Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/936,136 is presented for examination by the examiner.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.




Claims 1-4, 8-14, and 17-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by NPL “A Secure Revocable Personal Health Record System With Policy-Based Fine-Grained Access Control” by Samet et al., hereinafter Samet.  This reference was provided on IDS filed 9/30/21.

As per claim 1, Samet teaches a data security system for enabling tokenized access to sensitive data, the data security system comprising a token provisioning computing device [PHR framework; section III) including a processor communicatively coupled to a memory device, the token provisioning computing device configured to: 
initiate a secure connection with a remote client computing device of a first data subject (Fig. 1; user device and RS form a connection)  
receive, from the remote client computing device of the first data subject, a request for an access token [decryption token] to provide a service provider computing device with access to sensitive data associated with the first data subject [Dr wants to access patient’s files], wherein the request includes a data definition of the sensitive data to which access is to be provided and one or more authorization parameters [cipher text | user ID| attributes;  Fig. 9] 
generate the access token that enables access to the defined sensitive data according to the one or more authorization parameters [decryption token based on attributes set by owner; Fig. 9/10]; 
store the access token in a token database with the data definition and the one or more authorization parameters (section V, B and section III A-TA); and 
transmit, to the remote client computing device of the first data subject, a response including the access token and instructions that enable the remote computing device to at least one of display the access token to the first data subject [Fig. 9, sent back to requesting user] and transmit the access token to the service provider computing device.

As per claims 13 and 19 they are rejected for the same reasons as claim 1.

As per claim 2, Samet teaches the token provisioning computing device is further configured to authenticate the request for the access token (Fig. 1 and III A; since the user was already logged in with a valid UserID and thus authenticated, the request can be authorized by the RS and the same UserID which is checked in Fig. 10).
As per claims 3 and 14, Samet teaches the request for the access token further includes authentication credentials input by the first data subject to the remote client computing device during a log-in process (Fig. 1 and section III A-(AS)) , and wherein to authenticate the request for the access token, the token provisioning computing device is further configured to process the authentication credentials received from the remote client computing device (Fig. 1 and III A; since the user was already logged in with a valid UserID and thus authenticated, the request can be authorized by the RS and the same UserID which is checked in Fig. 10).
As per claims 4 and 15, Samet teaches transmit an authentication request message to the remote client computing device, the authentication request message including instructions that cause the remote client computing device to prompt the first data subject to input one or more authentication credentials into the remote client computing device [log-in procedure to grant user’s access to the system; section III A-(AS)]; receive, from the remote client computing device, an authentication response message including the one or more input authentication credentials; and process the input authentication credentials [username/password submission per standard].
As per claim 8, Samet teaches the one or more authorization parameters include at least one of a validity time/date parameter [section II, B; teaches time based parameters were already known before the effective filing date], a data source parameter, or an authorized service provider parameter (section V, D).
As per claim 9, Samet teaches the data definition includes a subset of a plurality of data elements available to provide to the service provider computing device from one or more data sources (Fig. 13).
As per claims 10 and 18, Samet teaches receive, from the remote client computing device, data subject input indicating a revocation of the access token (Fig. 11); and in response to receiving the data subject input, at least one of delete the stored access token or disable the stored access token to prevent further access to the sensitive data by the service provider computing device (Fig. 11).
As per claim 11, Samet teaches the one or more authorization parameters include a validity date after which access to the sensitive data is revoked [section II, B; teaches time based parameters were already known before the effective filing date], and wherein the token provisioning computing device is further configured to: upon reaching the validity date, at least one of delete the stored access token or disable the stored access token to prevent further access to the sensitive data by the service provider computing device [access revoked once the time expires; section II, B] .
As per claims 12 and 20, Samet teaches the access token is one of alphanumeric code, a bar code, and a QR code [the tokens are comprised of encryption keys were are stored in computer memory as alphanumeric bytes that are input into a decryption function applied to the ciphertext which is also stored as bytes; section V-B].


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 5-7, 16, and 17 rejected under 35 U.S.C. 103 as being unpatentable over Samet in view of USP Application Publication 2021/0295280 Blakesley et al., hereinafter Blakesley.

As per claims 5 and 16, Samet teaches perform a lookup operation using at least one of the access token or a subject identifier (checks for revoked attributes or user itself; Fig. 10).  Samet does not explicitly teach receive a token validation request message from the service provider computing device, the token validation request message including the access token and a subject identifier associated with the data subject; when the lookup operation returns a valid and active stored access token, validate the access token; and transmit a token validation response message to the service provider computing device, the token validation response message including an indication that the access token was successfully validated.  In the framework of Samet it is mainly the Revocation Server that handles the user requests.  However, the PHR framework consists of multiples entities including a storage provider.  A storage provider, provides a service to the system thus it can also be interpreted as a service provider.  For claim 5, the service provider of claim 1 would now be interpreted as the storage server to align it with the fact that claim 5 requires the service provider to send a token validation request message. The storage server provides the encrypted files to authorized users (section III-A).  All of the servers/services of the PHR framework are programmed for protecting the encrypted data.  Blakesley teaches receiving a token validation request message from the service provider computing device (Fig. 1, 136), the token validation request message including the access token and a subject identifier associated with the data subject [has the token]; when the lookup operation returns a valid and active stored access token, validate the access token (Fig. 1, 140); and transmitting a token validation response message to the service provider computing device, the token validation response message including an indication that the access token was successfully validated (Fig. 1, 142).  In the system of Blakesley, the service provider is sent the token of the requesting user, at the time of a service request, which was previously issued by account server 204.  This offloads the account server/Revocation server from having to provide the service/data to the users.  It also functions to provide a scalable system that can accommodate many types of services or storage locations.  By checking the token at the time of requesting service, the system can still check the ARL before releasing any encrypted data.  This modification to Samet would decrease the load at the Revocation Server because it would no longer have to receive or handle the ciphertext supplied with the request in Fig. 9.  Implementing parts of services at different entities in the network does not yield any unpredictable results. Shifting some of the processing to the storage service is within the ordinary capabilities of one skilled in the art.  The outcome is the same.  The Revocation Server would still deny access to the user if the token is linked to a user that is either on the revocation list or has had attributes removed.  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.  
As per claims 6 and 17 they are rejected for the same reasons as claims 5 and 15.  A secure manager, as an extremely broad term, is not distinguishable from a service provider.
As per claim 7, the combined system of Samet and Blakesley teach would teach the response message includes instructions that cause the secure manager (Storage provider of Samet; Service provider of Blakesley) to transmit the sensitive data to the service provider computer device.  This term was mapped to an authorized doctor seeking a patient’s file via a computer in claim 1.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
USP 20210281409 teaches token generation where a user can select which PII is included.
USP 20200311299 teaches an entity requests PII from the user that has already been collected and securely stored, the user can provide permission to release that PII by providing the access token.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431