the data server 130 by presenting his access token), 
invoking a fourth smart contract of the blockchain network to check the validity of the data token provided by the peer consumer (col 9 line 25-40; If the cryptographic elements indeed correspond to those indicated in the locking script, the token is unlocked and, if it is still valid (if the date indicated in the sixth field of the token is indeed later than the expiry date), an access authorization (AuthZ) is stored in relation with its identifier (IdReq#p) in the distributed ledger of the blockchain. The access authorization contains the identifier of the token for which it has been granted (TokUID). The access authorization comprises if needs be the validity parameters of this authorization: period of validity, maximum number of consultations, etc); and 
providing, by the data server to the peer consumer, requested data of the data available for exchange if the verifying the data token confirms validity of the data token ((Col 4 line 25-35; the data server being configured to read the personal data stored in the second database, at a URL specified in the token, and to transmit the personal data to the terminal of said user via the secure channel. col 1 line 50-60; The data server 130 then verifies at step 3 with the authorization server 120 if the user indeed has access rights to the requested resources and, if this is effectively the case, receives at step 4 an authorization from the latter. The data server then responds favourably to the request of the user and, at step 5, transmits to the client application the requested resources.).

Hennebert does not exclusively but Balaraman discloses, wherein the request for data includes the data token of the data service for the data available for exchange obtained by the peer consumer from the blockchain network; ([0047] With specific reference to FIGS. 4A and 4B, and continued reference to FIG. 1, a transaction process 401 in a system for processing transactions using a token smart contract is shown, according to various embodiments. User device 110 accesses merchant application 127 (step 403). User device 110 may browse merchant application 127 to purchase a good or service. User device 110 may initiate a transaction via merchant application 127 to purchase a good or service. Merchant application 127 transmits a merchant blockchain address (step 405). In response to user device 110 initiating the payment process, merchant application 127 may transmit the merchant blockchain address associated with the merchant. For example, merchant application 127 may be programmed or comprise dedicated embedded functionality to control the transmission of the merchant blockchain address to user device 110. User device 110 accesses user blockchain wallet 115 (e.g., via a web browser or the like) to initiate a transfer transaction (step 407). The transfer transaction may be initiated by invoking token smart contract 105.)  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Hennebert’s method/system with teaching of Balaraman in order to transaction processes using blockchain-based token smart contracts (Balaraman [0001])

Allowable Subject Matter
Claims, 10, 13, 15-17, 23, 25, 26 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498