DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.
This communication is in response to the communication filed 6/24/2021.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Where applicant acts as his or her own lexicographer to specifically define a term of a claim contrary to its ordinary meaning, the written description must clearly redefine the claim term and set forth the uncommon definition so as to put one reasonably skilled in the art on notice that the applicant intended to so redefine that claim term. Process Control Corp. v. HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). The term “physical access” in claims 1, 8, and 15 is used by the claim to mean “tangibly-embodied access on a computer network,” which may include a tangible user interface. The accepted meaning of “physical access” using broadest reasonable interpretation includes physical on-site “access” to a computer system, but does not fully encompass all types of tangibly-embodied access on a computer network. The term is indefinite because the specification does not clearly redefine the term. A 112(a) rejection may be warranted based on Applicant’s amendments of further describing “access”.
Claim 8 recites the limitation "the system", but the claim only recites a method. There is insufficient antecedent basis for this limitation in the claim.
Claims 2-7, 9-14, and 16-20 are rejected based on their dependency on an indefinite claim.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims recite systems and methods for processing and transmitting data. Specifically, the claims recites storing data, processing data, calculating a notification schedule, calculating cryptographic keys, transmitting the keys to an interface, and transmitting the notifications according to the notification schedule, which is grouped within the “mental processes” grouping of abstract ideas because in this case, the claims involve a series of steps for receiving various types of data, processing data, making calculations with the data, and sending a notification based on the processing and calculations. See MPEP 2106.04. The claims limitations reciting the abstract idea may be performed in the mind or with pen and paper by one skilled in the arts. Accordingly, the claims recite an abstract idea.
This judicial exception is not integrated into a practical application. Integration into a practical application requires an additional element or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception. Here, the additional elements of the claims include a portal processor, communications interface, portal database, data model, and access matrix. 
The claims merely use computer elements as tools to perform abstract ideas and generally link the use of a judicial exception to a particular technological environment. The use of the computer elements as tools to implement the abstract idea and generally to link the use of the abstract idea to a particular technological environment does not render the claim patent eligible because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Specifically, the additional elements amount to mere instructions to apply the abstract idea, because a processor with a memory is used to perform the claim limitations, which amounts to invoking computers a tool to perform the abstract idea (specification par. 21-23). Moreover, the additional elements add insignificant extra-solution activity, because storing patient medical and compliance data amounts to mere data gathering, reciting processing an access matrix amounts to selecting a particular data source or type of data to be manipulated, and reciting cryptographic keys defining a level of access amounts to insignificant application. See MPEP 2106.05(g).
Generic computer elements recited as performing generic computer functions that are well-understood, routine, or conventional activities amount to no more than implementing the abstract idea with a computerized system (Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network and performing repetitive calculations); Bancorp Services v. Sun Life, 687 F.3d 1266, 1278, 103 USPQ2d 1425, 1433 (Fed. Cir. 2012) ("The computer required by some of Bancorp’s claims is employed only for its most basic function, the performance of repetitive calculations, and as such does not impose meaningful limits on the scope of those claims."); See MPEP 2106.05(d) and July 2015 Update: Section IV). Here, the claim limitations of processing and calculating data and sending notifications is similar to the ideas above of a computer receiving and sending information over a network and performing repetitive calculations. 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, as discussed above with respect to integration of the abstract idea into a practical application, using the additional elements amount to no more than using computer devices to automate or implement the abstract idea of processing and transmitting data. The use of a computer or processor to merely automate or implement the abstract idea cannot provide significantly more than the abstract idea itself. (See MPEP 2106.05(f) where mere instructions to apply an exception does not render an abstract idea patent eligible). Moreover, the additional elements are interpreted as well-understood, routine, and conventional activity in particular fields such as transmitting a notification pursuant to the medical regimen (e.g., receiving or transmitting data over a network, MPEP 2106.05(d)(II)(i)); storing patient medical data, compliance data, and an access matrix (e.g., storing and retrieving information in memory, MPEP 2106.05(d)(II)(iv)); reprocessing a data model to calculate a new notification schedule  (e.g., performing repetitive calculations, MPEP 2106.05(d)(II)(ii)); a portal database comprising patient medical data and compliance data (e.g., electronic recordkeeping, MPEP 2106.05(d)(II)(iii)). There is no indication that the additional limitations alone or in combination improves the functioning of a computer or any other technology, improves another technology or technical field, or effects a transformation or reduction of a particular article to a different state or thing. Therefore, the claims are not patent eligible.
The dependent claims incorporate all of the limitations above. The claims do not provide additional limitations for analysis and address limitations of the abstract idea. Claims 2-4, 9-11, and 16-18 further describe reciting particular aspects of how the portal processor may be used, claims 5-6, 12-13, and 19-20 further describe the cryptographic keys, and claims 7 and 14 further describe the notifications. The claims fail to remedy the deficiencies of their parent claims and are therefore rejected for at least the same rationale as applied above. The claims individually and in ordered combinations do not offer significantly more than abstract ideas. 
In conclusion, the claims are directed to the abstract idea of processing and transmitting data. The claims do not provide an inventive concept, because the claims do not recite additional elements or a combination of elements that amount to significantly more than the judicial exception of the claims. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and the collective functions merely provide conventional computer implementation. Therefore, whether taken individually or as an order combination, the claims are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Raduchel et al. WO2018/152410 in view of Geagan, III US2016/0285833.
Regarding claim 1, Raduchel teaches 
a portal processor (Raduchel teaches a processor (p. 39, ln 6))
a communications interface, operatively coupled to the portal processor; (Raduchel teaches a user interface for accepting commands and for requesting data (equivalent to an interface for communications; p. 15, ln 20-21))
and a portal database, operatively coupled to the portal processor, wherein the portal database comprises patient medical data and compliance data relating to the medical regimen,…defining different access permissions for a plurality of groups comprising one or more users, wherein the access permissions are configured to allow different levels of physical access to the system, and (Raduchel teaches a database (p. 12, ln 4), which comprises information from a medical records database containing patient medical data (p. 7, ln 11-14), adherence to taking prescribed medication (equivalent to compliance data relating to a medical regimen; p. 82, ln 10) and a list of approved service providers who have the authority to decrypt certain encrypted data (equivalent to a matrix defining access permissions for a plurality of users; p. 17, ln 17-24), data segments encrypted with varying levels of sophistication (p. 7 ln 27-30) different levels of access for a provider (p. 58, ln 28-32))
wherein the portal processor is configured to process a data model for the medical regimen to calculate a notification schedule, wherein the notification schedule comprises content for individual notifications and times in which the individual notifications are transmitted, (Raduchel teaches following a set of rules for a medical visit (equivalent to processing a data model) to calculate when to alert a user that certain conditions have been met (equivalent to a notification schedule comprising content for each notification and times for each notification to be sent; p. 84, ln 4-8))
process…to calculate and transmit a number of different cryptographic keys associated with the processed data model that will be distributed specific to each group, wherein the different cryptographic keys define a level of physical access to different portions of data in the notification for each group, (Raduchel teaches issuing credential tokens to users based on the approved-users list, where each token allows a specific user to access specific data files and where there may be different levels of access (equivalent to defining a level of access for each group; p. 17, ln 17-24; p. 61, ln 27-31)
and transmit, via the communication interface, the notification pursuant to the medical regimen to a first group of the plurality of groups...according to at least one of the defined access permissions. (Raduchel teaches an alert is transmitted directly to a physician based on its priority as a text message (p. 84, ln 9-13))
Raduchel does not specifically teach the following limitations met by Geagan, an access matrix (Geagan par. 24-26, 28 teaches matrix based encryption scheme) form a binary tree (Geagan teaches space efficient key allocations in broadcast encryption systems where the system may use a one-way triple function to traverse downwards through a binary tree and derive encryption keys from parent nodes; par. 8, 9, 24, 26); , wherein the notification is configured to be accessible in the system by the first group, but no another group of the plurality of groups (Geagan par. 8, 20, 33 teaches messages may be encrypted for subsets of devices, interpreted as a first group, to restrict access to content, interpreted as a notification, here, using broadest reasonable interpretation, a notification that is accessible to a first group but not another group is synonymous with sending an email message to a group of doctors, because the recipients would have access to the notification, and the nonrecipients would not have access).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the systems and methods as taught by Raduchel to use an access matrix, form a binary tree to calculate and transmit cryptographic keys and have a notification configured to be accessible in a system by a first group and not another as taught by Geagan with the KSR motivation to try tree data structures. In the combination of the references, it is well within the capabilities of one of ordinary skill in the art to try to use binary trees for encryption. One of ordinary skill in the art would have recognized that the results of the combination were predictable.
Regarding claim 8, Raduchel teaches
Storing, in a portal database, patient medical data and compliance data relating to the medical regimen
Raduchel teaches a database (p. 12, ln 4), which comprises information from a medical records database containing patient medical data (p. 7, ln 11-14), and adherence to taking prescribed medication (equivalent to compliance data relating to a medical regimen; p. 82, ln 10)
Storing, in the portal database,…defining different access permissions for a plurality of groups comprising one or more users wherein the access permissions are configured to allow different levels of physical access to the system;
Raduchel teaches a database (p. 12, ln 4), which comprises a list of approved service providers who have the authority to decrypt certain encrypted data (equivalent to a matrix defining access permissions for a plurality of users; p. 17, ln 17-24), and different levels of access for a provider (p. 58, ln 28-32; p. 61, ln 27-31)
processing a data model for the medical regimen via a portal processor operatively coupled to the portal database, to calculate a notification schedule, wherein the notification schedule comprises content for individual notifications and times in which the individual notifications are transmitted;
Raduchel teaches following a set of rules for a medical visit (equivalent to processing a data model) to calculate when to alert a user that certain conditions have been met (equivalent to a notification schedule comprising content for each notification and times for each notification to be sent; p. 84, ln 4-8)
process, via the portal processor,…to calculate and transmit a number of different cryptographic keys associated with the processed data model that will be distributed specific to each group, wherein the different cryptographic keys define a level of access to different portions of data in the notification for each group, 
Raduchel teaches issuing credential tokens to users based on the approved-users list, where each token allows a specific user to access specific data files and where there may be different levels of access (equivalent to defining a level of access for each group; p. 17, ln 17-24; p. 61, ln 27-31)
transmitting, via a communications interface, the different cryptographic keys
Raduchel teaches issuing credential tokens to users based on the approved-users list, where each token allows a specific user to access specific data files (equivalent to defining a level of access for each group; p. 17, ln 17-24)
transmitting, via a communication interface, the notification pursuant to the medical regimen to a first group of the plurality of groups according to at least one of the defined access permissions.
Raduchel teaches an alert is transmitted directly to a physician based on its priority as a text message (p. 84, ln 9-13)
Raduchel does not specifically teach the following limitations met by Y, an access matrix (Geagan par. 24-26, 28 teaches matrix based encryption scheme) form a binary tree (Geagan teaches space efficient key allocations in broadcast encryption systems where the system may use a one-way triple function to traverse downwards through a binary tree and derive encryption keys from parent nodes; par. 8, 9, 24, 26); , wherein the notification is configured to be accessible in the system by the first group, but no another group of the plurality of groups (Geagan par. 8, 20, 33 teaches messages may be encrypted for subsets of devices, interpreted as a first group, to restrict access to content, interpreted as a notification, here, using broadest reasonable interpretation, a notification that is accessible to a first group but not another group is synonymous with sending an email message to a group of doctors, because the recipients would have access to the notification, and the nonrecipients would not have access).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the systems and methods as taught by Raduchel to use an access matrix,form a binary tree to calculate and transmit cryptographic keys and have a notification configured to be accessible in a system by a first group and not another as taught by Geagan with the KSR motivation to try tree data structures. In the combination of the references, it is well within the capabilities of one of ordinary skill in the art to try to use binary trees for encryption. One of ordinary skill in the art would have recognized that the results of the combination were predictable.
Regarding claim 15, Raduchel teaches
a portal processor;
Raduchel teaches a processor (p. 39, ln 6)
a communications interface, operatively coupled to the portal processor; 
Raduchel teaches a user interface for accepting commands and for requesting data (equivalent to an interface for communications; p. 15, ln 20-21)
and a portal database, operatively coupled to the portal processor, wherein the portal database comprises patient medical data relating to the medical regimen, and…defining different access permissions for a plurality of groups comprising one or more users, wherein the access permissions are configured to allow different levels of physical access to the system, and
Raduchel teaches a database (p. 12, ln 4), which comprises information from a medical records database containing patient medical data (p. 7, ln 11-14), and a list of approved service providers who have the authority to decrypt certain encrypted data (equivalent to a matrix defining access permissions for a plurality of users; p. 17, ln 17-24) and different levels of access for a provider (p. 58, ln 28-32)
Wherein the portal processor is configured to process…to calculate and transmit a number of different cryptographic keys associated with the processed data model that will be distributed specific to each group, wherein the different cryptographic keys define a level of access to different portions of data for each group, 
Raduchel teaches issuing credential tokens to users based on the approved-users list, where each token allows a specific user to access specific data files and where there may be different levels of access (equivalent to defining a level of access for each group; p. 17, ln 17-24; p. 61, ln 27-31)
and transmit, via the communication interface, the notification pursuant to the medical regimen to a first group of the plurality of groups according to at least one of the defined access permissions.
Raduchel teaches an alert is transmitted directly to a physician based on its priority as a text message (p. 84, ln 9-13)
Raduchel does not specifically teach the following limitations met by Y, an access matrix (Geagan par. 24-26, 28 teaches matrix based encryption scheme) form a binary tree (Geagan teaches space efficient key allocations in broadcast encryption systems where the system may use a one-way triple function to traverse downwards through a binary tree and derive encryption keys from parent nodes; par. 8, 9, 24, 26) , wherein the notification is configured to be accessible in the system by the first group, but no another group of the plurality of groups (Geagan par. 8, 20, 33 teaches messages may be encrypted for subsets of devices, interpreted as a first group, to restrict access to content, interpreted as a notification, here, using broadest reasonable interpretation, a notification that is accessible to a first group but not another group is synonymous with sending an email message to a group of doctors, because the recipients would have access to the notification, and the nonrecipients would not have access).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the systems and methods as taught by Raduchel to use an access matrix, form a binary tree to calculate and transmit cryptographic keys and have a notification configured to be accessible in a system by a first group and not another as taught by Geagan with the KSR motivation to try tree data structures. In the combination of the references, it is well within the capabilities of one of ordinary skill in the art to try to use binary trees for encryption. One of ordinary skill in the art would have recognized that the results of the combination were predictable.
Regarding claims 2, 9, and 16, Raduchel teaches the limitations of claims 1, 8, and 15.  Raduchel further teaches
The portal processor is configured to receive feedback from the transmitted notification, 
Raduchel teaches the system can receive confirmation that an alert has been received (p. 84, ln 15-16)
and wherein the portal processor is configured to reprocess the data model to calculate a new notification schedule.
Raduchel teaches the rules (equivalent to a data model) can be processed repeatedly to generate new notification schedules (p. 78, ln 8-9)
Regarding claims 3, 10, and 17, Raduchel teaches the limitations of claims 2, 9, and 16.  Raduchel further teaches 
the portal processor is configured to transmit, via the communication interface, a new notification pursuant to the medical regimen according to the new notification schedule.
Raduchel teaches the rules (equivalent to a data model) can be processed repeatedly to generate and transmit new notifications (p. 78, ln 8-9)
Regarding claims 4, 11, and 18, Raduchel teaches the limitations of claims 2, 9, and 16.  Raduchel further teaches
The portal processor is configured to transmit, via the communication interface, a new notification pursuant to the medical regimen to the first group and a second group of the plurality of groups, wherein the second group has a different level of access from the first group.
Raduchel teaches different stakeholders may receive different notifications from the system based on their different permissions levels (p. 9, ln 28 to p. 10 ln 3)
Regarding claims 5, 12, and 19, Raduchel teaches the limitations of claims 1, 8, and 15.  Raduchel further teaches 
at least some of the different cryptographic keys are configured to derive sub keys.
Raduchel teaches the public key (equivalent to a cryptographic key) which is used to encrypt a patient’s data can be used to derive hash codes for segments of the patient’s data (equivalent to sub keys; p. 18, ln 26-31)
Regarding claims 6, 13, and 20, Raduchel teaches the limitations of claims 5, 12, and 19.  Raduchel further teaches
the sub keys are derived using a one-way hash function.
Raduchel teaches the hashes used can be MD5 hashes, which are one-way hash functions (p. 18, ln 30)
Regarding claims 7 and 14, Raduchel teaches the limitations of claims 1 and 8.  Raduchel further teaches
the notification comprises data for the user to enter data as feedback.
Raduchel teaches an alert can also require a response to confirm the alert has been received (equivalent to feedback; p. 84, ln 15-16)

Response to Arguments and Amendments
Applicant’s arguments and amendments filed on 4/25/2022 have been fully considered and are addressed below.
Applicant’s arguments have been fully considered but are not persuasive.
The 112(a) rejection has been withdrawn in light of the arguments and interpretations presented in the Remarks p. 7.
Applicant argues that the claims do not recite an abstract idea (p. 8-9). Examiner respectfully disagrees. As stated above and in the previous Office Actions, incorporated herein, the claims recite an abstract idea because in this case, the claims involve a series of steps for receiving various types of data, processing data, making calculations with the data, and sending a notification based on the processing and calculations.
Applicant argues that the claimed features are correctly interpreted as directed to improvement for operating a specially configured system (p. 9). Examiner respectfully disagrees. 
Applicant does not mention any specific additional elements that show any improvements to technological systems. The Office Action includes citations to the MPEP and Applicant’s specification to explain why the portal processor, communication interface, portal database, data model, and access matrix were deemed to not integrate the abstract idea into a practical application and not significantly more than the abstract idea because the additional elements were interpreted to amount to mere instructions to apply and exception, add insignificant extra-solution activity, and amount to elements that have been recognized as well understood, routine, and conventional activity. There is no specially configured system that is claimed since Applicant’s specification p. 5-6 recites that the disclosed embodiments may be implemented by any tangibly embodied combination, which suggests that the additional elements are not specific technological improvements and are known computer elements performing well-understood, routine, and conventional activity.
Applicant argues that the previous Office Action improperly argued caselaw for FairWarning IP, LLC as analogous caselaw (p. 10). Examiner respectfully disagrees.
The previous Office Action cited FairWarning to explain that a system and method of detecting fraud and/or misuse in a computer environment, in which information regarding accesses of a patient’s personal health information was analyzed according to one of several rules to determine if the activity indicates improper access may be considered a mental process. 
Applicant argues that the claims recite additional elements that integrate the recited abstract idea into a practical application (p. 11-13). Examiner respectfully disagrees. Applicant cites Example 42 of the PEG, which was found to integrate the abstract idea into a practical application, because the claimed additional elements allowed remote access to share standardized data in real time since the claims recited a conversion of updated information that was input by a use in a non-standardized format. Here, the claims do not recite remote access, instead they recite “physical access” which is interpreted to not be remote access as stated above in the 112(b) rejection. There is also no recitation or analogous claim limitation reciting any conversion of data to standardized formats.
Applicant argues that the claims amount to significantly more than the abstract idea because the claims recite an improvement to the functioning of a special purpose computer (p. 13-14). Examiner respectfully disagrees. As stated above Applicant’s specification p. 5-6 recites that the disclosed embodiments may be implemented by any tangibly embodied combination, which suggests that the additional elements are not specific technological improvements and are known computer elements performing well-understood, routine, and conventional activity. The recitation of any limitations that clearly demonstrate enhanced distribution of encrypted messages to improve data security or decrease storage, processor, or network usage may overcome the 101 rejection. 
Examiner respectfully submits that the burden of establishing that the claimed subject matter falls under a judicial exception to patent eligibility has been met, along with a showing of how the additional elements are not significantly more than the judicial exception, therefore claims 1-20 remain rejected under 101.
Applicant argues the withdrawal of the obviousness rejections. Applicant states that the cited references do not specifically teach an access matrix to form a binary tree to calculate and transmit a number of different cryptographic keys, different levels of access permissions, not merely granting or denying permission, and different users authorized to view different portions of the same notification (p. 14-18). Examiner respectfully disagrees. 
Examiner has updated the prior art rejection to a 103 rejection as being unpatentable over Raduchel in view of Geagan. Raduchel p. 7, ln 27-30 and p. 58, ln 28-32 teaches data segments encrypted with varying levels of sophistication and different levels of data access permissions for providers. Geagan par. 8, 9, 24-26 teaches space efficient key allocations in broadcast encryption systems and matrix-based broadcast encryption schemes, where the system may use a one-way triple function to traverse downwards through a binary tree and derive encryption keys from parent nodes. The cited references may not teach different levels of access permissions other than merely granting or denying permission; however, the claims as recited using broadest reasonable interpretation may include a simple grant or deny as different levels of access.
As such claims 1-20 are unpatentable as stated above. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY M PATEL whose telephone number is (571)272-6793.  The examiner can normally be reached on Monday-Thursday 7AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Victoria Augustine can be reached on (313) 446-4858.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAY M. PATEL/Examiner, Art Unit 3686